示例#1
0
    def _validate_subject_dn_data(self, subject_dn):
        """Confirm that the subject_dn contains valid data

        Validate that the subject_dn string parses without error
        If not, raise InvalidSubjectDN
        """
        try:
            parse_dn(subject_dn)
        except ldap_exceptions.LDAPInvalidDnError:
            raise exception.InvalidSubjectDN(subject_dn=subject_dn)
示例#2
0
    def _validate_subject_dn_data(self, subject_dn):
        """Confirm that the subject_dn contains valid data

        Validate that the subject_dn string parses without error
        If not, raise InvalidSubjectDN
        """
        try:
            parse_dn(subject_dn)
        except ldap_exceptions.LDAPInvalidDnError:
            raise exception.InvalidSubjectDN(subject_dn=subject_dn)
示例#3
0
    def authenticate(self,
                     username,
                     password,
                     attribute=None,
                     base_dn=None,
                     search_filter=None,
                     search_scope=SUBTREE):
        '''Attempts to bind a user to the LDAP server.

        Args:
            username (str): DN or the username to attempt to bind with.
            password (str): The password of the username.
            attribute (str): The LDAP attribute for the username.
            base_dn (str): The LDAP basedn to search on.
            search_filter (str): LDAP searchfilter to attempt the user
                search with.

        Returns:
            bool: ``True`` if successful or ``False`` if the
                credentials are invalid.
        '''
        # If the username is no valid DN we can bind with, we need to find
        # the user first.
        valid_dn = False

        try:
            parse_dn(username)
            valid_dn = True
        except LDAPInvalidDnError:
            pass

        if valid_dn is False:
            user_filter = '({0}={1})'.format(attribute, username)
            if search_filter is not None:
                user_filter = '(&{0}{1})'.format(user_filter, search_filter)

            try:
                self.connection.search(base_dn,
                                       user_filter,
                                       search_scope,
                                       attributes=[attribute])
                response = self.connection.response
                username = response[0]['dn']
            except (LDAPInvalidDnError, LDAPInvalidFilterError, IndexError):
                return False

        try:
            conn = self.connect(username, password)
            conn.unbind()
            return True
        except LDAPBindError:
            return False
示例#4
0
def doc_id_from_dn(dn):
    parsed_dn = dnutils.parse_dn(dn)
    doc_id = parsed_dn[0][1]

    if doc_id == "jans":
        doc_id = "_"
    return doc_id
示例#5
0
    def _handle_move_object(self, param):
        """
        Moves an arbitrary object within the
        directory to a new OU.
        """
        action_result = self.add_action_result(ActionResult(dict(param)))
        summary = action_result.update_summary({})
        ar_data = {}

        obj = param['object']
        new_ou = param['new_ou']

        if not self._ldap_bind():
            return RetVal(action_result.set_status(phantom.APP_ERROR))

        try:
            cn = '='.join(parse_dn(obj)[0][:-1])
            res = self._ldap_connection.modify_dn(obj, cn, new_superior=new_ou)
            if not res:
                return RetVal(
                    action_result.set_status(
                        phantom.APP_ERROR,
                        self._ldap_connection.result,
                    ))
            summary["moved"] = True
            ar_data["source_object"] = obj
            ar_data["destination_container"] = new_ou
        except Exception as e:
            return RetVal(
                action_result.set_status(phantom.APP_ERROR, "", exception=e))
示例#6
0
    def test_module(self):
        """
            Basic test connection and validation of the Ldap integration.
        """
        build_number = get_demisto_version().get('buildNumber', LdapClient.DEV_BUILD_NUMBER)
        self._get_formatted_custom_attributes()

        if build_number != LdapClient.DEV_BUILD_NUMBER \
                and LdapClient.SUPPORTED_BUILD_NUMBER > int(build_number):
            raise Exception(f'OpenLDAP integration is supported from build number: {LdapClient.SUPPORTED_BUILD_NUMBER}')

        try:
            parse_dn(self._username)
        except LDAPInvalidDnError:
            raise Exception("Invalid credentials input. Credentials must be full DN.")
        self.authenticate_ldap_user(username=self._username, password=self._password)
        demisto.results('ok')
示例#7
0
def user_get_groups(attributes):
    """Retrieve the group membership

    :param attributes: LDAP attributes for user
    :returns: List -- A list of groups that the user is a member of
    """
    groups = attributes.get('memberOf', [])
    group_dns = [dn.parse_dn(g) for g in groups]
    return [x[0][1] for x in group_dns if x[1] == ('OU', 'Groups', ',')]
示例#8
0
文件: ldap.py 项目: agh/anchor
def user_get_groups(attributes):
    """Retrieve the group membership

    :param attributes: LDAP attributes for user
    :returns: List -- A list of groups that the user is a member of
    """
    groups = attributes.get('memberOf', [])
    group_dns = [dn.parse_dn(g) for g in groups]
    return [x[0][1] for x in group_dns if x[1] == ('OU', 'Groups', ',')]
示例#9
0
    def get_rootdn(self, dn):
        dn_parsed = dnutils.parse_dn(dn)
        dn_parsed.pop(0)
        dnl=[]

        for dnp in dn_parsed:
            dnl.append('='.join(dnp[:2]))

        return ','.join(dnl)
示例#10
0
 def formatGroupsHtml(self, grouplist):
     outcache = []
     for group in grouplist:
         cn = self.unescapecn(dn.parse_dn(group)[0][1])
         outcache.append(
             u'<a href="%s.html#cn_%s" title="%s">%s</a>' %
             (self.config.users_by_group, quote_plus(self.formatId(cn)),
              self.htmlescape(group), self.htmlescape(cn)))
     return ', '.join(outcache)
示例#11
0
 def formatGroupsGrep(self, grouplist):
     outcache = []
     for group in grouplist:
         try:
             cn = self.unescapecn(dn.parse_dn(group)[0][1])
         except LDAPInvalidDnError:
             # Parsing failed, do it manually
             cn = self.unescapecn(self.parseDnFallback(group))
         outcache.append(cn)
     return ', '.join(outcache)
示例#12
0
 def formatGroupsHtml(self, grouplist):
     outcache = []
     for group in grouplist:
         try:
             cn = self.unescapecn(dn.parse_dn(group)[0][1])
         except LDAPInvalidDnError:
             # Parsing failed, do it manually
             cn = self.unescapecn(self.parseDnFallback(group))
         outcache.append('<a href="%s.html#cn_%s" title="%s">%s</a>' % (self.config.users_by_group, quote_plus(self.formatId(cn)), self.htmlescape(group), self.htmlescape(cn)))
     return ', '.join(outcache)
示例#13
0
 def formatGroupsGrep(self, grouplist):
     outcache = []
     for group in grouplist:
         try:
             cn = self.unescapecn(dn.parse_dn(group)[0][1])
         except LDAPInvalidDnError:
             # Parsing failed, do it manually
             cn = self.unescapecn(self.parseDnFallback(group))
         outcache.append(cn)
     return ', '.join(outcache)
示例#14
0
 def formatGroupsHtml(self, grouplist):
     outcache = []
     for group in grouplist:
         try:
             cn = self.unescapecn(dn.parse_dn(group)[0][1])
         except LDAPInvalidDnError:
             # Parsing failed, do it manually
             cn = self.unescapecn(self.parseDnFallback(group))
         outcache.append(
             '<a href="%s.html#cn_%s" title="%s">%s</a>' %
             (self.config.users_by_group, quote_plus(self.formatId(cn)),
              self.htmlescape(group), self.htmlescape(cn)))
     return ', '.join(outcache)
示例#15
0
文件: manager.py 项目: cuulee/ldap2pg
def get_ldap_attribute(entry, attribute):
    path = attribute.split('.')
    values = entry.entry_attributes_as_dict[path[0]]
    path = path[1:]
    for value in values:
        if path:
            dn = parse_dn(value)
            value = dict()
            for type_, name, _ in dn:
                names = value.setdefault(type_, [])
                names.append(name)
            logger.debug("Parsed DN: %s", value)
            value = value[path[0]][0]
        yield value
示例#16
0
    def _dn_to_path(dn):
        """Split DN into top-down normalized node names."""

        path = []
        rdn = []

        for component in parse_dn(dn):
            rdn.append(component[0] + "=" + component[1])

            if component[2] != "+":
                path.append( "+".join(sorted(rdn)) )
                rdn.clear()

        return reversed(path)
示例#17
0
def get_key_from(dn):
    dns = []
    for rd in dnutils.parse_dn(dn):

        if rd[0] == 'o' and rd[1] == 'jans':
            continue
        dns.append(rd[1])

    dns.reverse()
    key = '_'.join(dns)

    if not key:
        key = '_'

    return key
示例#18
0
    def _is_valid_dn(dn: str, user_identifier_attribute: str) -> Tuple[bool, str]:
        """
            Validates whether given input is valid ldap DN. Returns flag indicator and user's identifier value from DN.
        """
        try:
            parsed_dn = parse_dn(dn, strip=False)
            for attribute_and_value in parsed_dn:
                if attribute_and_value[0].lower() == user_identifier_attribute.lower():
                    return True, attribute_and_value[1]

            raise Exception(f'OpenLDAP {user_identifier_attribute} attribute was not found in user DN : {dn}')
        except LDAPInvalidDnError as e:
            demisto.debug(f'OpenLDAP failed parsing DN with error: {str(e)}. Fallback for unique id activated')
            return False, dn
        except Exception:
            raise
示例#19
0
    def search(self,
               search_base,
               search_filter='(objectClass=*)',
               search_scope=ldap3.LEVEL):
        base.logIt("Searching database for dn {} with filter {}".format(
            search_base, search_filter))
        backend_location = self.get_backend_location_for_dn(search_base)

