def _addMember(self, member):
'''Add a new user'''
member.uidNumber = self.getHighestUidNumber()
member.generateUserSID()
mod_attrs = []
mod_attrs.append(('objectclass', ['posixAccount', 'organizationalPerson', 'inetOrgPerson', 'shadowAccount', 'top', 'samsePerson', 'sambaSamAccount', 'ldapPublicKey', 'syn2catPerson']))
mod_attrs.append(('ou', ['People']))
for k in member.auto_update_vars:
mod_attrs.append(self.prepareVolatileAttribute(member, None, k))
for k in member.no_auto_update_vars:
if not k == 'jpegPhoto':
mod_attrs.append(self.prepareVolatileAttribute(member, None, k))
while None in mod_attrs:
mod_attrs.remove(None)
dn = 'uid=' + member.uid + ',' + Config.get('ldap', 'basedn_users')
dn = dn.encode('ascii', 'ignore')
result = self.ldapcon.add_s(dn, mod_attrs)
self.changeUserGroup(member.uid, Config.get('mematool', 'group_fullmember'), member.fullMember)
self.changeUserGroup(member.uid, Config.get('mematool', 'group_lockedmember'), member.lockedMember)
return result
def is_admin(self):
for g in Config.get('mematool', 'admin_group'):
if self.is_in_group(g):
return True
for u in Config.get('mematool', 'admin_user'):
if self.uid == u:
return True
return False
def is_admin(self):
for g in Config.get('mematool', 'admin_group'):
if self.is_in_group(g):
return True
for u in Config.get('mematool', 'admin_user'):
if self.uid == u:
return True
return False
def __init__(self, username=None, password=None):
""" Bind to server """
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
self.con = ldap.initialize(Config.get('ldap', 'server'))
try:
self.con.start_tls_s()
try:
binddn = 'uid=' + username + ',' + Config.get('ldap', 'basedn_users')
self.con.simple_bind_s(binddn, password)
except ldap.INVALID_CREDENTIALS:
raise InvalidCredentials()
except ldap.LDAPError, e:
raise ServerError(str(e))
def getDomainList(self):
result = self.ldapcon.search_s(Config.get('ldap', 'basedn'), ldap.SCOPE_SUBTREE, Config.get('ldap', 'domain_filter'), [Config.get('ldap', 'domain_filter_attrs')])
domains = []
for dn, attr in result:
for key, value in attr.iteritems():
if len(value) == 1:
domains.append(value[0])
else:
for i in value:
domains.append(i)
return domains
def __init__(self):
templateRoot = Config.get('mako', 'templateroot')
collectionSize = Config.get('mako', 'collectionsize')
outputEncoding = Config.get('mako', 'outputencoding')
self._mylookup = TemplateLookup(directories=[templateRoot],
module_directory=Config.basePath + '/tmp',
output_encoding=outputEncoding,
encoding_errors='replace',
imports=['from mematool.helpers.i18ntool import ugettext as _'])
self.ldapcon = None
self.sidebar = []
self.languages = Config.get('mematool', 'languages', [])
self._debug = Config.get_boolean('mematool', 'debug', False)
def __init__(self, username=None, password=None):
""" Bind to server """
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
self.con = ldap.initialize(Config.get('ldap', 'server'))
try:
self.con.start_tls_s()
try:
binddn = 'uid=' + username + ',' + Config.get(
'ldap', 'basedn_users')
self.con.simple_bind_s(binddn, password)
except ldap.INVALID_CREDENTIALS:
raise InvalidCredentials()
except ldap.LDAPError, e:
raise ServerError(str(e))
def __init__(self):
templateRoot = Config.get('mako', 'templateroot')
collectionSize = Config.get('mako', 'collectionsize')
outputEncoding = Config.get('mako', 'outputencoding')
self._mylookup = TemplateLookup(
directories=[templateRoot],
module_directory=Config.basePath + '/tmp',
output_encoding=outputEncoding,
encoding_errors='replace',
imports=['from mematool.helpers.i18ntool import ugettext as _'])
self.ldapcon = None
self.sidebar = []
self.languages = Config.get('mematool', 'languages', [])
self._debug = Config.get_boolean('mematool', 'debug', False)
def postValidationMail(self, member_id, member_mail, validated=True):
if validated:
validation_string = 'validated'
else:
validation_string = 'rejected'
# office e-mail
body = 'Hi,\n'
body += self.session[
'username'] + ' just ' + validation_string + ' the profile changes of the following member:\n'
body += member_id + '\n\n'
body += 'regards,\nMeMaTool'
to = '*****@*****.**'
subject = Config.get(
'mematool', 'name_prefix'
) + ' mematool - request for validation - ' + validation_string
