def register_user(): from passlib.hash import ldap_sha1 error_fields = validate_registration_form(request.vars) if len(error_fields): raise HTTP(400, body=jsonify(status='fail', fields=list(error_fields))) try: faculty_privileges = 0 try: faculty_privileges = int(bool(request.vars.chk_faculty_privileges)) except Exception: pass password = ldap_sha1.encrypt(request.vars.password) db.account_requests.insert(username=request.vars.username, userid=request.vars.userid, password=password, email=request.vars.email, faculty_privileges=faculty_privileges, request_time=int(time.time()), approval_status=0 ) return jsonify() except Exception as e: logger.exception(e.message or str(e.__class__)) return jsonify(status='fail', message=e.message or str(e.__class__))
def ldap_change_password(username, raw_password): dn = "uid={username},{ou}".format(username=username, ou=settings.LDAP_PEOPLE_OU) conn = ldap_connect(modify=True) hashed_pass = ldap_sha1.encrypt(raw_password) mod_attrs = [(ldap.MOD_REPLACE, 'userPassword', [hashed_pass])] try: conn.modify_s(dn, mod_attrs) return True except: raise
def ldap_change_password(username, raw_password): dn = "uid={username},{ou}".format(username=username, ou=settings.LDAP_PEOPLE_OU) hashed_pass = ldap_sha1.encrypt(raw_password) mod_attrs = {} mod_attrs['userPassword'] = [MODIFY_REPLACE, [ hashed_pass, ]] try: conn = ldap_connect() conn.modify(dn, mod_attrs) return True except: raise
def register_user(): from passlib.hash import ldap_sha1 error_fields = validate_registration_form(request.vars) if len(error_fields): raise HTTP(400, body=jsonify(status='fail', fields=list(error_fields))) try: faculty_privileges = 0 try: faculty_privileges = int(bool(request.vars.chk_faculty_privileges)) except Exception: pass password = ldap_sha1.encrypt(request.vars.password) db.account_requests.insert(username=request.vars.username, userid=request.vars.userid, password=password, email=request.vars.email, faculty_privileges=faculty_privileges, request_time=int(time.time()), approval_status=0) return jsonify() except Exception as e: logger.exception(e.message or str(e.__class__)) return jsonify(status='fail', message=e.message or str(e.__class__))
def ldap_create_user(**kwargs): ''' Takes a dictionary of key/value pairs, generates a dictonary of LDAP-formatted properties and attempts to submit new record. Pass in e.g.: kwargs = { "password": password, "fname": fname, "lname": lname, "birthdate": birthdate, "email": email, "uid": uid, "wdid": wdid, "cca_id": cca_id, } ''' raw_password = kwargs.get('password') hashed_pass = ldap_sha1.encrypt(raw_password) uid = kwargs.get('uid') wdid = kwargs.get('wdid') cca_id = kwargs.get('cca_id') fname = kwargs.get('fname') lname = kwargs.get('lname') birthdate = kwargs.get('birthdate') email = kwargs.get('email') # LDAP stores birthdates as simple strings of format 19711203, so all we need to do is # stringify the date object and remove hyphens bday_string = str(birthdate).replace('-', '') attrs = {} attrs['objectclass'] = [ 'top'.encode('utf8'), 'person'.encode('utf8'), 'organizationalPerson'.encode('utf8'), 'inetOrgPerson'.encode('utf8'), 'eduPerson'.encode('utf8'), 'account'.encode('utf8'), 'posixAccount'.encode('utf8'), 'shadowAccount'.encode('utf8'), 'sambaSAMAccount'.encode('utf8'), 'passwordObject'.encode('utf8'), 'ccaPerson'.encode('utf8'), ] attrs['sn'] = lname.encode('utf8') attrs['cn'] = fname.encode('utf8') attrs['displayName'] = '{first} {last}'.format(first=fname, last=lname).encode('utf8') attrs['userPassword'] = '******'.format(passwd=hashed_pass.encode('utf8')), attrs['uid'] = uid.encode('utf8') attrs['givenName'] = fname.encode('utf8') attrs['ccaBirthDate'] = bday_string.encode('utf8') attrs['homeDirectory'] = '/Users/{username}'.format(username=uid).encode('utf8') attrs['uidNumber'] = str(ldap_generate_uidnumber()).encode('utf8') attrs['gidNumber'] = str(20).encode('utf8') attrs['ccaWorkdayNumber'] = str(wdid).encode('utf8') attrs['ccaEmployeeNumber'] = str(cca_id).encode('utf8') attrs['sambaSID'] = 'placeholder'.encode('utf8') # We don't use this value but it must be present. attrs['mail'] = email.encode('utf8') # Attempt to insert new LDAP user try: dn = "uid={username},{ou}".format(username=uid, ou=settings.LDAP_PEOPLE_OU) ldif = modlist.addModlist(attrs) conn = ldap_connect(modify=True) conn.add_s(dn, ldif) conn.unbind_s() ldap_enable_disable_acct(uid, "enable") # Set their account activation timestamp return True except: raise
def ldap_create_user(**kwargs): ''' Takes a dictionary of key/value pairs, generates a dictonary of LDAP-formatted properties and attempts to submit new record. Pass in e.g.: kwargs = { "password": password, "fname": fname, "lname": lname, "birthdate": birthdate, "email": email, "uid": uid, "wdid": wdid, "cca_id": cca_id, } ''' raw_password = kwargs.get('password') hashed_pass = ldap_sha1.encrypt(raw_password) uid = kwargs.get('uid') wdid = kwargs.get('wdid') cca_id = kwargs.get('cca_id') fname = kwargs.get('fname') lname = kwargs.get('lname') birthdate = kwargs.get('birthdate') email = kwargs.get('email') # LDAP stores birthdates as simple strings of format 19711203, so all we need to do is # stringify the date object and remove hyphens bday_string = str(birthdate).replace('-', '') objectclass = [ 'top', 'person', 'organizationalPerson', 'inetOrgPerson', 'eduPerson', 'account', 'posixAccount', 'shadowAccount', 'sambaSAMAccount', 'passwordObject', 'ccaPerson', 'inetuser', ] attrs = {} attrs['sn'] = lname attrs['cn'] = fname attrs['displayName'] = '{first} {last}'.format(first=fname, last=lname) attrs['userPassword'] = '******'.format(passwd=hashed_pass), attrs['uid'] = uid attrs['givenName'] = fname attrs['ccaBirthDate'] = bday_string attrs['homeDirectory'] = '/Users/{username}'.format(username=uid) attrs['uidNumber'] = str(ldap_generate_uidnumber()) attrs['gidNumber'] = str(20) attrs['ccaWorkdayNumber'] = str(wdid) attrs['ccaEmployeeNumber'] = str(cca_id) attrs[ 'sambaSID'] = 'placeholder' # We don't use this value but it must be present. attrs['mail'] = email # Attempt to insert new LDAP user try: dn = "uid={username},{ou}".format(username=uid, ou=settings.LDAP_PEOPLE_OU) conn = ldap_connect() conn.add(dn, objectclass, attrs) conn.unbind() ldap_enable_disable_acct( uid, "enable") # Set their account activation timestamp return True except: raise