        if backend_location == BackendTypes.LDAP:
            if self.ldap_conn.search(search_base=search_base,
                                     search_filter=search_filter,
                                     search_scope=search_scope,
                                     attributes=['*']):
                key, document = ldif_utils.get_document_from_entry(
                    self.ldap_conn.response[0]['dn'],
                    self.ldap_conn.response[0]['attributes'])
                return document

        if backend_location == BackendTypes.COUCHBASE:
            key = ldif_utils.get_key_from(search_base)
            bucket = self.get_bucket_for_key(key)

            if search_scope == ldap3.BASE:
                n1ql = 'SELECT * FROM `{}` USE KEYS "{}"'.format(bucket, key)
            else:
                parsed_dn = dnutils.parse_dn(
                    search_filter.strip('(').strip(')'))
                attr = parsed_dn[0][0]
                val = parsed_dn[0][1]
                if '*' in val:
                    search_clause = 'LIKE "{}"'.format(val.replace('*', '%'))
                else:
                    search_clause = '="{}"'.format(val.replace('*', '%'))

                n1ql = 'SELECT * FROM `{}` WHERE `{}` {}'.format(
                    bucket, attr, search_clause)

            result = self.cbm.exec_query(n1ql)
            if result.ok:
                data = result.json()
                if data.get('results'):
                    return data['results'][0][bucket]
示例#20
0
 def authenticate(self, username, password):
     user_dn = self.user_pattern.format(username)
     try:
         conn = ldap3.Connection(self._server,
                                 user_dn,
                                 password,
                                 auto_bind=True)
     except ldap3.core.exceptions.LDAPException as e:
         logger.warn('Failed to bind to LDAP: {}'.format(e))
         return False
     attrs = [self.email_attr]
     if self.require_groups:
         attrs.append(self.member_attr)
     try:
         conn.search(conn.user,
                     '(objectClass=*)',
                     search_scope=ldap3.BASE,
                     attributes=attrs)
     except ldap3.core.exceptions.LDAPException as e:
         logger.warn('Failed to read LDAP attributes: {}'.format(e))
         return False
     result = conn.entries[0]
     if self.require_groups:
         granted = False
         for membership in getattr(result, self.member_attr).values:
             try:
                 rdns = parse_dn(membership)
             except ldap3.core.exceptions.LDAPInvalidDnError:
                 group = membership
             else:
                 group = rdns[0][1]
             if group.lower() in self.require_groups:
                 granted = True
                 break
         if not granted:
             logger.info('{} not in any required groups'.format(username))
             return False
     return {
         'username': username.lower(),
         'email': getattr(result, self.email_attr).values[0]
     }
示例#21
0
    def __init__(self, DN, settings, keysize=None, sign_ca=Ellipsis, **kwargs):
        if keysize is None:
            keysize = current_app.config['RSA_KEYSIZE']

        key = rsa.generate_private_key(public_exponent=65537,
                                       key_size=keysize,
                                       backend=default_backend())
        self.private_key = key.private_bytes(
            encoding=serialization.Encoding.DER,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption(),
        )

        name_parts = parse_dn(DN)
        subject = x509.Name([
            x509.NameAttribute(X509_NAME_MAP[e[0]], e[1]) for e in name_parts
        ])

        extras = dict(kwargs)
        if sign_ca is Ellipsis:  # Self-Sign
            base = _CERTIFICATE_SETTINGS_SELFSIGN(x509.CertificateBuilder(),
                                                  subject=subject)
            sign_cb = lambda a: a.sign(key, hashes.SHA256(), default_backend())
            status = CertificateStatus.ACTIVE
        elif sign_ca is None:  # CSR
            base = x509.CertificateRequestBuilder()
            sign_cb = lambda a: a.sign(key, hashes.SHA256(), default_backend())
            status = CertificateStatus.REQUEST
        else:
            base = x509.CertificateBuilder()
            sign_cb = lambda a: sign_ca.sign_certificate(
                a.serial_number(extras['serial_number']))
            status = CertificateStatus.ACTIVE

        certificate = sign_cb(
            settings(base, subject=subject, key=key, **extras))
        self.certificate = certificate.public_bytes(serialization.Encoding.DER)

        print(self.prettyPrint())
示例#22
0
def dn_to_domain(dn):
    return '.'.join(i[1] for i in parse_dn(dn))
示例#23
0
def dn_to_domain(dn):
    return '.'.join(i[1] for i in parse_dn(dn))
示例#24
0
                s = a
            else:
                s = mapping['attribute'][a]

            new_entry[s] = entry[a]

    new_entry['objectClass'] = []

    for oc in entry.get('objectClass', []):
        if oc in mapped_json['exclude']['objectClass']:
            continue
        nn = mapping['objectClass'].get(oc, oc)
        new_entry['objectClass'].append(nn)

    new_dn_list = []
    for dne in dnutils.parse_dn(dn):
        k = dne[0]
        for ot in mapping:
            for e in mapping[ot]:
                if dne[0] == e:
                    k = mapping[ot][e]
                    break
        new_val = [k, dne[1]]

        for dnc in dn_coversions:
            if dnc[0] == dne[0] and dnc[1] == dne[1]:
                new_val[1] = dnc[2]

        new_dn_list.append('='.join(new_val))

    new_dn = ','.join(new_dn_list)
def test_server_configuration(load_test_server_yaml) -> UDMServer:  # pragma: no cover
    """
    Get data of server used to run tests.

    :raises: BadTestServerConfig
    :raises: NoTestServerConfig
    """
    print(f"Trying to load test server config from {TEST_SERVER_YAML_FILENAME}...")
    try:
        res = load_test_server_yaml()
        _test_a_server_configuration(res)
    except FileNotFoundError:
        print(f"File not found: {TEST_SERVER_YAML_FILENAME}.")
    except TypeError as exc:
        raise BadTestServerConfig(
            f"Error in {TEST_SERVER_YAML_FILENAME}: {exc!s}"
        ) from exc
    except udm_rest_client.exceptions.APICommunicationError as exc:
        raise BadTestServerConfig(
            f"Error connecting to test server using credentials "
            f"from {TEST_SERVER_YAML_FILENAME}: [{exc.status}] {exc.reason}"
        ) from exc
    else:
        return res

    print(f"Trying to use running Docker container {TEST_DOCKER_CONTAINER_NAME!r}...")
    try:
        res = running_test_container()
        _test_a_server_configuration(res)
    except ContainerNotFound:
        print(f"Container not found: {TEST_DOCKER_CONTAINER_NAME}.")
    except ContainerIpUnknown as exc:
        raise BadTestServerConfig(str(exc)) from exc
    except udm_rest_client.exceptions.APICommunicationError as exc:
        raise BadTestServerConfig(
            "Error connecting to test server using credentials for Docker "
            "Docker container {TEST_DOCKER_CONTAINER_NAME!r}: [{exc.status}] {exc!s}"
        ) from exc
    else:
        return res

    print("Trying to use load test server config from environment...")
    try:
        res = UDMServer(
            host=os.environ["UCS_HOST"],
            username=parse_dn(os.environ["UCS_USERDN"])[0][1],
            user_dn=os.environ["UCS_USERDN"],
            password=os.environ["UCS_PASSWORD"],
        )
        _test_a_server_configuration(res)
    except (IndexError, KeyError):
        print("Test server config not found in environment.")
    except LDAPInvalidDnError as exc:
        raise BadTestServerConfig(
            f"Invalid DN in environment variable 'UCS_USERDN': {exc!s}"
        )
    except udm_rest_client.exceptions.APICommunicationError as exc:
        raise BadTestServerConfig(
            f"Error connecting to test server using credentials from the "
            f"environment: [{exc.status}] {exc.reason}"
        ) from exc
    else:
        return res

    raise NoTestServerConfig("No test server configuration found.")
示例#26
0
 def getGroupCnFromDn(self, dnin):
     cn = self.unescapecn(dn.parse_dn(dnin)[0][1])
     return cn
示例#27
0
def generate_properties(as_dict=False):

    setup_prop = {}

    default_storage = 'ldap'
    setup_prop['persistence_type'] = 'ldap'
    setup_prop['encode_salt'] = salt
    mappingLocations = {
        'default': 'ldap',
        'token': 'ldap',
        'cache': 'ldap',
        'user': '******',
        'site': 'ldap'
    }

    oxauth_file = '/opt/tomcat/webapps/oxauth.war'
    if not os.path.exists(oxauth_file):
        oxauth_file = '/opt/gluu/jetty/oxauth/webapps/oxauth.war'

    #Determine gluu version
    war_zip = zipfile.ZipFile(oxauth_file, 'r')
    menifest = war_zip.read('META-INF/MANIFEST.MF')

    for l in menifest.splitlines():
        ls = l.strip()
        if sys.version_info[0] > 2:
            ls = ls.decode('utf-8')
        n = ls.find(':')

        if ls[:n].strip() == 'Implementation-Version':
            gluu_version_str = ls[n + 1:].strip()
            gluu_version_list = gluu_version_str.split('.')

