示例#1
0
def HandleModified(property, event):
    if guaranteePluginExists():
        # A new fully configured plugin has been created, so we do not
        # need to do anything anymore.
        return

    configureLDAPSchema()
示例#2
0
    def extractData(self, root, pas, out):
        plug_id = str(root.getAttribute('id'))
        update = root.getAttribute('update') == 'True'

        settings = {}
        interfaces = []
        plugin_props = []
        for prop in root.getElementsByTagName('plugin_property'):
            p_type = prop.getAttribute('type')
            p_id = prop.getAttribute('id')
            value = prop.getAttribute('value')
            if p_type == 'int':
                value = int(value)
            if p_type == 'string':
                value = str(value)
            plugin_props.append({'id': p_id, 'type': p_type, 'value': value})

        for iface in root.getElementsByTagName('interface'):
            interfaces.append(iface.getAttribute('value'))

        caches = list()
        for node in root.getElementsByTagName('cache'):
            caches.append(node.getAttribute('value'))

        if len(caches) > 1:
            raise ValueError('You can not define multiple <cache> properties')

        cache = ''
        if len(caches):
            cache = caches[0]

        for prop in root.getElementsByTagName('property'):
            type = prop.getAttribute('type')
            values = []
            for v in prop.getElementsByTagName('item'):
                values.append(v.getAttribute('value'))
            id = prop.getAttribute('id')
            if type == 'list':
                value = values
            else:
                value = values[0]
            if type == 'int':
                value = int(value)
            if type == 'bool':
                value = (value.lower() != 'false' and 1 or 0)
            settings[id] = value
        schema = {}
        for schemanode in root.getElementsByTagName('schema'):
            for attr in schemanode.getElementsByTagName('attr'):
                c_id = attr.getAttribute('id')
                c_attr = {}
                for item in attr.getElementsByTagName('item'):
                    if item.getAttribute('value') != 'False':
                        c_attr[str(item.getAttribute('id'))] = str(
                            item.getAttribute('value'))
                    else:
                        c_attr[str(item.getAttribute('id'))] = False
                schema[str(c_id)] = c_attr
        servers = []
        for server in root.getElementsByTagName('server'):
            c_server = {
                'update': (server.getAttribute('update') == 'True'),
                'delete': (server.getAttribute('delete') == 'True')
            }
            for item in server.getElementsByTagName('item'):
                value = item.getAttribute('value')
                type = item.getAttribute('type')
                id = item.getAttribute('id')
                if type == 'int':
                    value = int(value)
                c_server[id] = value
            servers.append(c_server)

        # always update if it doesn't exist
        if plug_id not in pas.objectIds():
            update = True

        if update:
            # delete existing LDAP plug-in
            if plug_id in pas.objectIds():
                try:
                    plugin = getLDAPPlugin()
                    pas = getPAS()
                    pas.manage_delObjects([plugin.getId()])
                except KeyError:
                    # pass
                    """
                    There are two reasons to not pass here. First, if we pass
                    and go to recreate later and both plugins have the same it, it
                    will error out for the id already existing. Second, if they
                    don't have the same id but have the same settings, they will then
                    in practice (if its set up correct) have duplicate users, which
                    will subsequently break any group or role lookups which assert
                    on the duplicate users. I don't see any tests on this so if there
                    is an argument to leave this as a pass let me know.
                    """
                    logging.error(
                        "There is an ldap multi plugin in your " +
                        "system (%s) that is not managed " % plug_id +
                        "by this generic setup script. To have everything " +
                        "managed by GS, please delete and " +
                        "reinstall or set update=False in your ldap_plugin.xml"
                        + " root.")
                    logging.error("Installing LDAP Plugin with GS failed")
                    return