self.sendMail(to, subject, body)
# user e-mail
body = 'Hi,\n'
body += 'The office has just ' + validation_string + ' your profile changes.\n'
body += 'If you don\'t agree with this decision, please contact them for more information.\n\n'
body += 'regards,\nMeMaTool on behalf of the office'
self.sendMail(member_mail, subject, body)
def addGroup(self, gid):
'''Add a new group'''
if super(LdapModelFactory, self).addGroup(gid):
gl = self.getGroupList()
if not gid in gl:
g = Group()
g.gid = gid
g.gidNumber = self.getHighestGidNumber()
mod_attrs = []
mod_attrs.append(('objectClass', ['top', 'posixGroup']))
mod_attrs.append(self.prepareVolatileAttribute(g, None, 'cn'))
mod_attrs.append(self.prepareVolatileAttribute(g, None, 'gidNumber'))
while None in mod_attrs:
mod_attrs.remove(None)
dn = 'cn=' + gid + ',' + Config.get('ldap', 'basedn_groups')
dn = dn.encode('ascii', 'ignore')
result = self.ldapcon.add_s(dn, mod_attrs)
if result is None:
return False
return True
return False
def deleteUser(self, uid):
filter_ = '(uid=' + uid + ')'
attrs = ['*']
basedn = 'uid=' + str(uid) + ',' + str(
Config.get('ldap', 'basedn_users'))
result = self.ldapcon.search_s(basedn, ldap.SCOPE_SUBTREE, filter_,
attrs)
if not result:
raise LookupError('No such user !')
# remove user from all groups
groups = self.getUserGroupList(uid)
for k in groups:
#print 'removing from group {0}'.format(k)
self.changeUserGroup(uid, k, False)
# try to auto-delete aliases
aliases = self.getMaildropList(uid)
for dn, attr in aliases.items():
if len(attr) > 1:
#print 'removing user {0} from alias {1}'.format(uid, dn)
self.deleteMaildrop(dn, uid)
else:
print 'can\'t remove user {0} from alias {1}'.format(uid, dn)
# finally, remove the user
result = self.ldapcon.delete_s(basedn)
def getGroup(self, gid):
''' Get a specific group'''
filter = '(cn=' + gid + ')'
attrs = ['*']
result = self.ldapcon.search_s(Config.get('ldap', 'basedn_groups'),
ldap.SCOPE_SUBTREE, filter, attrs)
if not result:
raise LookupError('No such group !')
g = Group()
g.users = []
for dn, attr in result:
for k, v in attr.iteritems():
if 'cn' in k:
k = 'gid'
if 'memberUid' in k:
for m in v:
g.users.append(m)
else:
v = v[0]
setattr(g, k, v)
return g
def addDomain(self, domain):
'''Add a new domain'''
dl = self.getDomainList()
if not domain in dl:
d = Domain()
d.dc = domain
mod_attrs = []
mod_attrs.append(('objectClass', ['top', 'domain', 'mailDomain']))
mod_attrs.append(self.prepareVolatileAttribute(d, None, 'dc'))
while None in mod_attrs:
mod_attrs.remove(None)
dn = 'dc=' + domain + ',' + Config.get('ldap', 'basedn')
dn = dn.encode('ascii', 'ignore')
result = self.ldapcon.add_s(dn, mod_attrs)
if result is None:
return False
return True
return False
def _updateMember(self, member, is_admin=True):
mod_attrs = []
om = self.getUser(member.uid)
if is_admin:
for k in member.auto_update_vars:
mod_attrs.append(self.prepareVolatileAttribute(member, om, k))
if member.userPassword and member.userPassword != '':
mod_attrs.append((ldap.MOD_REPLACE, 'userPassword', str(member.userPassword)))
if member.sambaNTPassword and member.sambaNTPassword != '':
mod_attrs.append((ldap.MOD_REPLACE, 'sambaNTPassword', str(member.sambaNTPassword)))
while None in mod_attrs:
mod_attrs.remove(None)
dn = 'uid={0},{1}'.format(member.uid, Config.get('ldap', 'basedn_users'))
result = self.ldapcon.modify_s(dn, mod_attrs)
diff = lambda l1,l2: [x for x in l1 if x not in l2]
to_disable_groups = diff(om.groups, member.groups)
to_enable_groups = diff(member.groups, om.groups)
for g in to_disable_groups:
self.changeUserGroup(member.uid, g, False)
for g in to_enable_groups:
self.changeUserGroup(member.uid, g, True)
print om.groups
print member.groups
return result
def edit(self):
c = TemplateContext()
c.heading = _('Edit preferences')
c.formDisabled = ''
try:
member = self.session.get('user')
c.member = member
pref = self.db.query(Preferences).filter(
Preferences.uidNumber == member.uidNumber).all()
c.language = 'en'
if len(pref) > 0:
for p in pref:
if p.key == 'language':
c.language = p.value
c.languages = Config.get('mematool', 'languages', ['en'])
return self.render('preferences/edit.mako', template_context=c)
except LookupError:
print 'Edit :: No such user !'