            if not gluu_version_list[-1].isdigit():
                gluu_version_list.pop(-1)

            gluu_version = '.'.join(gluu_version_list)

    if __name__ == '__main__':
        print("Current Gluu Version is determined as", gluu_version)

    gluu_3x = '.'.join(gluu_version.split('.')[:2]) < '4.0'

    if gluu_3x:
        ox_ldap_prop_file = '/opt/tomcat/conf/ox-ldap.properties'
        if not os.path.exists(ox_ldap_prop_file):
            ox_ldap_prop_file = '/etc/gluu/conf/ox-ldap.properties'
        gluu_ldap_prop = read_properties_file(ox_ldap_prop_file)
        oxauth_ConfigurationEntryDN = gluu_ldap_prop[
            'oxauth_ConfigurationEntryDN']
        oxtrust_ConfigurationEntryDN = gluu_ldap_prop[
            'oxtrust_ConfigurationEntryDN']
        oxidp_ConfigurationEntryDN = gluu_ldap_prop[
            'oxidp_ConfigurationEntryDN']
        gluu_ConfigurationDN = ','.join(
            oxauth_ConfigurationEntryDN.split(',')[2:])
        inum_org_str = oxauth_ConfigurationEntryDN.split(',')[2]
    else:
        gluu_prop = read_properties_file('/etc/gluu/conf/gluu.properties')
        setup_prop['persistence_type'] = gluu_prop['persistence.type']
        oxauth_ConfigurationEntryDN = gluu_prop['oxauth_ConfigurationEntryDN']
        oxtrust_ConfigurationEntryDN = gluu_prop[
            'oxtrust_ConfigurationEntryDN']
        oxidp_ConfigurationEntryDN = gluu_prop['oxidp_ConfigurationEntryDN']
        gluu_ConfigurationDN = 'ou=configuration,o=gluu'
        gluu_hybrid_properties_fn = '/etc/gluu/conf/gluu-hybrid.properties'

        if setup_prop['persistence_type'] == 'couchbase':
            mappingLocations = {
                'default': 'couchbase',
                'token': 'couchbase',
                'cache': 'couchbase',
                'user': '******',
                'site': 'couchbase'
            }
            default_storage = 'couchbase'

        if setup_prop['persistence_type'] in ('hybrid'):
            gluu_hybrid_properties = read_properties_file(
                gluu_hybrid_properties_fn)
            mappingLocations = {
                'default': gluu_hybrid_properties['storage.default']
            }
            storages = [
                storage.strip()
                for storage in gluu_hybrid_properties['storages'].split(',')
            ]

            for ml, m in (('user', 'people'), ('cache', 'cache'),
                          ('site', 'cache-refresh'), ('token', 'tokens')):
                for storage in storages:
                    if m in gluu_hybrid_properties.get(
                            'storage.{}.mapping'.format(storage), []):
                        mappingLocations[ml] = storage

            default_storage = mappingLocations['default']

        if setup_prop['persistence_type'] in ('ldap', 'hybrid'):

            gluu_ldap_prop_fn = '/etc/gluu/conf/gluu-ldap.properties'
            if os.path.exists(gluu_ldap_prop_fn):
                gluu_ldap_prop = read_properties_file(gluu_ldap_prop_fn)

        if setup_prop['persistence_type'] != 'ldap':
            gluu_cb_prop_fn = '/etc/gluu/conf/gluu-couchbase.properties'
            if os.path.exists(gluu_cb_prop_fn):
                gluu_cb_prop = read_properties_file(gluu_cb_prop_fn)

                setup_prop['couchebaseClusterAdmin'] = gluu_cb_prop[
                    'auth.userName']
                setup_prop['encoded_cb_password'] = gluu_cb_prop[
                    'auth.userPassword']
                setup_prop['cb_password'] = unobscure(
                    setup_prop['encoded_cb_password'])

                setup_prop['couchbase_bucket_prefix'] = gluu_cb_prop[
                    'bucket.default']

                setup_prop['couchbase_hostname'] = gluu_cb_prop[
                    'servers'].split(',')[0].strip()
                setup_prop['encoded_couchbaseTrustStorePass'] = gluu_cb_prop[
                    'ssl.trustStore.pin']
                setup_prop['couchbaseTrustStorePass'] = unobscure(
                    gluu_cb_prop['ssl.trustStore.pin'])

                if ((3, 0) <= sys.version_info <= (3, 9)):
                    from .cbm import CBM
                elif ((2, 0) <= sys.version_info <= (2, 9)):
                    from cbm import CBM

                cbm = CBM(setup_prop['couchbase_hostname'],
                          setup_prop['couchebaseClusterAdmin'],
                          setup_prop['cb_password'])
                cb_who = cbm.whoami()
                if cb_who.get('roles'):
                    for rd in cb_who['roles']:
                        for r in rd:
                            if r == 'role' and rd[r] == 'admin':
                                setup_prop['isCouchbaseUserAdmin'] = True
                                break

    if gluu_version < '4.1.0':
        jetty_services = {
            'oxauth': ('installOxAuth', 0.3, 0.7),
            'identity': ('installOxTrust', 0.2),
            'idp': ('installSaml', 0.2),
            'oxauth-rp': ('installOxAuthRP', 0.1),
            'passport': ('installPassport', 0.1),
        }
    else:
        jetty_services = {
            'oxauth': ('installOxAuth', 0.2, 0.7),
            'identity': ('installOxTrust', 0.25),
            'idp': ('installSaml', 0.25),
            'oxauth-rp': ('installOxAuthRP', 0.1),
            'casa': ('installCasa', 0.1),
            'passport': ('installPassport', 0.1),
        }

    if setup_prop['persistence_type'] != 'couchbase':
        setup_prop['ldap_binddn'] = gluu_ldap_prop['bindDN']
        setup_prop['ldapPass'] = unobscure(gluu_ldap_prop['bindPassword'])
        try:
            setup_prop['opendj_p12_pass'] = unobscure(
                gluu_ldap_prop['ssl.trustStorePin'])
        except:
            pass
        setup_prop['ldap_hostname'], setup_prop['ldaps_port'] = gluu_ldap_prop[
            'servers'].split(',')[0].split(':')

        ldap_server = ldap3.Server(setup_prop['ldap_hostname'],
                                   port=int(setup_prop['ldaps_port']),
                                   use_ssl=True)
        ldap_conn = ldap3.Connection(
            ldap_server,
            user=setup_prop['ldap_binddn'],
            password=setup_prop['ldapPass'],
        )

        ldap_conn.bind()

    if gluu_3x:
        ldap_conn.search(search_base='o=gluu',
                         search_scope=ldap3.LEVEL,
                         search_filter='(objectClass=*)',
                         attributes=['*'])
        result = ldap_conn.response
        for entry in result:
            if 'gluuOrganization' in entry['attributes']['objectClass']:
                inumOrg = entry['attributes']['o'][0]
                uma_rpt_policy_inum = '{}!0011!2DAF.F995'.format(inumOrg)
                scim_access_policy_inum = '{}!0011!2DAF-F9A5'.format(inumOrg)

    else:
        uma_rpt_policy_inum = '2DAF-F995'
        scim_access_policy_inum = '2DAF-F9A5'

        if default_storage == 'ldap':

            ldap_conn.search(search_base='ou=oxradius,ou=configuration,o=gluu',
                             search_scope=ldap3.BASE,
                             search_filter='(objectClass=*)',
                             attributes=['*'])
            result = ldap_conn.response
            if result:
                setup_prop['installGluuRadius'] = True

            ldap_conn.search(search_base='ou=clients,o=gluu',
                             search_scope=ldap3.SUBTREE,
                             search_filter='(inum=1701.*)',
                             attributes=['*'])
            result = ldap_conn.response

            if result:
                setup_prop['gluu_radius_client_id'] = result[0]['attributes'][
                    'inum'][0]
                setup_prop['gluu_ro_encoded_pw'] = result[0]['attributes'][
                    'oxAuthClientSecret'][0]
                setup_prop['gluu_ro_pw'] = unobscure(
                    setup_prop['gluu_ro_encoded_pw'])

            ldap_conn.search(search_base='inum=5866-4202,ou=scripts,o=gluu',
                             search_scope=ldap3.BASE,
                             search_filter='(objectClass=*)',
                             attributes=['oxEnabled'])
            result = ldap_conn.response
            if result and result[0]['attributes']['oxEnabled'][0]:
                setup_prop['enableRadiusScripts'] = True

            ldap_conn.search(search_base='ou=clients,o=gluu',
                             search_scope=ldap3.SUBTREE,
                             search_filter='(inum=1402.*)',
                             attributes=['inum'])
            result = ldap_conn.response
            if result:
                setup_prop['oxtrust_requesting_party_client_id'] = result[0][
                    'attributes']['inum'][0]

        elif default_storage == 'couchbase':
            n1ql = 'SELECT * from `{}` USE KEYS "configuration_oxradius"'.format(
                setup_prop['couchbase_bucket_prefix'])
            result = get_cb_result(cbm, n1ql)
            if result:
                setup_prop['installGluuRadius'] = True

            n1ql = 'SELECT inum from `{}` WHERE objectClass="oxAuthClient" AND inum LIKE "1701.%"'.format(
                setup_prop['couchbase_bucket_prefix'])
            result = get_cb_result(cbm, n1ql)
            if result:
                setup_prop['gluu_radius_client_id'] = str(result[0]['inum'])
                if 'oxAuthClientSecret' in result[0]:
                    setup_prop['gluu_ro_encoded_pw'] = str(
                        result[0]['oxAuthClientSecret'])
                    setup_prop['gluu_ro_pw'] = unobscure(
                        setup_prop['gluu_ro_encoded_pw'])

            n1ql = 'SELECT oxEnabled from `{}` USE KEYS "scripts_5866-4202"'.format(
                setup_prop['couchbase_bucket_prefix'])
            result = get_cb_result(cbm, n1ql)
            if result and result[0]['oxEnabled']:
                setup_prop['enableRadiusScripts'] = True

            n1ql = 'SELECT inum from `{}` WHERE objectClass="oxAuthClient" AND inum LIKE "1402.%"'.format(
                setup_prop['couchbase_bucket_prefix'])
            result = get_cb_result(cbm, n1ql)
            if result:
                setup_prop['oxtrust_requesting_party_client_id'] = str(
                    result[0]['inum'])

    admin_dn = None
    if mappingLocations['user'] == 'ldap':
        ldap_conn.search(search_base='o=gluu',
                         search_scope=ldap3.SUBTREE,
                         search_filter='(gluuGroupType=gluuManagerGroup)',
                         attributes=['member'])
        result = ldap_conn.response
        if result and result[0]['attributes'].get('member'):
            admin_dn = result[0]['attributes']['member'][0]