            # base configuration
            config = getUtility(ILDAPConfiguration)
            config.login_attribute = settings['_login_attr']
            config.userid_attribute = settings['_uid_attr']
            config.rdn_attribute = settings['_rdnattr']
            config.user_base = settings['users_base']
            config.user_scope = settings['users_scope']
            config.group_base = settings['groups_base']
            config.group_scope = settings['groups_scope']
            config.bind_dn = settings['_binduid']
            config.bind_password = settings['_bindpwd']
            config.user_object_classes = ','.join(settings['_user_objclasses'])
            config.password_encryption = settings['_pwd_encryption']
            config.default_user_roles = ','.join(settings['_roles'])
            config.read_only = settings['read_only']
            config.activated_plugins = interfaces
            config.cache = cache

            # servers
            config.servers = LDAPServerStorage()
            for server in servers:
                obj = LDAPServer(
                    server=server['host'],
                    connection_type=(server['protocol'] == 'ldaps'),
                    connection_timeout=server['conn_timeout'],
                    operation_timeout=server['op_timeout'],
                    enabled=True)
                config.servers.addItem(obj)

            # schema
            config.schema = LDAPSchema()
            for property in schema.itervalues():
                obj = LDAPProperty(
                    ldap_name=property.get('ldap_name', ''),
                    plone_name=property.get('public_name', ''),
                    description=property.get('friendly_name', ''),
                    multi_valued=property.get('multivalued', False),
                    binary=property.get('binary', False))
                config.schema.addItem(obj)
            # recreate new LDAP plug-in
            createLDAPPlugin(plug_id)
            configureLDAPServers()
            configureLDAPSchema()
示例#3
0
    def extractData(self, root, pas, out):
        plug_id = str(root.getAttribute('id'))
        update = root.getAttribute('update') == 'True'

        settings = {}
        interfaces = []
        plugin_props = []
        for prop in root.getElementsByTagName('plugin_property'):
            p_type = prop.getAttribute('type')
            p_id = prop.getAttribute('id')
            value = prop.getAttribute('value')
            if p_type == 'int':
                value = int(value)
            if p_type == 'string':
                value = str(value)
            plugin_props.append({'id':p_id, 'type': p_type, 'value': value})

        for iface in root.getElementsByTagName('interface'):
            interfaces.append(iface.getAttribute('value'))

        caches = list()
        for node in root.getElementsByTagName('cache'):
            caches.append(node.getAttribute('value'))

        if len(caches) > 1:
            raise ValueError('You can not define multiple <cache> properties')

        cache = ''
        if len(caches):
            cache = caches[0]

        for prop in root.getElementsByTagName('property'):
            type = prop.getAttribute('type')
            values = []
            for v in prop.getElementsByTagName('item'):
                values.append(v.getAttribute('value'))
            id = prop.getAttribute('id')
            if type == 'list':
                value = values
            else:
                value = values[0]
            if type == 'int':
                value = int(value)
            if type == 'bool':
                value = (value.lower() != 'false' and 1 or 0)
            settings[id] = value
        schema = {}
        for schemanode in root.getElementsByTagName('schema'):
            for attr in schemanode.getElementsByTagName('attr'):
                c_id = attr.getAttribute('id')
                c_attr = {}
                for item in attr.getElementsByTagName('item'):
                    if item.getAttribute('value') != 'False':
                        c_attr[str(item.getAttribute('id'))] = str(item.getAttribute('value'))
                    else:
                        c_attr[str(item.getAttribute('id'))] = False
                schema[str(c_id)] = c_attr
        servers = []
        for server in root.getElementsByTagName('server'):
            c_server = {'update': (server.getAttribute('update') == 'True'),
                        'delete': (server.getAttribute('delete') == 'True')}
            for item in server.getElementsByTagName('item'):
                value = item.getAttribute('value')
                type = item.getAttribute('type')
                id = item.getAttribute('id')
                if type == 'int':
                    value = int(value)
                c_server[id] = value
            servers.append(c_server)