return 'ERROR 4x0'
def edit(self):
c = TemplateContext()
c.heading = _('Edit preferences')
c.formDisabled = ''
try:
member = self.session.get('user')
c.member = member
pref = self.db.query(Preferences).filter(Preferences.uidNumber == member.uidNumber).all()
c.language = 'en'
if len(pref) > 0:
for p in pref:
if p.key == 'language':
c.language = p.value
c.languages = Config.get('mematool', 'languages', ['en'])
return self.render('preferences/edit.mako', template_context=c)
except LookupError:
print 'Edit :: No such user !'
return 'ERROR 4x0'
def addDomain(self, domain):
'''Add a new domain'''
dl = self.getDomainList()
if not domain in dl:
d = Domain()
d.dc = domain
mod_attrs = []
mod_attrs.append(('objectClass', ['top', 'domain', 'mailDomain']))
mod_attrs.append(self.prepareVolatileAttribute(d, None, 'dc'))
while None in mod_attrs:
mod_attrs.remove(None)
dn = 'dc=' + domain + ',' + Config.get('ldap', 'basedn')
dn = dn.encode('ascii', 'ignore')
result = self.ldapcon.add_s(dn, mod_attrs)
if result is None:
return False
return True
return False
def deleteUser(self, uid):
filter_ = '(uid=' + uid + ')'
attrs = ['*']
basedn = 'uid=' + str(uid) + ',' + str(Config.get('ldap', 'basedn_users'))
result = self.ldapcon.search_s(basedn, ldap.SCOPE_SUBTREE, filter_, attrs)
if not result:
raise LookupError('No such user !')
# remove user from all groups
groups = self.getUserGroupList(uid)
for k in groups:
#print 'removing from group {0}'.format(k)
self.changeUserGroup(uid, k, False)
# try to auto-delete aliases
aliases = self.getMaildropList(uid)
for dn, attr in aliases.items():
if len(attr) > 1:
#print 'removing user {0} from alias {1}'.format(uid, dn)
self.deleteMaildrop(dn, uid)
else:
print 'can\'t remove user {0} from alias {1}'.format(uid, dn)
# finally, remove the user
result = self.ldapcon.delete_s(basedn)
def _updateMember(self, member, is_admin=True):
mod_attrs = []
om = self.getUser(member.uid)
if is_admin:
for k in member.auto_update_vars:
mod_attrs.append(self.prepareVolatileAttribute(member, om, k))
if member.userPassword and member.userPassword != '':
mod_attrs.append(
(ldap.MOD_REPLACE, 'userPassword', str(member.userPassword)))
if member.sambaNTPassword and member.sambaNTPassword != '':
mod_attrs.append((ldap.MOD_REPLACE, 'sambaNTPassword',
str(member.sambaNTPassword)))
while None in mod_attrs:
mod_attrs.remove(None)
dn = 'uid={0},{1}'.format(member.uid,
Config.get('ldap', 'basedn_users'))
result = self.ldapcon.modify_s(dn, mod_attrs)
diff = lambda l1, l2: [x for x in l1 if x not in l2]
to_disable_groups = diff(om.groups, member.groups)
to_enable_groups = diff(member.groups, om.groups)
for g in to_disable_groups:
self.changeUserGroup(member.uid, g, False)
for g in to_enable_groups:
self.changeUserGroup(member.uid, g, True)
print om.groups
print member.groups
return result
def is_in_vgroup(self, group):
if not group == '' and 'user' in self.session:
for vgroup in Config.get('mematool', 'vgroup_{0}'.format(group), []):
if vgroup in self.session.get('user').groups:
return True
return False
def addGroup(self, gid):
'''Add a new group'''
if super(LdapModelFactory, self).addGroup(gid):
gl = self.getGroupList()
if not gid in gl:
g = Group()
g.gid = gid
g.gidNumber = self.getHighestGidNumber()
mod_attrs = []
mod_attrs.append(('objectClass', ['top', 'posixGroup']))
mod_attrs.append(self.prepareVolatileAttribute(g, None, 'cn'))
mod_attrs.append(
self.prepareVolatileAttribute(g, None, 'gidNumber'))
while None in mod_attrs:
mod_attrs.remove(None)
dn = 'cn=' + gid + ',' + Config.get('ldap', 'basedn_groups')
dn = dn.encode('ascii', 'ignore')
result = self.ldapcon.add_s(dn, mod_attrs)
if result is None:
return False
return True
return False
def getGroup(self, gid):
''' Get a specific group'''
filter = '(cn=' + gid + ')'
attrs = ['*']
result = self.ldapcon.search_s(Config.get('ldap', 'basedn_groups'), ldap.SCOPE_SUBTREE, filter, attrs)
if not result:
raise LookupError('No such group !')