    if mappingLocations['user'] == 'couchbase':
        bucket = '{}_user'.format(setup_prop['couchbase_bucket_prefix'])
        n1ql = 'SELECT * from `{}` where objectClass="gluuGroup" and gluuGroupType="gluuManagerGroup"'.format(
            bucket)
        result = get_cb_result(cbm, n1ql)
        if result and result[0][bucket]['member']:
            admin_dn = result[0][bucket]['member'][0]

    if admin_dn:
        for rd in dnutils.parse_dn(admin_dn):
            if rd[0] == 'inum':
                setup_prop['admin_inum'] = str(rd[1])
                break

    oxTrustConfApplication = None
    oxConfApplication = None
    oxAuthConfDynamic = None
    oxAuthConfDynamic = None

    if default_storage == 'ldap':

        ldap_conn.search(search_base=gluu_ConfigurationDN,
                         search_scope=ldap3.BASE,
                         search_filter='(objectClass=*)',
                         attributes=['*'])
        result = ldap_conn.response
        if 'gluuIpAddress' in result[0]['attributes']:
            setup_prop['ip'] = str(result[0]['attributes']['gluuIpAddress'][0])

        try:
            oxCacheConfiguration = json.loads(
                result[0]['attributes']['oxCacheConfiguration'][0])
            setup_prop['cache_provider_type'] = str(
                oxCacheConfiguration['cacheProviderType'])
        except Exception as e:
            print("Error getting cache provider type", e)

        result = ldap_conn.search(
            search_base=oxidp_ConfigurationEntryDN,
            search_scope=ldap3.BASE,
            search_filter='(objectClass=oxApplicationConfiguration)',
            attributes=['oxConfApplication'])
        result = ldap_conn.response
        oxConfApplication = json.loads(
            result[0]['attributes']['oxConfApplication'][0])

        result = ldap_conn.search(
            search_base=oxauth_ConfigurationEntryDN,
            search_scope=ldap3.BASE,
            search_filter='(objectClass=oxAuthConfiguration)',
            attributes=['oxAuthConfDynamic'])
        result = ldap_conn.response
        oxAuthConfDynamic = json.loads(
            result[0]['attributes']['oxAuthConfDynamic'][0])

        result = ldap_conn.search(
            search_base=oxtrust_ConfigurationEntryDN,
            search_scope=ldap3.BASE,
            search_filter='(objectClass=oxTrustConfiguration)',
            attributes=['oxTrustConfApplication'])
        result = ldap_conn.response
        oxTrustConfApplication = json.loads(
            result[0]['attributes']['oxTrustConfApplication'][0])

    elif default_storage == 'couchbase':
        bucket = setup_prop['couchbase_bucket_prefix']

        s_key = get_key_from(gluu_ConfigurationDN)
        n1ql = 'SELECT * FROM `{}` USE KEYS "{}"'.format(format(bucket), s_key)
        result = get_cb_result(cbm, n1ql)
        if result:
            if 'gluuIpAddress' in result[0][bucket]:
                setup_prop['ip'] = str(result[0][bucket]['gluuIpAddress'])

            setup_prop['cache_provider_type'] = str(
                result[0][bucket]['oxCacheConfiguration']['cacheProviderType'])

        s_key = get_key_from(oxidp_ConfigurationEntryDN)
        n1ql = 'SELECT oxConfApplication FROM `{}` USE KEYS "{}"'.format(
            format(bucket), s_key)
        result = get_cb_result(cbm, n1ql)
        if result:
            oxConfApplication = result[0]['oxConfApplication']

        s_key = get_key_from(oxauth_ConfigurationEntryDN)
        n1ql = 'SELECT oxAuthConfDynamic FROM `{}` USE KEYS "{}"'.format(
            format(bucket), s_key)
        result = get_cb_result(cbm, n1ql)
        if result:
            oxAuthConfDynamic = result[0]['oxAuthConfDynamic']

        s_key = get_key_from(oxtrust_ConfigurationEntryDN)
        n1ql = 'SELECT oxTrustConfApplication FROM `{}` USE KEYS "{}"'.format(
            format(bucket), s_key)
        result = get_cb_result(cbm, n1ql)
        if result:
            oxTrustConfApplication = result[0]['oxTrustConfApplication']

    if oxTrustConfApplication:
        if 'apiUmaClientId' in oxTrustConfApplication:
            setup_prop['oxtrust_resource_server_client_id'] = str(
                oxTrustConfApplication['apiUmaClientId'])

        if 'apiUmaClientKeyStorePassword' in oxTrustConfApplication:
            setup_prop['api_rs_client_jks_pass'] = str(
                unobscure(
                    oxTrustConfApplication['apiUmaClientKeyStorePassword']))

        if 'apiUmaResourceId' in oxTrustConfApplication:
            setup_prop['oxtrust_resource_id'] = str(
                oxTrustConfApplication['apiUmaResourceId'])

        setup_prop['shibJksPass'] = str(
            unobscure(oxTrustConfApplication['idpSecurityKeyPassword']))
        setup_prop['admin_email'] = str(
            oxTrustConfApplication['orgSupportEmail'])
        if 'organizationName' in oxTrustConfApplication:
            setup_prop['orgName'] = str(
                oxTrustConfApplication['organizationName'])
        setup_prop['oxauth_client_id'] = str(
            oxTrustConfApplication['oxAuthClientId'])
        setup_prop['oxauthClient_pw'] = str(
            unobscure(oxTrustConfApplication['oxAuthClientPassword']))
        if 'scimUmaClientId' in oxTrustConfApplication:
            setup_prop['scim_rs_client_id'] = str(
                oxTrustConfApplication['scimUmaClientId'])
        if 'scimUmaClientId' in oxTrustConfApplication:
            setup_prop['scim_resource_oxid'] = str(
                oxTrustConfApplication['scimUmaResourceId'])
        if 'scimTestMode' in oxTrustConfApplication:
            setup_prop['scimTestMode'] = oxTrustConfApplication['scimTestMode']

        if 'apiUmaClientKeyStorePassword' in oxTrustConfApplication:
            setup_prop['api_rp_client_jks_pass'] = unobscure(
                oxTrustConfApplication['apiUmaClientKeyStorePassword'])
            setup_prop['api_rs_client_jks_fn'] = str(
                oxTrustConfApplication['apiUmaClientKeyStoreFile'])

        if 'scimUmaClientKeyStorePassword' in oxTrustConfApplication:
            setup_prop['scim_rs_client_jks_pass'] = unobscure(
                oxTrustConfApplication['scimUmaClientKeyStorePassword'])
            setup_prop['scim_rs_client_jks_fn'] = str(
                oxTrustConfApplication['scimUmaClientKeyStoreFile'])

    if oxConfApplication:
        setup_prop['idpClient_pw'] = str(
            unobscure(oxConfApplication['openIdClientPassword']))
        setup_prop['idp_client_id'] = str(oxConfApplication['openIdClientId'])

    if oxAuthConfDynamic:
        o_issuer = urlparse(oxAuthConfDynamic['issuer'])
        setup_prop['hostname'] = str(o_issuer.netloc)
        setup_prop[
            'oxauth_openidScopeBackwardCompatibility'] = oxAuthConfDynamic.get(
                'openidScopeBackwardCompatibility', False)
        if 'pairwiseCalculationSalt' in oxAuthConfDynamic:
            setup_prop['pairwiseCalculationSalt'] = str(
                oxAuthConfDynamic['pairwiseCalculationSalt'])
        if 'legacyIdTokenClaims' in oxAuthConfDynamic:
            setup_prop['oxauth_legacyIdTokenClaims'] = oxAuthConfDynamic[
                'legacyIdTokenClaims']
        if 'pairwiseCalculationKey' in oxAuthConfDynamic:
            setup_prop['pairwiseCalculationKey'] = str(
                oxAuthConfDynamic['pairwiseCalculationKey'])
        if 'keyStoreFile' in oxAuthConfDynamic:
            setup_prop['oxauth_openid_jks_fn'] = str(
                oxAuthConfDynamic['keyStoreFile'])
        if 'keyStoreSecret' in oxAuthConfDynamic:
            setup_prop['oxauth_openid_jks_pass'] = str(
                oxAuthConfDynamic['keyStoreSecret'])

    ssl_subj = get_ssl_subject('/etc/certs/httpd.crt')
    setup_prop['countryCode'] = ssl_subj['C']
    setup_prop['state'] = ssl_subj['ST']
    setup_prop['city'] = ssl_subj['L']
    setup_prop['city'] = ssl_subj['L']
    setup_prop['oxtrust_admin_password'] = setup_prop['ldapPass']

    if not 'orgName' in setup_prop:
        setup_prop['orgName'] = ssl_subj['O']

    for service in jetty_services:
        setup_prop[jetty_services[service][0]] = os.path.exists(
            '/opt/gluu/jetty/{0}/webapps/{0}.war'.format(service))

    if setup_prop['installSaml']:
        setup_prop['gluuSamlEnabled'] = True

    if os.path.exists('/opt/gluu/node/passport/server'):
        setup_prop['installPassport'] = True

    application_max_ram = 3072

    default_dir = '/etc/default'
    usedRatio = 0.001
    oxauth_max_heap_mem = 0

    for service in jetty_services:
        service_default_fn = os.path.join(default_dir, service)
        if os.path.exists(service_default_fn):
            usedRatio += jetty_services[service][1]
            if service == 'oxauth':
                service_prop = read_properties_file(service_default_fn)
                m = re.search('-Xmx(\d*)m', service_prop['JAVA_OPTIONS'])
                oxauth_max_heap_mem = int(m.groups()[0])

