def test_read_entry_with_attribute_from_auxiliary_class(self): if test_server_type != 'AD': w = Writer(self.connection, 'inetorgperson', auxiliary_class='homeInfo') n = w.new('cn=' + testcase_id + 'new-3,' + test_base) n.sn = 'sn-test-3' n.homeState = 'state-test-3' self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES) n.entry_commit_changes() self.assertEqual(n.sn, 'sn-test-3') self.assertEqual(n.homeState, 'state-test-3') self.assertEqual(n.entry_status, STATUS_COMMITTED) r = Reader(self.connection, 'inetorgperson', test_base, '(cn=' + testcase_id + 'new-3', auxiliary_class='homeInfo') r.search() self.assertTrue(r[0].cn, testcase_id + 'new-3') self.assertTrue(r[0].homeState, testcase_id + 'state-test-3') w1 = Writer.from_cursor(r) w1[0].entry_delete() w1.commit()
def delete(self): ldap_server = Server(host=self.server.server_host, port=self.server.server_port, use_ssl=self.server.start_tls, get_info=ALL) connection = Connection(server=ldap_server, user=self.server.admin_username, password=self.server.admin_password, raise_exceptions=True, authentication=NTLM) connection.bind() query = 'cn: {}'.format(self.group.name, ) cursor_reader = Reader(connection, self.obj, self.server.search_base, query=query) cursor_reader.search() cursor_writer = Writer.from_cursor(cursor_reader) if cursor_reader.entries: ldap_group = cursor_writer[0] ldap_group.entry_delete() ldap_group.entry_commit_changes() connection.unbind()
def reset_password(self): ldap_server = Server(host=self.server.server_host, port=self.server.server_port, use_ssl=self.server.start_tls, get_info=ALL) connection = Connection(server=ldap_server, user=self.server.admin_username, password=self.server.admin_password, raise_exceptions=True, authentication=NTLM) connection.bind() cursor_reader = Reader(connection, self.person, self.server.search_base, query=self.query) cursor_reader.search() cursor_writer = Writer.from_cursor(cursor_reader) if cursor_reader.entries: ldap_user = cursor_writer[0] self._reset_password(connection, ldap_user) ldap_user.entry_commit_changes() connection.unbind()
def process_outbound_entry(queue_entry, ldap_connection): """ Processes queue_entry and apply changes to the LDAP user/group. Args: queue_entry: (dict) A outbound_queue table entry. The mandatory keys in the dict are: { "data": (dict containing current state of LDAP object) "data_type": (str) } ldap_connection: (ldap Connection object) A bound ldap connection object. Returns: write_confirmation: (bool) Returns True if a change to LDAP occurred, returns False if no LDAP changes occurred """ distinguished_name = get_distinguished_name(queue_entry) data_type = queue_entry["data_type"] if data_type == "group": sawtooth_entry_filtered = outbound_group_filter(queue_entry["data"], "ldap") elif data_type == "user": # Outbound AD user changes is currently not supported return False object_def = ObjectDef(data_type, ldap_connection) reader_cursor = Reader(ldap_connection, object_def, distinguished_name) reader_cursor.search() writer_cursor = Writer.from_cursor(reader_cursor) if reader_cursor.entries: LOGGER.debug("Updating AD %s: %s", data_type, distinguished_name) validated_entry = validate_update_entry(sawtooth_entry_filtered, data_type) # Grab current state of user/group in LDAP ldap_resource = writer_cursor[0] # Update AD user/group for ad_attribute in validated_entry: ldap_current_value = ldap_resource[ad_attribute].value if ad_attribute != "distinguishedName" and validated_entry[ad_attribute]: # Convert member list to list if value is a string if ad_attribute == "member" and isinstance(ldap_current_value, str): ldap_current_value = [ldap_current_value] # Sort lists for comparison if isinstance(ldap_current_value, list): ldap_current_value.sort() validated_entry[ad_attribute].sort() if ldap_current_value != validated_entry[ad_attribute]: ldap_resource[ad_attribute] = validated_entry[ad_attribute] return ldap_resource.entry_commit_changes() LOGGER.debug("AD %s %s was not found.", data_type, distinguished_name) return False
def test_modify_entry_with_attrdef_with_friendly_name(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'new-9', attributes={test_multivalued_attribute: testcase_id + 'friendly-attr-name-1'})) a = AttrDef(name=test_multivalued_attribute, key='myname') o = ObjectDef('inetorgperson') o += a r = Reader(self.connection, o, test_base, 'myname:=' + testcase_id + 'friendly*') r.search() self.assertTrue(r[0].myname, testcase_id + 'friendly-attr-name-1') w = Writer.from_cursor(r) e = w[0] e.myname += 'xyz' w.commit() self.assertTrue('xyz' in e.myname)