g = Group()
g.users = []
for dn, attr in result:
for k, v in attr.iteritems():
if 'cn' in k:
k = 'gid'
if 'memberUid' in k:
for m in v:
g.users.append(m)
else:
v = v[0]
setattr(g, k, v)
return g
def changeUserGroup(self, uid, group, status):
'''Change user/group membership'''
'''@TODO check and fwd return value'''
mod_attrs = []
result = ''
m = self.getUser(uid)
if status and not group in m.groups:
mod_attrs = [(ldap.MOD_ADD, 'memberUid',
uid.encode('ascii', 'ignore'))]
elif not status and group in m.groups:
mod_attrs = [(ldap.MOD_DELETE, 'memberUid',
uid.encode('ascii', 'ignore'))]
if len(mod_attrs) == 1:
try:
result = self.ldapcon.modify_s(
'cn=' + group.encode('ascii', 'ignore') + ',' +
Config.get('ldap', 'basedn_groups'), mod_attrs)
except (ldap.TYPE_OR_VALUE_EXISTS, ldap.NO_SUCH_ATTRIBUTE):
pass
except Exception as e:
# @todo: implement better handling
print e
pass
return result
def getDomainList(self):
result = self.ldapcon.search_s(
Config.get('ldap', 'basedn'), ldap.SCOPE_SUBTREE,
Config.get('ldap', 'domain_filter'),
[Config.get('ldap', 'domain_filter_attrs')])
domains = []
for dn, attr in result:
for key, value in attr.iteritems():
if len(value) == 1:
domains.append(value[0])
else:
for i in value:
domains.append(i)
return domains
def is_in_vgroup(self, group):
if not group == '' and 'user' in self.session:
for vgroup in Config.get('mematool', 'vgroup_{0}'.format(group),
[]):
if vgroup in self.session.get('user').groups:
return True
return False
def getActiveMemberList(self):
'''Get a list of members not belonging to the locked-members group'''
users = []
for u in self.getUserList():
if not self.isUserInGroup(u, Config.get('mematool', 'group_lockedmember')):
users.append(u)
return users
def setLang(self, lang):
if lang in Config.get('mematool', 'languages', []):
self.session['language'] = lang
self.session.save()
if 'user' in self.session:
raise HTTPRedirect('/profile/index')
raise HTTPRedirect('/')
def setLang(self, lang):
if lang in Config.get('mematool', 'languages', []):
self.session['language'] = lang
self.session.save()
if 'user' in self.session:
raise HTTPRedirect('/profile/index')
raise HTTPRedirect('/')
def getHighestGidNumber(self):
'''Get the highest used gid-number
this is used when adding a new group'''
result = self.ldapcon.search_s(
Config.get('ldap', 'basedn_groups'), ldap.SCOPE_SUBTREE,
Config.get('ldap',
'gid_filter'), [Config.get('ldap', 'gid_filter_attrs')])
gidNumber = -1
for dn, attr in result:
for key, value in attr.iteritems():
if int(value[0]) > gidNumber and int(value[0]) < 65000:
gidNumber = int(value[0])
gidNumber += 1
return str(gidNumber)
def doEditMember(self):
try:
if self.request.params['mode'] == 'edit':
member = self.mf.getUser(self.request.params['member_id'])
else:
member = Member()
member.uid = self.request.params['member_id']
for v in member.str_vars:
if v in self.request.params:
setattr(member, v,
self.request.params.get(v).lstrip(' ').rstrip(' '))
for v in member.bool_vars:
if v in self.request.params:
setattr(member, v, True)
if not self.request.params.get(
'userPassword', ''
) == '' and self.request.params[
'userPassword'] == self.request.params['userPassword2']:
member.setPassword(self.request.params['userPassword'])
''' fullMember / lockedMember'''
if 'fullMember' in self.request.params and not Config.get(
'mematool', 'group_fullmember') in member.groups:
member.groups.append(Config.get('mematool',
'group_fullmember'))
elif not 'fullMember' in self.request.params and Config.get(
'mematool', 'group_fullmember') in member.groups:
member.groups.remove(Config.get('mematool',
'group_fullmember'))
if 'lockedMember' in self.request.params and not Config.get(
'mematool', 'group_lockedmember') in member.groups:
member.groups.append(
Config.get('mematool', 'group_lockedmember'))
elif not 'lockedMember' in self.request.params and Config.get(