        # always update if it doesn't exist
        if plug_id not in pas.objectIds():
            update = True

        if update:
            # delete existing LDAP plug-in
            if plug_id in pas.objectIds():
                try:
                    plugin = getLDAPPlugin()
                    pas = getPAS()
                    pas.manage_delObjects([plugin.getId()])
                except KeyError:
                    # pass
                    """
                    There are two reasons to not pass here. First, if we pass
                    and go to recreate later and both plugins have the same it, it
                    will error out for the id already existing. Second, if they
                    don't have the same id but have the same settings, they will then
                    in practice (if its set up correct) have duplicate users, which
                    will subsequently break any group or role lookups which assert
                    on the duplicate users. I don't see any tests on this so if there
                    is an argument to leave this as a pass let me know.
                    """
                    logging.error("There is an ldap multi plugin in your "+
                        "system (%s) that is not managed "%plug_id +
                        "by this generic setup script. To have everything "+
                        "managed by GS, please delete and " +
                        "reinstall or set update=False in your ldap_plugin.xml"+
                        " root.")
                    logging.error("Installing LDAP Plugin with GS failed")
                    return


            # base configuration
            config = getUtility(ILDAPConfiguration)
            config.login_attribute = settings['_login_attr']
            config.userid_attribute = settings['_uid_attr']
            config.rdn_attribute = settings['_rdnattr']
            config.user_base = settings['users_base']
            config.user_scope = settings['users_scope']
            config.group_base = settings['groups_base']
            config.group_scope = settings['groups_scope']
            config.bind_dn = settings['_binduid']
            config.bind_password = settings['_bindpwd']
            config.user_object_classes = ','.join(settings['_user_objclasses'])
            config.password_encryption = settings['_pwd_encryption']
            config.default_user_roles = ','.join(settings['_roles'])
            config.read_only = settings['read_only']
            config.activated_plugins = interfaces
            config.cache = cache

            # servers
            config.servers = LDAPServerStorage()
            for server in servers:
                obj = LDAPServer(server=server['host'],
                                 connection_type=(server['protocol'] == 'ldaps'),
                                 connection_timeout=server['conn_timeout'],
                                 operation_timeout=server['op_timeout'],
                                 enabled=True)
                config.servers.addItem(obj)

            # schema
            config.schema = LDAPSchema()
            for property in schema.itervalues():
                obj = LDAPProperty(ldap_name=property.get('ldap_name', ''),
                                   plone_name=property.get('public_name', ''),
                                   description=property.get('friendly_name', ''),
                                   multi_valued=property.get('multivalued', False),
                                   binary=property.get('binary', False))
                config.schema.addItem(obj)
            # recreate new LDAP plug-in
            createLDAPPlugin(plug_id)
            configureLDAPServers()
            configureLDAPSchema()
    def extractData(self, root, pas, out):
        plug_id = str(root.getAttribute("id"))
        update = root.getAttribute("update") == "True"

        settings = {}
        interfaces = []
        plugin_props = []
        for prop in root.getElementsByTagName("plugin_property"):
            p_type = prop.getAttribute("type")
            p_id = prop.getAttribute("id")
            value = prop.getAttribute("value")
            if p_type == "int":
                value = int(value)
            if p_type == "string":
                value = str(value)
            plugin_props.append({"id": p_id, "type": p_type, "value": value})

        for iface in root.getElementsByTagName("interface"):
            interfaces.append(iface.getAttribute("value"))

        caches = list()
        for node in root.getElementsByTagName("cache"):
            caches.append(node.getAttribute("value"))

        if len(caches) > 1:
            raise ValueError("You can not define multiple <cache> properties")

        cache = ""
        if len(caches):
            cache = caches[0]