    if oxauth_max_heap_mem:
        ratioMultiplier = 1.0 + (1.0 - usedRatio) / usedRatio
        applicationMemory = oxauth_max_heap_mem / jetty_services['oxauth'][2]
        allowedRatio = jetty_services['oxauth'][1] * ratioMultiplier
        application_max_ram = int(round(applicationMemory / allowedRatio))

    setup_prop['application_max_ram'] = application_max_ram

    if os.path.exists(os.path.join(default_dir, 'gluu-radius')):
        setup_prop['gluuRadiusEnabled'] = True
        setup_prop['oxauth_openidScopeBackwardCompatibility'] = True

    setup_prop['os_type'] = os_type
    setup_prop['os_version'] = os_version

    https_gluu_fn = '/etc/httpd/conf.d/https_gluu.conf' if setup_prop[
        'os_type'] in (
            'red', 'fedora',
            'centos') else '/etc/apache2/sites-available/https_gluu.conf'
    setup_prop['installHTTPD'] = os.path.exists(https_gluu_fn)

    setup_prop['mappingLocations'] = mappingLocations

    asimba_xml = '/opt/tomcat/webapps/asimba/WEB-INF/conf/asimba.xml'
    if os.path.exists(asimba_xml):
        for l in open(asimba_xml):
            m = re.search('<password>(.*)</password>',
                          '<password>p49IXMHN06SL</password>')
            if m:
                setup_prop['asimbaJksPass'] = m.groups()[0]

    if not 'inumOrg' in setup_prop:
        setup_prop['inumOrg'] = setup_prop['admin_inum'].split('!0000!')[0]

    if not 'githubBranchName' in setup_prop:
        setup_prop['githubBranchName'] = 'version_' + gluu_version

    return setup_prop
示例#28
0
def _generate_csr_from_private_key(order_model, project_model):
    """Generate a CSR from the private key.

    :param: order_model - order for the request
    :param: project_model - project for this request
    :return: CSR (certificate signing request) in PEM format
    :raise: :class:`StoredKeyPrivateKeyNotFound` if private key not found
            :class:`StoredKeyContainerNotFound` if container not found
    """
    container_id, container = _get_container_from_order_meta(order_model,
                                                             project_model)

    if not container:
        raise excep.StoredKeyContainerNotFound(container_id)

    passphrase = None
    private_key = None

    for cs in container.container_secrets:
        secret_repo = repos.get_secret_repository()
        if cs.name == 'private_key':
            private_key_model = secret_repo.get(
                cs.secret_id,
                project_model.external_id)
            private_key = plugin.get_secret(
                'application/pkcs8',
                private_key_model,
                project_model)
        elif cs.name == 'private_key_passphrase':
            passphrase_model = secret_repo.get(
                cs.secret_id,
                project_model.external_id)
            passphrase = plugin.get_secret(
                'text/plain;charset=utf-8',
                passphrase_model,
                project_model)
            passphrase = str(passphrase)

    if not private_key:
        raise excep.StoredKeyPrivateKeyNotFound(container.id)

    if passphrase is None:
        pkey = crypto.load_privatekey(
            crypto.FILETYPE_PEM,
            private_key
        )
    else:
        pkey = crypto.load_privatekey(
            crypto.FILETYPE_PEM,
            private_key,
            passphrase.encode('utf-8')
        )

    subject_name = order_model.meta.get('subject_dn')
    subject_name_dns = parse_dn(subject_name)
    extensions = order_model.meta.get('extensions', None)

    req = crypto.X509Req()
    subj = req.get_subject()

    # Note: must iterate over the DNs in reverse order, or the resulting
    # subject name will be reversed.
    for ava in reversed(subject_name_dns):
        key, val, extra = ava
        setattr(subj, key.upper(), val)
    req.set_pubkey(pkey)
    if extensions:
        # TODO(alee-3) We need code here to parse the encoded extensions and
        # convert them into X509Extension objects.  This code will also be
        # used in the validation code.  Commenting out for now till we figure
        # out how to do this.
        # req.add_extensions(extensions)
        pass
    req.sign(pkey, 'sha256')

    csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
    return csr
示例#29
0
 def getGroupCnFromDn(self, dnin):
     cn = self.unescapecn(dn.parse_dn(dnin)[0][1])
     return cn
    def collect(self):
        print("Please wait while collectiong properties...")
        self.logIt("Previously installed instance. Collecting properties")
        salt_fn = os.path.join(Config.configFolder,'salt')
        if os.path.exists(salt_fn):
            salt_prop = base.read_properties_file(salt_fn)
            Config.encode_salt = salt_prop['encodeSalt']

        gluu_prop = base.read_properties_file(Config.gluu_properties_fn)
        Config.persistence_type = gluu_prop['persistence.type']
        oxauth_ConfigurationEntryDN = gluu_prop['oxauth_ConfigurationEntryDN']
        oxtrust_ConfigurationEntryDN = gluu_prop['oxtrust_ConfigurationEntryDN']
        oxidp_ConfigurationEntryDN = gluu_prop['oxidp_ConfigurationEntryDN']
        gluu_ConfigurationDN = 'ou=configuration,o=gluu'

        if Config.persistence_type == 'couchbase':
            Config.mappingLocations = { group: 'couchbase' for group in Config.couchbaseBucketDict }
            default_storage = 'couchbase'

        if Config.persistence_type != 'ldap' and os.path.exists(Config.gluuCouchebaseProperties):

            gluu_cb_prop = base.read_properties_file(Config.gluuCouchebaseProperties)

            Config.couchebaseClusterAdmin = gluu_cb_prop['auth.userName']
            Config.encoded_cb_password = gluu_cb_prop['auth.userPassword']
            Config.cb_password = self.unobscure(gluu_cb_prop['auth.userPassword'])
            Config.couchbase_bucket_prefix = gluu_cb_prop['bucket.default']

            Config.couchbase_hostname = gluu_cb_prop['servers'].split(',')[0].strip()
            Config.encoded_couchbaseTrustStorePass = gluu_cb_prop['ssl.trustStore.pin']
            Config.couchbaseTrustStorePass = self.unobscure(gluu_cb_prop['ssl.trustStore.pin'])

        if Config.persistence_type != 'couchbase' and os.path.exists(Config.ox_ldap_properties):
            gluu_ldap_prop = base.read_properties_file(Config.ox_ldap_properties)
            Config.ldap_binddn = gluu_ldap_prop['bindDN']
            Config.ldapPass = self.unobscure(gluu_ldap_prop['bindPassword'])
            Config.opendj_p12_pass = self.unobscure(gluu_ldap_prop['ssl.trustStorePin'])
            Config.ldap_hostname, Config.ldaps_port = gluu_ldap_prop['servers'].split(',')[0].split(':')


        if Config.persistence_type in ['hybrid']:
             gluu_hybrid_properties = base.read_properties_file(gluu_hybrid_properties_fn)
             Config.mappingLocations = {'default': gluu_hybrid_properties['storage.default']}
             storages = [ storage.strip() for storage in gluu_hybrid_properties['storages'].split(',') ]

             for ml, m in (('user', 'people'), ('cache', 'cache'), ('site', 'cache-refresh'), ('token', 'tokens')):
                 for storage in storages:
                     if m in gluu_hybrid_properties.get('storage.{}.mapping'.format(storage),[]):
                         Config.mappingLocations[ml] = storage

        if not Config.get('couchbase_bucket_prefix'):
            Config.couchbase_bucket_prefix = 'gluu'

        # It is time to bind database
        dbUtils.bind()

        result = dbUtils.search('ou=clients,o=gluu', search_filter='(inum=1701.*)', search_scope=ldap3.SUBTREE)

        if result:
            Config.gluu_radius_client_id = result['inum']
            Config.gluu_ro_encoded_pw = result['oxAuthClientSecret']
            Config.gluu_ro_pw = self.unobscure(Config.gluu_ro_encoded_pw)
    
            result = dbUtils.search('inum=5866-4202,ou=scripts,o=gluu', search_scope=ldap3.BASE)
            if result:
                Config.enableRadiusScripts = result['oxEnabled']

            result = dbUtils.search('ou=clients,o=gluu', search_filter='(inum=1402.*)', search_scope=ldap3.SUBTREE)
            if result:
                Config.oxtrust_requesting_party_client_id = result['inum']

        admin_dn = None
        result = dbUtils.search('o=gluu', search_filter='(gluuGroupType=gluuManagerGroup)', search_scope=ldap3.SUBTREE)
        if result:
            admin_dn = result['member'][0]


        if admin_dn:
            for rd in dnutils.parse_dn(admin_dn):
                if rd[0] == 'inum':
                    Config.admin_inum = str(rd[1])
                    break

        oxConfiguration = dbUtils.search(gluu_ConfigurationDN, search_scope=ldap3.BASE)
        if 'gluuIpAddress' in oxConfiguration:
            Config.ip = oxConfiguration['gluuIpAddress']

        oxCacheConfiguration = json.loads(oxConfiguration['oxCacheConfiguration'])
        Config.cache_provider_type = str(oxCacheConfiguration['cacheProviderType'])

        result = dbUtils.search(oxidp_ConfigurationEntryDN, search_filter='(objectClass=oxApplicationConfiguration)', search_scope=ldap3.BASE)

        if result:

            oxConfApplication = json.loads(result['oxConfApplication'])
            Config.idpClient_encoded_pw = oxConfApplication['openIdClientPassword']
            Config.idpClient_pw =  self.unobscure(Config.idpClient_encoded_pw)
            