'mematool', 'group_lockedmember') in member.groups:
member.groups.remove(
Config.get('mematool', 'group_lockedmember'))
self.mf.saveMember(member)
self.session['flash'] = _('Member details successfully edited')
self.session.save()
raise HTTPRedirect('/members/editMember/?member_id={0}'.format(
self.request.params['member_id']))
except LookupError:
print 'No such user !'
# @TODO make much more noise !
raise HTTPRedirect('/members/showAllMembers')
def deleteGroup(self, gid):
'''Completely remove a group'''
dn = 'cn=' + gid + ',' + Config.get('ldap', 'basedn_groups')
dn = dn.encode('ascii', 'ignore')
retVal = self.ldapcon.delete_s(dn)
if not retVal is None and super(LdapModelFactory, self).deleteGroup(gid):
return True
return False
def mailValidationRequired(self):
body = 'Hi,\n'
body += 'The following user has updated his profile which requires your approval:\n'
body += self.session['username'] + '\n'
body += 'Please carefully review his changes and approve or reject them as required.\n\n'
body += 'regards,\nMeMaTool'
to = '*****@*****.**'
subject = Config.get('mematool', 'name_prefix') + ' mematool - request for validation'
self.sendMail(to, subject, body)
def getActiveMemberList(self):
'''Get a list of members not belonging to the locked-members group'''
users = []
for u in self.getUserList():
if not self.isUserInGroup(
u, Config.get('mematool', 'group_lockedmember')):
users.append(u)
return users
def deleteAlias(self, alias):
'''Completely remove an alias'''
a = self.getAlias(alias)
dn = a.getDN(Config.get('ldap', 'basedn')).encode('ascii', 'ignore')
retVal = self.ldapcon.delete_s(dn)
if not retVal is None:
return True
return False
def mailValidationRequired(self):
body = 'Hi,\n'
body += 'The following user has updated his profile which requires your approval:\n'
body += self.session['username'] + '\n'
body += 'Please carefully review his changes and approve or reject them as required.\n\n'
body += 'regards,\nMeMaTool'
to = '*****@*****.**'
subject = Config.get(
'mematool', 'name_prefix') + ' mematool - request for validation'
self.sendMail(to, subject, body)
def deleteAlias(self, alias):
'''Completely remove an alias'''
a = self.getAlias(alias)
dn = a.getDN(Config.get('ldap', 'basedn')).encode('ascii', 'ignore')
retVal = self.ldapcon.delete_s(dn)
if not retVal is None:
return True
return False
def deleteGroup(self, gid):
'''Completely remove a group'''
dn = 'cn=' + gid + ',' + Config.get('ldap', 'basedn_groups')
dn = dn.encode('ascii', 'ignore')
retVal = self.ldapcon.delete_s(dn)
if not retVal is None and super(LdapModelFactory,
self).deleteGroup(gid):
return True
return False
def getGroupList(self):
'''Get a list of all groups'''
filter = '(cn=*)'
attrs = ['cn', 'gidNumber']
result = self.ldapcon.search_s(Config.get('ldap', 'basedn_groups'), ldap.SCOPE_SUBTREE, filter, attrs)
groups = []
for dn, attr in result:
groups.append(attr['cn'][0])
return groups
def updateAvatar(self, member, b64_jpg):
mod_attrs = []
om = self.getUser(member.uid)
member.jpegPhoto = b64_jpg
mod_attrs.append(self.prepareVolatileAttribute(member, om, 'jpegPhoto', encoding=None))
while None in mod_attrs:
mod_attrs.remove(None)
result = self.ldapcon.modify_s('uid=' + member.uid + ',' + Config.get('ldap', 'basedn_users'), mod_attrs)
return result
def getGroupList(self):
'''Get a list of all groups'''
filter = '(cn=*)'
attrs = ['cn', 'gidNumber']
result = self.ldapcon.search_s(Config.get('ldap', 'basedn_groups'),
ldap.SCOPE_SUBTREE, filter, attrs)
groups = []
for dn, attr in result:
groups.append(attr['cn'][0])
return groups
def getUidNumberFromUid(self, uid):
'''Get a UID-number based on its UID'''
filter = '(uid=' + uid + ')'
attrs = ['uidNumber']
result = self.ldapcon.search_s(Config.get('ldap', 'basedn_users'), ldap.SCOPE_SUBTREE, filter, attrs)
if not result:
raise LookupError('No such user !')