        for prop in root.getElementsByTagName("property"):
            type = prop.getAttribute("type")
            values = []
            for v in prop.getElementsByTagName("item"):
                values.append(v.getAttribute("value"))
            id = prop.getAttribute("id")
            if type == "list":
                # values are unicode strings
                # _user_objclasses and _roles need to be strings
                if id in ["_user_objclasses", "_roles"]:
                    value = [item.encode("utf8") for item in values]
                else:
                    value = values
            else:
                value = values[0]
            if type == "int":
                value = int(value)
            if type == "bool":
                value = value.lower() != "false" and 1 or 0
            settings[id] = value
        schema = {}
        for schemanode in root.getElementsByTagName("schema"):
            for attr in schemanode.getElementsByTagName("attr"):
                c_id = attr.getAttribute("id")
                c_attr = {}
                for item in attr.getElementsByTagName("item"):
                    if item.getAttribute("value") != "False":
                        c_attr[str(item.getAttribute("id"))] = str(item.getAttribute("value"))
                    else:
                        c_attr[str(item.getAttribute("id"))] = False
                schema[str(c_id)] = c_attr
        servers = []
        for server in root.getElementsByTagName("server"):
            c_server = {
                "update": (server.getAttribute("update") == "True"),
                "delete": (server.getAttribute("delete") == "True"),
            }
            for item in server.getElementsByTagName("item"):
                value = item.getAttribute("value")
                type = item.getAttribute("type")
                id = item.getAttribute("id")
                if type == "int":
                    value = int(value)
                c_server[id] = value
            servers.append(c_server)

        # always update if it doesn't exist
        if plug_id not in pas.objectIds():
            update = True

        if update:
            # delete existing LDAP plug-in
            if plug_id in pas.objectIds():
                try:
                    plugin = getLDAPPlugin()
                    pas = getPAS()
                    pas.manage_delObjects([plugin.getId()])
                except KeyError:
                    # pass
                    """
                    There are two reasons to not pass here. First, if we pass
                    and go to recreate later and both plugins have the same it, it
                    will error out for the id already existing. Second, if they
                    don't have the same id but have the same settings, they will then
                    in practice (if its set up correct) have duplicate users, which
                    will subsequently break any group or role lookups which assert
                    on the duplicate users. I don't see any tests on this so if there
                    is an argument to leave this as a pass let me know.
                    """
                    logging.error(
                        "There is an ldap multi plugin in your "
                        + "system (%s) that is not managed " % plug_id
                        + "by this generic setup script. To have everything "
                        + "managed by GS, please delete and "
                        + "reinstall or set update=False in your ldap_plugin.xml"
                        + " root."
                    )
                    logging.error("Installing LDAP Plugin with GS failed")
                    return

            # base configuration
            config = getUtility(ILDAPConfiguration)
            config.login_attribute = settings["_login_attr"]
            config.userid_attribute = settings["_uid_attr"]
            config.rdn_attribute = settings["_rdnattr"]
            config.user_base = settings["users_base"]
            config.user_scope = settings["users_scope"]
            config.group_base = settings["groups_base"]
            config.group_scope = settings["groups_scope"]
            config.bind_dn = settings["_binduid"]
            config.bind_password = settings["_bindpwd"]
            config.user_object_classes = ",".join(settings["_user_objclasses"])
            config.password_encryption = settings["_pwd_encryption"]
            config.default_user_roles = ",".join(settings["_roles"])
            config.read_only = settings["read_only"]
            config.activated_plugins = interfaces
            config.cache = cache

            # servers
            config.servers = LDAPServerStorage()
            for server in servers:
                obj = LDAPServer(
                    server=server["host"],
                    connection_type=(server["protocol"] == "ldaps"),
                    connection_timeout=server["conn_timeout"],
                    operation_timeout=server["op_timeout"],
                    enabled=True,
                )
                config.servers.addItem(obj)

            # schema
            config.schema = LDAPSchema()
            for property in schema.itervalues():
                obj = LDAPProperty(
                    ldap_name=property.get("ldap_name", ""),
                    plone_name=property.get("public_name", ""),
                    description=property.get("friendly_name", ""),
                    multi_valued=property.get("multivalued", False),
                    binary=property.get("binary", False),
                )
                config.schema.addItem(obj)
            # recreate new LDAP plug-in
            createLDAPPlugin(plug_id)
            configureLDAPServers()
            configureLDAPSchema()