def user_add(): title = "Add user" base = request.args.get('base') if not base: base = "OU=People,%s" % g.ldap['dn'] form = UserAdd(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('displayName', form.display_name), ('sAMAccountName', form.user_name), ('mail', form.mail), (None, form.password), (None, form.password_confirm), ('userAccountControl', form.uac_flags)] form.visible_fields = [field[1] for field in field_mapping] form.uac_flags.choices = [(key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if value[1]] if form.validate_on_submit(): try: # Default attributes upn = "%s@%s" % (form.user_name.data, g.ldap['domain']) attributes = {'objectClass': "user", 'UserPrincipalName': upn, 'accountExpires': "0", 'lockoutTime': "0"} for attribute, field in field_mapping: if attribute == 'userAccountControl': current_uac = 512 for key, flag in (LDAP_AD_USERACCOUNTCONTROL_VALUES .items()): if flag[1] and key in field.data: current_uac += key attributes[attribute] = str(current_uac) elif attribute and field.data: attributes[attribute] = field.data ldap_create_entry("cn=%s,%s" % (form.user_name.data, base), attributes) ldap_change_password(None, form.password.data, form.user_name.data) flash("User successfully created.", "success") return redirect(url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") return render_template("forms/basicform.html", form=form, title=title, action="Add user", parent=url_for('user_add'))
def user_edit_profile(username): title = "Edit user" if not ldap_user_exists(username=username): abort(404) user = ldap_get_user(username=username) form = UserProfileEdit(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('displayName', form.display_name), ('sAMAccountName', form.user_name), ('mail', form.mail), ('userAccountControl', form.uac_flags)] form.uac_flags.choices = [(key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if value[1]] form.visible_fields = [field[1] for field in field_mapping] if form.validate_on_submit(): try: for attribute, field in field_mapping: value = field.data if value != user.get(attribute): if attribute == 'sAMAccountName': # Rename the account ldap_update_attribute(user['distinguishedName'], "sAMAccountName", value) ldap_update_attribute(user['distinguishedName'], "userPrincipalName", "%s@%s" % (value, g.ldap['domain'])) # Finish by renaming the whole record ldap_update_attribute(user['distinguishedName'], "cn", value) user = ldap_get_user(value) elif attribute == 'userAccountControl': current_uac = user['userAccountControl'] for key, flag in (LDAP_AD_USERACCOUNTCONTROL_VALUES .items()): if not flag[1]: continue if key in value: if not current_uac & key: current_uac += key else: if current_uac & key: current_uac -= key ldap_update_attribute(user['distinguishedName'], attribute, str(current_uac)) else: ldap_update_attribute(user['distinguishedName'], attribute, value) flash("Profile successfully updated.", "success") return redirect(url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") if not form.is_submitted(): form.first_name.data = user.get('givenName') form.last_name.data = user.get('sn') form.display_name.data = user.get('displayName') form.user_name.data = user.get('sAMAccountName') form.mail.data = user.get('mail') form.uac_flags.data = [key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if (flag[1] and user['userAccountControl'] & key)] return render_template("forms/basicform.html", form=form, title=title, action="Save changes", parent=url_for('user_overview', username=username))
def user_add(): title = "Add user" base = request.args.get('base') if not base: base = "OU=People,%s" % g.ldap['dn'] form = UserAdd(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('displayName', form.display_name), ('sAMAccountName', form.user_name), ('mail', form.mail), (None, form.password), (None, form.password_confirm), ('userAccountControl', form.uac_flags)] form.visible_fields = [field[1] for field in field_mapping] form.uac_flags.choices = [ (key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if value[1] ] if form.validate_on_submit(): try: # Default attributes upn = "%s@%s" % (form.user_name.data, g.ldap['domain']) attributes = { 'objectClass': "user", 'UserPrincipalName': upn, 'accountExpires': "0", 'lockoutTime': "0" } for attribute, field in field_mapping: if attribute == 'userAccountControl': current_uac = 512 for key, flag in ( LDAP_AD_USERACCOUNTCONTROL_VALUES.items()): if flag[1] and key in field.data: current_uac += key attributes[attribute] = str(current_uac) elif attribute and field.data: attributes[attribute] = field.data ldap_create_entry("cn=%s,%s" % (form.user_name.data, base), attributes) ldap_change_password(None, form.password.data, form.user_name.data) flash("User successfully created.", "success") return redirect( url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") return render_template("forms/basicform.html", form=form, title=title, action="Add user", parent=url_for('user_add'))
def user_edit_profile(username): title = "Edit user" if not ldap_user_exists(username=username): abort(404) user = ldap_get_user(username=username) form = UserProfileEdit(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('displayName', form.display_name), ('sAMAccountName', form.user_name), ('mail', form.mail), ('userAccountControl', form.uac_flags)] form.uac_flags.choices = [ (key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if value[1] ] form.visible_fields = [field[1] for field in field_mapping] if form.validate_on_submit(): try: for attribute, field in field_mapping: value = field.data if value != user.get(attribute): if attribute == 'sAMAccountName': # Rename the account ldap_update_attribute(user['distinguishedName'], "sAMAccountName", value) ldap_update_attribute( user['distinguishedName'], "userPrincipalName", "%s@%s" % (value, g.ldap['domain'])) # Finish by renaming the whole record ldap_update_attribute(user['distinguishedName'], "cn", value) user = ldap_get_user(value) elif