for dn, attr in result:
uidNumber = attr['uidNumber'][0]
return uidNumber
def bootstrap():
basePath = os.path.dirname(os.path.abspath(__file__))
config_file = basePath + '/config/mematool.conf'
config = ConfigParser()
if not os.path.isfile(config_file):
raise ConfigException('Could not find config file ' + config_file +
' in ' + getcwd())
config.read(config_file)
Config.basePath = basePath
Config(config)
Config.instance.db = setup_db()
def _addMember(self, member):
'''Add a new user'''
member.uidNumber = self.getHighestUidNumber()
member.generateUserSID()
mod_attrs = []
mod_attrs.append(('objectclass', [
'posixAccount', 'organizationalPerson', 'inetOrgPerson',
'shadowAccount', 'top', 'samsePerson', 'sambaSamAccount',
'ldapPublicKey', 'syn2catPerson'
]))
mod_attrs.append(('ou', ['People']))
for k in member.auto_update_vars:
mod_attrs.append(self.prepareVolatileAttribute(member, None, k))
for k in member.no_auto_update_vars:
if not k == 'jpegPhoto':
mod_attrs.append(self.prepareVolatileAttribute(
member, None, k))
while None in mod_attrs:
mod_attrs.remove(None)
dn = 'uid=' + member.uid + ',' + Config.get('ldap', 'basedn_users')
dn = dn.encode('ascii', 'ignore')
result = self.ldapcon.add_s(dn, mod_attrs)
self.changeUserGroup(member.uid,
Config.get('mematool', 'group_fullmember'),
member.fullMember)
self.changeUserGroup(member.uid,
Config.get('mematool', 'group_lockedmember'),
member.lockedMember)
return result
def getAliasList(self, domain):
filter_ = 'objectClass=mailAlias'
attrs = ['']
basedn = 'dc=' + str(domain) + ',' + str(Config.get('ldap', 'basedn'))
result = self.ldapcon.search_s(basedn, ldap.SCOPE_SUBTREE, filter_, attrs)
aliases = []
for dn, attr in result:
dn_split = dn.split(',')
a = dn_split[0].split('=')[1]
aliases.append(a)
return aliases
def getUidNumberFromUid(self, uid):
'''Get a UID-number based on its UID'''
filter = '(uid=' + uid + ')'
attrs = ['uidNumber']
result = self.ldapcon.search_s(Config.get('ldap', 'basedn_users'),
ldap.SCOPE_SUBTREE, filter, attrs)
if not result:
raise LookupError('No such user !')
for dn, attr in result:
uidNumber = attr['uidNumber'][0]
return uidNumber
def deleteDomain(self, domain):
'''Completely remove a domain'''
dl = self.getDomainList()
if domain in dl:
dn = 'dc=' + domain + ',' + Config.get('ldap', 'basedn')
dn = dn.encode('ascii', 'ignore')
retVal = self.ldapcon.delete_s(dn)
if not retVal is None:
return True
else:
raise LookupError('No such domain!')
return False
def deleteDomain(self, domain):
'''Completely remove a domain'''
dl = self.getDomainList()
if domain in dl:
dn = 'dc=' + domain + ',' + Config.get('ldap', 'basedn')
dn = dn.encode('ascii', 'ignore')
retVal = self.ldapcon.delete_s(dn)
if not retVal is None:
return True
else:
raise LookupError('No such domain!')