            Config.idp_client_id =  oxConfApplication['openIdClientId']

            if 'openIdClientPassword' in oxConfApplication:
                Config.idpClient_pw =  self.unobscure(oxConfApplication['openIdClientPassword'])
            if 'openIdClientId' in oxConfApplication:
                Config.idp_client_id =  oxConfApplication['openIdClientId']

        dn_oxauth, oxAuthConfDynamic = dbUtils.get_oxAuthConfDynamic()
        dn_oxtrust, oxTrustConfApplication = dbUtils.get_oxTrustConfApplication()

        if 'apiUmaClientId' in oxTrustConfApplication:
            Config.oxtrust_resource_server_client_id =  oxTrustConfApplication['apiUmaClientId']


        if 'apiUmaClientKeyStorePassword' in oxTrustConfApplication:
            Config.api_rs_client_jks_pass = self.unobscure(oxTrustConfApplication['apiUmaClientKeyStorePassword'])

        if 'apiUmaResourceId' in oxTrustConfApplication:
            Config.oxtrust_resource_id =  oxTrustConfApplication['apiUmaResourceId']

        if 'idpSecurityKeyPassword' in oxTrustConfApplication:
            Config.encoded_shib_jks_pw = oxTrustConfApplication['idpSecurityKeyPassword']
            Config.shibJksPass =  self.unobscure(Config.encoded_shib_jks_pw)

        Config.admin_email =  oxTrustConfApplication['orgSupportEmail']

        if 'organizationName' in oxTrustConfApplication:
            Config.orgName =  oxTrustConfApplication['organizationName']

        Config.oxauth_client_id = oxTrustConfApplication['oxAuthClientId']
        Config.oxauthClient_pw = self.unobscure(oxTrustConfApplication['oxAuthClientPassword'])
        Config.oxauthClient_encoded_pw = oxTrustConfApplication['oxAuthClientPassword']

        Config.scim_rp_client_jks_pass = '******' # this is static

        if 'scimUmaClientId' in oxTrustConfApplication:
            Config.scim_rs_client_id =  oxTrustConfApplication['scimUmaClientId']

        if 'scimUmaClientId' in oxTrustConfApplication:
            Config.scim_resource_oxid =  oxTrustConfApplication['scimUmaResourceId']
        if 'scimTestMode' in oxTrustConfApplication:
            Config.scimTestMode =  oxTrustConfApplication['scimTestMode']

        if 'apiUmaClientKeyStorePassword' in oxTrustConfApplication:
            Config.api_rp_client_jks_pass = self.unobscure(oxTrustConfApplication['apiUmaClientKeyStorePassword'])
            Config.api_rs_client_jks_fn = oxTrustConfApplication['apiUmaClientKeyStoreFile']

        if 'scimUmaClientKeyStorePassword' in oxTrustConfApplication:
            Config.scim_rs_client_jks_pass = self.unobscure(oxTrustConfApplication['scimUmaClientKeyStorePassword'])
            Config.scim_rs_client_jks_fn = str(oxTrustConfApplication['scimUmaClientKeyStoreFile'])

        # Other clients
        client_var_id_list = (
                    ('scim_rp_client_id', '1202.'),
                    ('passport_rs_client_id', '1501.'),
                    ('passport_rp_client_id', '1502.'),
                    ('passport_rp_ii_client_id', '1503.'),
                    ('gluu_radius_client_id', '1701.'),
                    )
        self.check_clients(client_var_id_list)
        self.check_clients([('passport_resource_id', '1504.')])

        o_issuer = urlparse(oxAuthConfDynamic['issuer'])
        Config.hostname = str(o_issuer.netloc)

        Config.oxauth_openidScopeBackwardCompatibility =  oxAuthConfDynamic.get('openidScopeBackwardCompatibility', False)

        if 'pairwiseCalculationSalt' in oxAuthConfDynamic:
            Config.pairwiseCalculationSalt =  oxAuthConfDynamic['pairwiseCalculationSalt']
        if 'legacyIdTokenClaims' in oxAuthConfDynamic:
            Config.oxauth_legacyIdTokenClaims = oxAuthConfDynamic['legacyIdTokenClaims']
        if 'pairwiseCalculationKey' in oxAuthConfDynamic:
            Config.pairwiseCalculationKey = oxAuthConfDynamic['pairwiseCalculationKey']
        if 'keyStoreFile' in oxAuthConfDynamic:
            Config.oxauth_openid_jks_fn = oxAuthConfDynamic['keyStoreFile']
        if 'keyStoreSecret' in oxAuthConfDynamic:
            Config.oxauth_openid_jks_pass = oxAuthConfDynamic['keyStoreSecret']


        ssl_subj = self.get_ssl_subject('/etc/certs/httpd.crt')
        Config.countryCode = ssl_subj['C']
        Config.state = ssl_subj['ST']
        Config.city = ssl_subj['L']
        Config.city = ssl_subj['L']
         
         #this is not good, but there is no way to retreive password from ldap
        if not Config.get('oxtrust_admin_password'):
            if Config.get('ldapPass'):
                Config.oxtrust_admin_password = Config.ldapPass
            elif Config.get('cb_password'):
                Config.oxtrust_admin_password = Config.cb_password

        if not Config.get('orgName'):
            Config.orgName = ssl_subj['O']

        #for service in jetty_services:
        #    setup_prop[jetty_services[service][0]] = os.path.exists('/opt/gluu/jetty/{0}/webapps/{0}.war'.format(service))


        for s in ('gluuPassportEnabled', 'gluuRadiusEnabled', 'gluuSamlEnabled', 'gluuScimEnabled'):
            setattr(Config, s, oxConfiguration.get(s, False))

        application_max_ram = 3072

        default_dir = '/etc/default'
        usedRatio = 0.001
        oxauth_max_heap_mem = 0

        jetty_services = JettyInstaller.jetty_app_configuration

        for service in jetty_services:
            service_default_fn = os.path.join(default_dir, service)
            if os.path.exists(service_default_fn):
                usedRatio += jetty_services[service]['memory']['ratio']
                if service == 'oxauth':
                    service_prop = base.read_properties_file(service_default_fn)
                    m = re.search('-Xmx(\d*)m', service_prop['JAVA_OPTIONS'])
                    oxauth_max_heap_mem = int(m.groups()[0])

        if oxauth_max_heap_mem:
            ratioMultiplier = 1.0 + (1.0 - usedRatio)/usedRatio
            applicationMemory = oxauth_max_heap_mem / jetty_services['oxauth']['memory']['jvm_heap_ration']
            allowedRatio = jetty_services['oxauth']['memory']['ratio'] * ratioMultiplier
            application_max_ram = int(round(applicationMemory / allowedRatio))

        if Config.get('gluuRadiusEnabled'):
            Config.oxauth_openidScopeBackwardCompatibility = True

        Config.os_type = base.os_type
        Config.os_version = base.os_version

        if not Config.get('ip'):
            Config.ip = self.detect_ip()
示例#31
0
    def search(self, search_base, search_filter='(objectClass=*)', search_scope=ldap3.LEVEL, fetchmany=False):
        base.logIt("Searching database for dn {} with filter {}".format(search_base, search_filter))
        backend_location = self.get_backend_location_for_dn(search_base)

        if backend_location == BackendTypes.LDAP:
            if self.ldap_conn.search(search_base=search_base, search_filter=search_filter, search_scope=search_scope, attributes=['*']):
                if not fetchmany:
                    key, document = ldif_utils.get_document_from_entry(self.ldap_conn.response[0]['dn'], self.ldap_conn.response[0]['attributes'])
                    return document

                documents = []
                for result in self.ldap_conn.response:
                    key, document = ldif_utils.get_document_from_entry(result['dn'], result['attributes'])
                    documents.append((key, document))
                return documents

        if backend_location in (BackendTypes.MYSQL, BackendTypes.PGSQL, BackendTypes.SPANNER):
            if backend_location != BackendTypes.SPANNER and self.Base is None:
                self.rdm_automapper()

            s_table = None
            where_clause = ''
            search_list = []

            if '&' in search_filter:
                re_match = re.match('\(&\((.*?)=(.*?)\)\((.*?)=(.*?)\)', search_filter)
                if re_match:
                    re_list = re_match.groups()
                    search_list.append((re_list[0], re_list[1]))
                    search_list.append((re_list[2], re_list[3]))
            else:
                re_match = re.match('\((.*?)=(.*?)\)', search_filter)

                if re_match:
                    re_list = re_match.groups()
                    search_list.append((re_list[0], re_list[1]))


            for col, val in search_list:
                if col.lower() == 'objectclass':
                    s_table = val
                    break

            if not s_table:
                return

            if backend_location == BackendTypes.SPANNER:

                if fetchmany:
                    retVal = []
                else:
                    retVal = {}

                for col, val in search_list:
                    if val == '*':
                        continue
                    
                    if col.lower() == 'objectclass':
                        s_table = val
                    else:
                        val = val.replace('*', '%')
                        q_operator = 'LIKE' if '%' in val else '='
                        where_clause = 'AND {} {} "{}"'.format(col, q_operator, val)

                if not s_table:
                    return retVal

                if search_scope == ldap3.BASE:
                    dn_clause = 'dn = "{}"'.format(search_base)
                else:
                    dn_clause = 'dn LIKE "%{}"'.format(search_base)

                sql_cmd = 'SELECT * FROM {} WHERE ({}) {}'.format(s_table, dn_clause, where_clause)

                data = self.spanner.exec_sql(sql_cmd)
    
                if not data.get('rows'):
                    return retVal

                n = len(data['rows']) if fetchmany else 1
                for j in range(n):
                    row = data['rows'][j]
                    row_dict = {}

                    for i, field in enumerate(data['fields']):
                        val = row[i]
                        if val:
                            if field['type'] == 'INT64':
                                val = int(val)
                            row_dict[field['name']] = val
                    if fetchmany:
                        retVal.append(row_dict)
                    else:
                        retVal = row_dict
                        break

                return retVal

            sqlalchemy_table = self.Base.classes[s_table]
            sqlalchemyQueryObject = self.session.query(sqlalchemy_table)

            for col, val in search_list:
                if val == '*':
                    continue