def save(self): ldap_server = Server(host=self.server.server_host, port=self.server.server_port, use_ssl=self.server.start_tls, get_info=ALL) connection = Connection(server=ldap_server, user=self.server.admin_username, password=self.server.admin_password, raise_exceptions=True, authentication=NTLM) connection.bind() query = 'cn: {}'.format(self.group.name, ) cursor_reader = Reader(connection, self.obj, self.server.search_base, query=query) cursor_reader.search() cursor_writer = Writer.from_cursor(cursor_reader) if cursor_reader.entries: ldap_group = cursor_writer[0] else: ldap_group = cursor_writer.new( dn="CN={},{}".format(self.group.name, self.server.search_base)) ldap_group.cn = self.group.name ldap_group.slug_name = self.group.name if self.group.service_type == 'security': ldap_group.type = -2147483646 elif self.group.service_type == 'area': ldap_group.type = -2147483646 ldap_group.flags = 25 else: ldap_group.type = 2 #ldap_group.email = self.group.email ldap_group.email_canonical = self.group.email.strip().split("@")[0] ldap_group.entry_commit_changes() connection.unbind()
print(8, conn.last_error) conn.modify('cn=b.smith,ou=moved,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', {'sn': [(MODIFY_REPLACE, ['Smith'])]}) print(9, conn.last_error) conn.modify('cn=b.smith,ou=moved,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', {'sn': [(MODIFY_ADD, ['Young', 'Johnson']), (MODIFY_DELETE, ['Smith'])], 'givenname': [(MODIFY_REPLACE, ['Mary', 'Jane'])]}) print(10, conn.last_error) conn.modify_dn('cn=b.smith,ou=moved,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', 'cn=b.smith', new_superior='ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org') print(11, conn.last_error) conn.modify('cn=b.smith,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', {'sn': [(MODIFY_DELETE, ['Johnson'])], 'givenname': [(MODIFY_REPLACE, ['Beatrix'])]}) print(12, conn.last_error) conn.modify_dn('cn=b.smith,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', 'cn=b.young') print(13, conn.last_error) conn.add('cn=m.johnson,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', 'inetOrgPerson', {'givenName': 'Mary Ann', 'sn': 'Johnson', 'departmentNumber': 'DEV', 'telephoneNumber': 2222}) print(14, conn.last_error) conn.add('cn=q.gray,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', 'inetOrgPerson', {'givenName': 'Quentin', 'sn': 'Gray', 'departmentNumber': 'QA', 'telephoneNumber': 3333}) print(15, conn.last_error) obj_person = ObjectDef('inetOrgPerson', conn) r = Reader(conn, obj_person, 'ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org') r.search() print(r) w = Writer.from_cursor(r) print(w) print(w[0]) e = w[0] print(e.entry_dn) print(e.entry_attributes) print(e.entry_attributes_as_dict) print(e.entry_mandatory_attributes) print(e.entry_to_ldif()) print(e.entry_to_json(include_empty=False))
def save(self): ldap_server = Server(host=self.server.server_host, port=self.server.server_port, use_ssl=self.server.start_tls, get_info=ALL) connection = Connection(server=ldap_server, user=self.server.admin_username, password=self.server.admin_password, raise_exceptions=True, authentication=NTLM) connection.bind() cursor_reader = Reader(connection, self.person, self.server.search_base, query=self.query) cursor_reader.search() cursor_writer = Writer.from_cursor(cursor_reader) if cursor_reader.entries: ldap_user = cursor_writer[0] else: ldap_user = cursor_writer.new(dn="CN={},{}".format( self.user.get_full_name(), self.server.search_base)) ldap_user.cn = self.user.get_full_name() ldap_user.username = self.user.username[:20] ldap_user.logon = "{}@{}".format(self.user.username, self.server.domain) ldap_user.entry_commit_changes() self._reset_password(connection, ldap_user) if self.user.status == "active": self._activate_user(connection, ldap_user) else: self._deactivate_user(connection, ldap_user) ldap_user.first_name = self.user.first_name ldap_user.last_name = self.user.last_name ldap_user.full_name = self.user.get_full_name() if self.user.email: ldap_user.email = self.user.email ldap_user.email_canonical = self.user.email.strip().split("@")[0] if self.user.email_domain: ldap_user.email_domain = self.user.email_domain if str(self.user.email_buzon_size): ldap_user.email_buzon_size = self.user.email_buzon_size * 1024 * 1024 if str(self.user.email_message_size): ldap_user.email_message_size = self.user.email_message_size if self.user.internet_domain: ldap_user.internet_domain = self.user.internet_domain if self.user.internet_quota_type: ldap_user.internet_quota_type = self.user.internet_quota_type if str(self.user.internet_quota_size): ldap_user.internet_quota_size = self.user.internet_quota_size if str(self.user.internet_extra_quota_size): ldap_user.internet_extra_quota_size = self.user.internet_extra_quota_size if self.user.ftp_folder: ldap_user.ftp_folder = self.user.ftp_folder if str(self.user.ftp_size): ldap_user.ftp_size = self.user.ftp_size ldap_user.entry_commit_changes() groups = [] for service in self.user.services.all(): service.ldap_save() groups.append("CN={},{}".format(service.name, self.server.search_base)) for distribution_list in self.user.distribution_list.all(): distribution_list.ldap_save() groups.append("CN={},{}".format(distribution_list.name, self.server.search_base)) if self.user.area: self.user.area.ldap_save() groups.append("CN={},{}".format(self.user.area.name, self.server.search_base)) connection.extend.microsoft.remove_members_from_groups( ldap_user.entry_dn, ldap_user.groups.values) connection.extend.microsoft.add_members_to_groups( ldap_user.entry_dn, groups) connection.unbind()