return False
def getHighestGidNumber(self):
'''Get the highest used gid-number
this is used when adding a new group'''
result = self.ldapcon.search_s(Config.get('ldap', 'basedn_groups'), ldap.SCOPE_SUBTREE, Config.get('ldap', 'gid_filter'), [Config.get('ldap', 'gid_filter_attrs')])
gidNumber = -1
for dn, attr in result:
for key, value in attr.iteritems():
if int(value[0]) > gidNumber and int(value[0]) < 65000:
gidNumber = int(value[0])
gidNumber += 1
return str(gidNumber)
def getAliasList(self, domain):
filter_ = 'objectClass=mailAlias'
attrs = ['']
basedn = 'dc=' + str(domain) + ',' + str(Config.get('ldap', 'basedn'))
result = self.ldapcon.search_s(basedn, ldap.SCOPE_SUBTREE, filter_,
attrs)
aliases = []
for dn, attr in result:
dn_split = dn.split(',')
a = dn_split[0].split('=')[1]
aliases.append(a)
return aliases
def getUserList(self):
'''Get a list of all users belonging to the group "users" (gid-number = 100)
and having a uid-number >= 1000 and < 65000'''
filter = '(&(uid=*)(gidNumber=100))'
attrs = ['uid', 'uidNumber']
users = []
result = self.ldapcon.search_s(Config.get('ldap', 'basedn_users'), ldap.SCOPE_SUBTREE, filter, attrs)
for dn, attr in result:
if int(attr['uidNumber'][0]) >= 1000 and int(attr['uidNumber'][0]) < 65000:
users.append(attr['uid'][0])
users.sort()
return users
def getUserGroupList(self, uid):
'''Get a list of groups a user is a member of'''
filter = '(memberUid=' + uid + ')'
attrs = ['cn']
groups = []
result = self.ldapcon.search_s(Config.get('ldap', 'basedn_groups'), ldap.SCOPE_SUBTREE, filter, attrs)
for dn, attr in result:
for key, value in attr.iteritems():
if len(value) == 1:
groups.append(value[0])
else:
for i in value:
groups.append(i)
return groups
def getUserList(self):
'''Get a list of all users belonging to the group "users" (gid-number = 100)
and having a uid-number >= 1000 and < 65000'''
filter = '(&(uid=*)(gidNumber=100))'
attrs = ['uid', 'uidNumber']
users = []
result = self.ldapcon.search_s(Config.get('ldap', 'basedn_users'),
ldap.SCOPE_SUBTREE, filter, attrs)
for dn, attr in result:
if int(attr['uidNumber'][0]) >= 1000 and int(
attr['uidNumber'][0]) < 65000:
users.append(attr['uid'][0])
users.sort()
return users
def getUserGroupList(self, uid):
'''Get a list of groups a user is a member of'''
filter = '(memberUid=' + uid + ')'
attrs = ['cn']
groups = []
result = self.ldapcon.search_s(Config.get('ldap', 'basedn_groups'),
ldap.SCOPE_SUBTREE, filter, attrs)
for dn, attr in result:
for key, value in attr.iteritems():
if len(value) == 1:
groups.append(value[0])
else:
for i in value:
groups.append(i)
return groups
def doEditMember(self):
try:
if self.request.params['mode'] == 'edit':
member = self.mf.getUser(self.request.params['member_id'])
else:
member = Member()
member.uid = self.request.params['member_id']
for v in member.str_vars:
if v in self.request.params:
setattr(member, v, self.request.params.get(v).lstrip(' ').rstrip(' '))
for v in member.bool_vars:
if v in self.request.params:
setattr(member, v, True)
if not self.request.params.get('userPassword', '') == '' and self.request.params['userPassword'] == self.request.params['userPassword2']:
member.setPassword(self.request.params['userPassword'])
''' fullMember / lockedMember'''
if 'fullMember' in self.request.params and not Config.get('mematool', 'group_fullmember') in member.groups:
member.groups.append(Config.get('mematool', 'group_fullmember'))
elif not 'fullMember' in self.request.params and Config.get('mematool', 'group_fullmember') in member.groups:
member.groups.remove(Config.get('mematool', 'group_fullmember'))
if 'lockedMember' in self.request.params and not Config.get('mematool', 'group_lockedmember') in member.groups:
member.groups.append(Config.get('mematool', 'group_lockedmember'))
elif not 'lockedMember' in self.request.params and Config.get('mematool', 'group_lockedmember') in member.groups:
member.groups.remove(Config.get('mematool', 'group_lockedmember'))
self.mf.saveMember(member)
self.session['flash'] = _('Member details successfully edited')
self.session.save()
raise HTTPRedirect('/members/editMember/?member_id={0}'.format(self.request.params['member_id']))
except LookupError:
print 'No such user !'