                if col.lower() != 'objectclass':
                    val = val.replace('*', '%')
                    sqlalchemyCol = getattr(sqlalchemy_table, col)
                    if '%' in val:
                        sqlalchemyQueryObject = sqlalchemyQueryObject.filter(sqlalchemyCol.like(val))
                    else:
                        sqlalchemyQueryObject = sqlalchemyQueryObject.filter(sqlalchemyCol == val)

            if search_scope == ldap3.BASE:
                sqlalchemyQueryObject = sqlalchemyQueryObject.filter(sqlalchemy_table.dn == search_base)
            else:
                sqlalchemyQueryObject = sqlalchemyQueryObject.filter(sqlalchemy_table.dn.like('%'+search_base))

            if fetchmany:
                result = sqlalchemyQueryObject.all()
                return [ item.__dict__ for item in result ]

            else:
                result = sqlalchemyQueryObject.first()
                if result:
                    return result.__dict__


        if backend_location == BackendTypes.COUCHBASE:
            key = ldif_utils.get_key_from(search_base)
            bucket = self.get_bucket_for_key(key)

            if search_scope == ldap3.BASE:
                n1ql = 'SELECT * FROM `{}` USE KEYS "{}"'.format(bucket, key)
            else:

                if '&' in search_filter:
                    re_match = re.match('\(&\((.*?)\)\((.*?)\)\)', search_filter)
                    if re_match:
                        re_list = re_match.groups()
                        dn_to_parse = re_list[0] if 'objectclass' in re_list[1].lower() else re_list[1]
                else:
                    dn_to_parse = search_filter.strip('(').strip(')')

                parsed_dn = dnutils.parse_dn(dn_to_parse)
                attr = parsed_dn[0][0]
                val = parsed_dn[0][1]
                if '*' in val:
                    search_clause = 'LIKE "{}"'.format(val.replace('*', '%'))
                else:
                    search_clause = '="{}"'.format(val.replace('*', '%'))

                n1ql = 'SELECT * FROM `{}` WHERE `{}` {}'.format(bucket, attr, search_clause)

            result = self.cbm.exec_query(n1ql)
            if result.ok:
                data = result.json()
                if data.get('results'):
                    if fetchmany:
                        return [ item[bucket] for item in data['results'] ]
                    else:
                        return data['results'][0][bucket]
示例#32
0
    def import_ldif(self, ldif_files, bucket=None, force=None):

        base.logIt("Importing ldif file(s): {} ".format(', '.join(ldif_files)))

        sql_data_fn = os.path.join(Config.outputFolder, Config.rdbm_type, 'jans_data.sql')

        for ldif_fn in ldif_files:
            base.logIt("Importing entries from " + ldif_fn)
            parser = ldif_utils.myLdifParser(ldif_fn)
            parser.parse()

            for dn, entry in parser.entries:
                backend_location = force if force else self.get_backend_location_for_dn(dn)
                if backend_location == BackendTypes.LDAP:
                    if 'add' in  entry and 'changetype' in entry:
                        base.logIt("LDAP modify add dn:{} entry:{}".format(dn, dict(entry)))
                        change_attr = entry['add'][0]
                        ldap_operation_result = self.ldap_conn.modify(dn, {change_attr: [(ldap3.MODIFY_ADD, entry[change_attr])]})
                        self.log_ldap_result(ldap_operation_result)

                    elif 'replace' in  entry and 'changetype' in entry:
                        base.logIt("LDAP modify replace dn:{} entry:{}".format(dn, dict(entry)))
                        change_attr = entry['replace'][0]
                        ldap_operation_result = self.ldap_conn.modify(dn, {change_attr: [(ldap3.MODIFY_REPLACE, [entry[change_attr][0]])]})
                        self.log_ldap_result(ldap_operation_result)

                    elif not self.dn_exists(dn):
                        base.logIt("Adding LDAP dn:{} entry:{}".format(dn, dict(entry)))
                        ldap_operation_result = self.ldap_conn.add(dn, attributes=entry)
                        self.log_ldap_result(ldap_operation_result)

                elif backend_location in (BackendTypes.MYSQL, BackendTypes.PGSQL):
                    if self.Base is None:
                        self.rdm_automapper()

                    if 'add' in  entry and 'changetype' in entry:
                        attribute = entry['add'][0]
                        new_val = entry[attribute]
                        sqlalchObj = self.get_sqlalchObj_for_dn(dn)

                        if sqlalchObj:
                            if isinstance(sqlalchObj.__table__.columns[attribute].type, self.json_dialects_instance):
                                cur_val = copy.deepcopy(getattr(sqlalchObj, attribute))
                                for val_ in new_val:
                                    cur_val['v'].append(val_)
                                setattr(sqlalchObj, attribute, cur_val)
                            else:
                                setattr(sqlalchObj, attribute, new_val[0])

                            self.session.commit()

                        else:
                            base.logIt("Can't find current value for repmacement of {}".replace(str(entry)), True)
                            continue

                    elif 'replace' in entry and 'changetype' in entry:
                        attribute = entry['replace'][0]
                        new_val = self.get_rdbm_val(attribute, entry[attribute])
                        sqlalchObj = self.get_sqlalchObj_for_dn(dn)

                        if sqlalchObj:
                            setattr(sqlalchObj, attribute, new_val)
                            self.session.commit()
                        else:
                            base.logIt("Can't find current value for repmacement of {}".replace(str(entry)), True)
                            continue

                    else:
                        vals = {}
                        dn_parsed = dnutils.parse_dn(dn)
                        rdn_name = dn_parsed[0][0]
                        objectClass = entry.get('objectClass') or entry.get('objectclass')

                        if objectClass:
                            if 'top' in objectClass:
                                objectClass.remove('top')
                            if  len(objectClass) == 1 and objectClass[0].lower() == 'organizationalunit':
                                continue
                            objectClass = objectClass[-1]

                        vals['doc_id'] = dn_parsed[0][1]
                        vals['dn'] = dn
                        vals['objectClass'] = objectClass

                        #entry.pop(rdn_name)
                        if 'objectClass' in entry:
                            entry.pop('objectClass')
                        elif 'objectclass' in entry:
                            entry.pop('objectclass')

                        table_name = objectClass

                        if self.dn_exists_rdbm(dn, table_name):
                            base.logIt("DN {} exsits in {} skipping".format(dn, Config.rdbm_type))
                            continue

                        for lkey in entry:
                            vals[lkey] = self.get_rdbm_val(lkey, entry[lkey])

                        sqlalchCls = self.Base.classes[table_name]

                        for col in sqlalchCls.__table__.columns:
                            if isinstance(col.type, self.json_dialects_instance) and not col.name in vals:
                                vals[col.name] = {'v': []}

                        sqlalchObj = sqlalchCls()

                        for v in vals:
                            setattr(sqlalchObj, v, vals[v])

                        base.logIt("Adding {}".format(sqlalchObj.doc_id))
                        self.session.add(sqlalchObj)
                        self.session.commit()


                elif backend_location == BackendTypes.COUCHBASE:
                    if len(entry) < 3:
                        continue
                    key, document = ldif_utils.get_document_from_entry(dn, entry)
                    cur_bucket = bucket if bucket else self.get_bucket_for_dn(dn)
                    base.logIt("Addnig document {} to Couchebase bucket {}".format(key, cur_bucket))

                    n1ql_list = []

                    if 'changetype' in document:
                        if 'replace' in document:
                            attribute = document['replace']
                            n1ql_list.append('UPDATE `%s` USE KEYS "%s" SET `%s`=%s' % (cur_bucket, key, attribute, json.dumps(document[attribute])))
                        elif 'add' in document:
                            attribute = document['add']
                            result = self.check_attribute_exists(key, attribute)
                            data = document[attribute]
                            if result:
                                if isinstance(data, list):
                                    for d in data:
                                        n1ql_list.append('UPDATE `%s` USE KEYS "%s" SET `%s`=ARRAY_APPEND(`%s`, %s)' % (cur_bucket, key, attribute, attribute, json.dumps(d)))
                                else:
                                    n1ql_list.append('UPDATE `%s` USE KEYS "%s" SET `%s`=ARRAY_APPEND(`%s`, %s)' % (cur_bucket, key, attribute, attribute, json.dumps(data)))
                            else:
                                if attribute in attribDataTypes.listAttributes and not isinstance(data, list):
                                    data = [data]
                                n1ql_list.append('UPDATE `%s` USE KEYS "%s" SET `%s`=%s' % (cur_bucket, key, attribute, json.dumps(data)))
                    else:
                        for k in document:
                            try:
                                kdata = json.loads(document[k])
                                if isinstance(kdata, dict):
                                    document[k] = kdata
                            except:
                                pass

                        n1ql_list.append('UPSERT INTO `%s` (KEY, VALUE) VALUES ("%s", %s)' % (cur_bucket, key, json.dumps(document)))

                    for q in n1ql_list:
                        self.cbm.exec_query(q)
示例#33
0
 def get_doc_id_from_dn(self, dn):
     dn_parsed = dnutils.parse_dn(dn)
     return dn_parsed[0][1]
示例#34
0
    def import_ldif(self, ldif_files, bucket=None, force=None):

        base.logIt("Importing ldif file(s): {} ".format(', '.join(ldif_files)))

        sql_data_fn = os.path.join(Config.outputFolder, Config.rdbm_type, 'jans_data.sql')

        for ldif_fn in ldif_files:
            base.logIt("Importing entries from " + ldif_fn)
            parser = ldif_utils.myLdifParser(ldif_fn)
            parser.parse()

            for dn, entry in parser.entries:
                backend_location = force if force else self.get_backend_location_for_dn(dn)
                if backend_location == BackendTypes.LDAP:
                    if 'add' in  entry and 'changetype' in entry:
                        base.logIt("LDAP modify add dn:{} entry:{}".format(dn, dict(entry)))
                        change_attr = entry['add'][0]
                        ldap_operation_result = self.ldap_conn.modify(dn, {change_attr: [(ldap3.MODIFY_ADD, entry[change_attr])]})
                        self.log_ldap_result(ldap_operation_result)

                    elif 'replace' in  entry and 'changetype' in entry:
                        base.logIt("LDAP modify replace dn:{} entry:{}".format(dn, dict(entry)))
                        change_attr = entry['replace'][0]
                        ldap_operation_result = self.ldap_conn.modify(dn, {change_attr: [(ldap3.MODIFY_REPLACE, [entry[change_attr][0]])]})
                        self.log_ldap_result(ldap_operation_result)

                    elif not self.dn_exists(dn):
                        base.logIt("Adding LDAP dn:{} entry:{}".format(dn, dict(entry)))
                        ldap_operation_result = self.ldap_conn.add(dn, attributes=entry)
                        self.log_ldap_result(ldap_operation_result)

                elif backend_location in (BackendTypes.MYSQL, BackendTypes.PGSQL):
                    if self.Base is None:
                        self.rdm_automapper()