attribute == 'userAccountControl': current_uac = user['userAccountControl'] for key, flag in ( LDAP_AD_USERACCOUNTCONTROL_VALUES.items()): if not flag[1]: continue if key in value: if not current_uac & key: current_uac += key else: if current_uac & key: current_uac -= key ldap_update_attribute(user['distinguishedName'], attribute, str(current_uac)) else: ldap_update_attribute(user['distinguishedName'], attribute, value) flash("Profile successfully updated.", "success") return redirect( url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") if not form.is_submitted(): form.first_name.data = user.get('givenName') form.last_name.data = user.get('sn') form.display_name.data = user.get('displayName') form.user_name.data = user.get('sAMAccountName') form.mail.data = user.get('mail') form.uac_flags.data = [ key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if (flag[1] and user['userAccountControl'] & key) ] return render_template("forms/basicform.html", form=form, title=title, action="Save changes", parent=url_for('user_overview', username=username))
def user_edit_profile(username): title = "Edit user" if not ldap_user_exists(username=username): abort(404) user = ldap_get_user(username=username) form = UserProfileEdit(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('sAMAccountName', form.user_name), ('mail', form.mail), ('userAccountControl', form.uac_flags)] form.uac_flags.choices = [ (key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() ] form.visible_fields = [field[1] for field in field_mapping] if form.validate_on_submit(): try: for attribute, field in field_mapping: value = field.data given_name = user.get('givenName') last_name = user.get('lastName') if value != user.get(attribute): if attribute == 'sAMAccountName': # Rename the account ldap_update_attribute(user['distinguishedName'], "sAMAccountName", value) ldap_update_attribute( user['distinguishedName'], "userPrincipalName", "%s@%s" % (value, g.ldap['domain'])) # Finish by renaming the whole record # TODO: refactor this to use rename_s instead of update # ldap_update_attribute(user['distinguishedName'], "cn", value) user = ldap_get_user(value) elif attribute == 'userAccountControl': current_uac = 512 for key, flag in ( LDAP_AD_USERACCOUNTCONTROL_VALUES.items()): if flag[1] and key in field.data: current_uac += key ldap_update_attribute(user['distinguishedName'], attribute, str(current_uac)) elif attribute == 'givenName': given_name = value ldap_update_attribute(user['distinguishedName'], attribute, value) displayName = given_name + ' ' + last_name ldap_update_attribute(user['distinguishedName'], 'displayName', displayName) elif attribute == 'sn': last_name = value ldap_update_attribute(user['distinguishedName'], attribute, value) displayName = given_name + ' ' + last_name ldap_update_attribute(user['distinguishedName'], 'displayName', displayName) else: ldap_update_attribute(user['distinguishedName'], attribute, value) flash(u"Profile updated successfully.", "success") return redirect( url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: e = dict(e.args[0]) flash(e['info'], "error") elif form.errors: flash(u"Data validation failed.", "error") if not form.is_submitted(): form.first_name.data = user.get('givenName') form.last_name.data = user.get('sn') form.user_name.data = user.get('sAMAccountName') form.mail.data = user.get('mail') form.uac_flags.data = [ key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if (flag[1] and user['userAccountControl'] & key) ] return render_template("forms/basicform.html", form=form, title=title, action="Save changes", parent=url_for('user_overview', username=username))
def user_add(): title = "Add User" if g.extra_fields: form = UserAddExtraFields(request.form) else: form = UserAdd(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('sAMAccountName', form.user_name), ('mail', form.mail), (None, form.password), (None, form.password_confirm), ('userAccountControl', form.uac_flags)] if g.extra_fields: extra_field_mapping = [('cUJAEPersonExternal', form.manual), ('cUJAEPersonType', form.person_type), ('cUJAEPersonDNI', form.dni)] field_mapping += extra_field_mapping form.visible_fields = [field[1] for field in field_mapping] form.uac_flags.choices = [ (key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() ] if form.validate_on_submit(): try: base = request.args.get("b'base") base = base.rstrip("'") # Default attributes upn = "%s@%s" % (form.user_name.data, g.ldap['domain']) attributes = { 'objectClass': [ b'top', b'person', b'organizationalPerson', b'user', b'inetOrgPerson' ], 'UserPrincipalName': [upn.encode('utf-8')], 'accountExpires': [b"0"], 'lockoutTime': [b"0"], } for attribute, field in field_mapping: if attribute == 'userAccountControl': current_uac = 512 for key, flag in ( LDAP_AD_USERACCOUNTCONTROL_VALUES.items()): if flag[1] and key in field.data: current_uac += key attributes[attribute] = [ str(current_uac).encode('utf-8') ] elif attribute and field.data: if isinstance(field, BooleanField): if field.data: attributes[attribute] = 'TRUE'.encode('utf-8') else: attributes[attribute] = 'FALSE'.encode('utf-8') else: attributes[attribute] = [ field.data.encode('utf-8') ] if 'sn' in attributes: attributes['displayName'] = attributes['givenName'][ 0].decode('utf-8') + " " + attributes['sn'][0].decode( 'utf-8') attributes['displayName'] = [ attributes['displayName'].encode('utf-8') ] else: attributes['displayName'] = attributes['givenName'] ldap_create_entry("cn=%s,%s" % (form.user_name.data, base), attributes) ldap_change_password(None, form.password.data, form.user_name.data) flash(u"User created successfully.", "success") return redirect( url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: e = dict(e.args[0]) flash(e['info'], "error") elif form.errors: print(form.errors) flash("Some fields failed validation.", "error") return render_template("forms/basicform.html", form=form, title=title, action="Adicionar Usuario", parent=url_for('tree_base'))