# @TODO make much more noise !
raise HTTPRedirect('/members/showAllMembers')
def get_connection_string():
protocol = Config.get('db', 'protocol')
debug = Config.get_boolean('db', 'debug', False)
if protocol == 'sqlite':
connetionString = '{prot}:///{basepath}/{db}'.format(
prot=protocol, db=Config.get('db', 'db'), basepath=Config.basePath)
else:
hostname = Config.get('db', 'host')
port = Config.get('db', 'port')
connetionString = '{prot}://{user}:{password}@{host}:{port}/{db}'.format(
prot=protocol,
user=Config.get('db', 'username'),
password=Config.get('db', 'password'),
host=hostname,
db=Config.get('db', 'db'),
port=port)
return connetionString
def getUser(self, uid, clear_credentials=False):
'''
Return a Member object populated with it's attributes loaded from LDAP
:param uid: LDAP UID
:type uid: string
:returns: Member
'''
filter_ = '(uid=' + uid + ')'
attrs = ['*']
basedn = 'uid=' + str(uid) + ',' + str(
Config.get('ldap', 'basedn_users'))
result = self.ldapcon.search_s(basedn, ldap.SCOPE_SUBTREE, filter_,
attrs)
if not result:
raise LookupError('No such user !')
m = Member()
for dn, attr in result:
for k, v in attr.iteritems():
if 'objectClass' in k:
# @TODO ignore for now
continue
# @TODO handle multiple results
v = v[0]
# @todo: why again do we still need this ?
if k == 'sambaSID' and v == '':
v = None
m.set_property(k, v)
if clear_credentials:
m.sambaNTPassword = '******'
m.userPassword = '******'
m.groups = self.getUserGroupList(uid)
return m
def sendMail(self, to_, subject, body, from_=''):
msg = MIMEText(body)
if from_ == '':
from_ = Config.get('mematool', 'mail_default_from')
msg['Subject'] = subject
msg['From'] = from_
msg['To'] = to_
try:
s = smtplib.SMTP('localhost')
s.sendmail(from_, [to_], msg.as_string())
s.quit()
except:
if self.debug:
print 'Error sending mail'
else:
raise
def get_connection_string():
protocol = Config.get('db', 'protocol')
debug = Config.get_boolean('db', 'debug', False)
if protocol == 'sqlite':
connetionString = '{prot}:///{basepath}/{db}'.format(prot=protocol,
db=Config.get('db', 'db'),
basepath=Config.basePath)
else:
hostname = Config.get('db', 'host')
port = Config.get('db', 'port')
connetionString = '{prot}://{user}:{password}@{host}:{port}/{db}'.format(
prot=protocol,
user=Config.get('db', 'username'),
password=Config.get('db', 'password'),
host=hostname,
db=Config.get('db', 'db'),
port=port
)
return connetionString
def getMaildropList(self, uid):
'''This returns all aliases which have as maildrop the specified uid'''
filter_ = '(&(objectClass=mailAlias)(maildrop={0}))'.format(uid)
attrs = ['maildrop']
basedn = str(Config.get('ldap', 'basedn'))
result = self.ldapcon.search_s(basedn, ldap.SCOPE_SUBTREE, filter_, attrs)
aliases = {}
if not result:
return aliases
for dn, attr in result:
if not dn in aliases:
aliases[dn] = []
for a in attr['maildrop']:
aliases[dn].append(a)
return aliases
def getUser(self, uid, clear_credentials=False):
'''
Return a Member object populated with it's attributes loaded from LDAP
:param uid: LDAP UID
:type uid: string
:returns: Member
'''
filter_ = '(uid=' + uid + ')'
attrs = ['*']
basedn = 'uid=' + str(uid) + ',' + str(Config.get('ldap', 'basedn_users'))
result = self.ldapcon.search_s(basedn, ldap.SCOPE_SUBTREE, filter_, attrs)
if not result:
raise LookupError('No such user !')
m = Member()
for dn, attr in result:
for k, v in attr.iteritems():
if 'objectClass' in k:
# @TODO ignore for now
continue
# @TODO handle multiple results
v = v[0]
# @todo: why again do we still need this ?
if k == 'sambaSID' and v == '':
v = None
m.set_property(k, v)
if clear_credentials:
m.sambaNTPassword = '******'
m.userPassword = '******'
m.groups = self.getUserGroupList(uid)
return m