                    # TODO: inserting data to sub tables to be implemented for mysql and pgsql

                    if 'add' in  entry and 'changetype' in entry:
                        attribute = entry['add'][0]
                        new_val = entry[attribute]
                        sqlalchObj = self.get_sqlalchObj_for_dn(dn)

                        if sqlalchObj:
                            if isinstance(sqlalchObj.__table__.columns[attribute].type, self.json_dialects_instance):
                                cur_val = copy.deepcopy(getattr(sqlalchObj, attribute))
                                for val_ in new_val:
                                    cur_val['v'].append(val_)
                                setattr(sqlalchObj, attribute, cur_val)
                            else:
                                setattr(sqlalchObj, attribute, new_val[0])

                            self.session.commit()

                        else:
                            base.logIt("Can't find current value for repmacement of {}".replace(str(entry)), True)
                            continue

                    elif 'replace' in entry and 'changetype' in entry:
                        attribute = entry['replace'][0]
                        new_val = self.get_rdbm_val(attribute, entry[attribute])
                        sqlalchObj = self.get_sqlalchObj_for_dn(dn)

                        if sqlalchObj:
                            setattr(sqlalchObj, attribute, new_val)
                            self.session.commit()
                        else:
                            base.logIt("Can't find current value for repmacement of {}".replace(str(entry)), True)
                            continue

                    else:
                        vals = {}
                        dn_parsed = dnutils.parse_dn(dn)
                        rdn_name = dn_parsed[0][0]
                        objectClass = self.get_clean_objcet_class(entry)
                        if objectClass.lower() == 'organizationalunit':
                            continue

                        vals['doc_id'] = dn_parsed[0][1]
                        vals['dn'] = dn
                        vals['objectClass'] = objectClass

                        #entry.pop(rdn_name)
                        if 'objectClass' in entry:
                            entry.pop('objectClass')
                        elif 'objectclass' in entry:
                            entry.pop('objectclass')

                        table_name = objectClass

                        if self.dn_exists_rdbm(dn, table_name):
                            base.logIt("DN {} exsits in {} skipping".format(dn, Config.rdbm_type))
                            continue

                        for lkey in entry:
                            vals[lkey] = self.get_rdbm_val(lkey, entry[lkey])

                        sqlalchCls = self.Base.classes[table_name]

                        for col in sqlalchCls.__table__.columns:
                            if isinstance(col.type, self.json_dialects_instance) and not col.name in vals:
                                vals[col.name] = {'v': []}

                        sqlalchObj = sqlalchCls()

                        for v in vals:
                            setattr(sqlalchObj, v, vals[v])

                        base.logIt("Adding {}".format(sqlalchObj.doc_id))
                        self.session.add(sqlalchObj)
                        self.session.commit()


                elif backend_location == BackendTypes.SPANNER:

                    if 'add' in  entry and 'changetype' in entry:
                        table = self.get_spanner_table_for_dn(dn)
                        doc_id = self.get_doc_id_from_dn(dn)
                        change_attr = entry['add'][0]
                        if table:
                            doc_id = self.get_doc_id_from_dn(dn)

                            if self.in_subtable(table, change_attr):
                                sub_table = '{}_{}'.format(table, change_attr)
                                for subval in entry[change_attr]:
                                    typed_val = self.get_rdbm_val(change_attr, subval, rdbm_type='spanner')
                                    dict_doc_id = self.get_sha_digest(typed_val)
                                    self.spanner.insert_data(table=sub_table, columns=['doc_id', 'dict_doc_id', change_attr], values=[[doc_id, typed_val, typed_val]])

                            else:
                                data = self.spanner.exec_sql('SELECT {} FROM {} WHERE doc_id="{}"'.format(entry['add'][0], table, doc_id))
                                if data.get('rows'):
                                    cur_data = []

                                    if 'rows' in data and data['rows'] and data['rows'][0] and data['rows'][0][0]:
                                        cur_data = data['rows'][0][0]
                                    
                                    for cur_val in entry[change_attr]:
                                        typed_val = self.get_rdbm_val(change_attr, cur_val, rdbm_type='spanner')
                                        cur_data.append(typed_val)

                                self.spanner.update_data(table=table, columns=['doc_id', change_attr], values=[[doc_id, cur_data]])

                    elif 'replace' in entry and 'changetype' in entry:
                        table = self.get_spanner_table_for_dn(dn)
                        doc_id = self.get_doc_id_from_dn(dn)
                        replace_attr = entry['replace'][0]
                        typed_val = self.get_rdbm_val(replace_attr, entry[replace_attr], rdbm_type='spanner')

                        if self.in_subtable(table, replace_attr):
                            sub_table = '{}_{}'.format(table, replace_attr)
                            # TODO: how to replace ?
                            #for subval in typed_val:
                            #    self.spanner.update_data(table=sub_table, columns=['doc_id', replace_attr], values=[[doc_id, subval]])
                        else:
                            self.spanner.update_data(table=table, columns=['doc_id', replace_attr], values=[[doc_id, typed_val]])

                    else:
                        vals = {}
                        dn_parsed = dnutils.parse_dn(dn)
                        rdn_name = dn_parsed[0][0]
                        objectClass = objectClass = self.get_clean_objcet_class(entry)
                        if objectClass.lower() == 'organizationalunit':
                            continue

                        doc_id = dn_parsed[0][1]
                        vals['doc_id'] = doc_id
                        vals['dn'] = dn
                        vals['objectClass'] = objectClass

                        if 'objectClass' in entry:
                            entry.pop('objectClass')
                        elif 'objectclass' in entry:
                            entry.pop('objectclass')

                        table_name = objectClass

                        subtable_data = []

                        for lkey in entry:
                            spanner_vals = self.get_rdbm_val(lkey, entry[lkey], rdbm_type='spanner')
                            if not self.in_subtable(table_name, lkey):
                                vals[lkey] = spanner_vals
                            else:
                                sub_table = '{}_{}'.format(table_name, lkey)
                                sub_table_columns = ['doc_id', 'dict_doc_id', lkey]
                                sub_table_values = []
                                for subtableval in spanner_vals:
                                    dict_doc_id = self.get_sha_digest(subtableval)
                                    sub_table_values.append([doc_id, dict_doc_id, subtableval])
                                subtable_data.append((sub_table, sub_table_columns, sub_table_values))

                        columns = [ *vals.keys() ]
                        values = [ vals[lkey] for lkey in columns ]

                        self.spanner.insert_data(table=table_name, columns=columns, values=[values])

                        for sdata in subtable_data:
                            self.spanner.insert_data(table=sdata[0], columns=sdata[1], values=sdata[2])

                elif backend_location == BackendTypes.COUCHBASE:
                    if len(entry) < 3:
                        continue
                    key, document = ldif_utils.get_document_from_entry(dn, entry)
                    cur_bucket = bucket if bucket else self.get_bucket_for_dn(dn)
                    base.logIt("Addnig document {} to Couchebase bucket {}".format(key, cur_bucket))

                    n1ql_list = []

                    if 'changetype' in document:
                        if 'replace' in document:
                            attribute = document['replace']
                            n1ql_list.append('UPDATE `%s` USE KEYS "%s" SET `%s`=%s' % (cur_bucket, key, attribute, json.dumps(document[attribute])))
                        elif 'add' in document:
                            attribute = document['add']
                            result = self.check_attribute_exists(key, attribute)
                            data = document[attribute]
                            if result:
                                if isinstance(data, list):
                                    for d in data:
                                        n1ql_list.append('UPDATE `%s` USE KEYS "%s" SET `%s`=ARRAY_APPEND(`%s`, %s)' % (cur_bucket, key, attribute, attribute, json.dumps(d)))
                                else:
                                    n1ql_list.append('UPDATE `%s` USE KEYS "%s" SET `%s`=ARRAY_APPEND(`%s`, %s)' % (cur_bucket, key, attribute, attribute, json.dumps(data)))
                            else:
                                if attribute in attribDataTypes.listAttributes and not isinstance(data, list):
                                    data = [data]
                                n1ql_list.append('UPDATE `%s` USE KEYS "%s" SET `%s`=%s' % (cur_bucket, key, attribute, json.dumps(data)))
                    else:
                        for k in document:
                            try:
                                kdata = json.loads(document[k])
                                if isinstance(kdata, dict):
                                    document[k] = kdata
                            except:
                                pass

                        n1ql_list.append('UPSERT INTO `%s` (KEY, VALUE) VALUES ("%s", %s)' % (cur_bucket, key, json.dumps(document)))

                    for q in n1ql_list:
                        self.cbm.exec_query(q)
示例#35
0
 def formatGroupsGrep(self, grouplist):
     outcache = []
     for group in grouplist:
         cn = self.unescapecn(dn.parse_dn(group)[0][1])
         outcache.append(cn)
     return ', '.join(outcache)