Add LDAP group owner import and small rework
Showing
... | @@ -401,36 +401,48 @@ if hasattr(settings, 'SAML_ORG_ID_ATTRIBUTE'): | ... | @@ -401,36 +401,48 @@ if hasattr(settings, 'SAML_ORG_ID_ATTRIBUTE'): |
pre_user_save.connect(saml_save_org_id) | pre_user_save.connect(saml_save_org_id) | ||
if hasattr(settings, 'LDAP_ORG_ID_ATTRIBUTE'): | if (hasattr(settings, 'LDAP_ORG_ID_ATTRIBUTE') and | ||
Please
register
or
sign in
to reply
|
|||
settings.LDAP_ORG_ID_ATTRIBUTE): | |||
logger.debug("Register ldap_save_org_id to django-ldap-auth populate user") | logger.debug("Register ldap_save_org_id to django-ldap-auth populate user") | ||
from django_auth_ldap.backend import populate_user | from django_auth_ldap.backend import populate_user, LDAPSettings | ||
import ldap | |||
def ldap_connect(ldap_settings): | |||
conn = ldap.initialize(ldap_settings.SERVER_URI) | |||
for opt, value in ldap_settings.CONNECTION_OPTIONS.items(): | |||
conn.set_option(opt, value) | |||
conn.simple_bind_s(ldap_settings.BIND_DN, ldap_settings.BIND_PASSWORD) | |||
return conn | |||
def owns(conn, ldap_settings, ownerattr, user_dn, group_name): | |||
group = ldap_settings.GROUP_SEARCH.search_with_additional_term_string( | |||
"(cn=%s)" % group_name).execute(conn) | |||
if len(group) == 0: | |||
return False | |||
group = group[0] | |||
owners = group[1].get(ownerattr, []) | |||
return user_dn in map(unicode.upper, owners) | |||
def ldap_save_org_id(sender, user, ldap_user, **kwargs): | def ldap_save_org_id(sender, user, ldap_user, **kwargs): | ||
logger.debug("ldap_save_org_id called by %s", user.username) | logger.debug("ldap_save_org_id called by %s", user.username) | ||
attributes = ldap_user.attrs | user_dn = ldap_user.dn.upper() | ||
attr = settings.LDAP_ORG_ID_ATTRIBUTE | |||
try: | |||
value = attributes[attr][0].upper() | |||
except Exception as e: | |||
value = None | |||
logger.info("ldap_save_org_id couldn't find attribute. %s", | |||
unicode(e)) | |||
if user.pk is None: | if user.pk is None: | ||
user.save() | user.save() | ||
logger.debug("ldap_save_org_id saved user %s", unicode(user)) | logger.debug("ldap_save_org_id saved user %s", unicode(user)) | ||
profile, created = Profile.objects.get_or_create(user=user) | profile, created = Profile.objects.get_or_create(user=user) | ||
if created or profile.org_id != value: | if created or profile.org_id != user_dn: | ||
logger.info("org_id of %s added to user %s's profile", | logger.info("org_id of %s added to user %s's profile", | ||
value, user.username) | user_dn, user.username) | ||
profile.org_id = value | profile.org_id = user_dn | ||
profile.save() | profile.save() | ||
else: | else: | ||
logger.debug("org_id of %s already added to user %s's profile", | logger.debug("org_id of %s already added to user %s's profile", | ||
value, user.username) | user_dn, user.username) | ||
logger.error(ldap_user.group_dns) | |||
for group in ldap_user.group_names: | group_dns = map(unicode.upper, ldap_user.group_dns) | ||
for group in group_dns: | |||
try: | try: | ||
g = GroupProfile.search(group) | g = GroupProfile.search(group) | ||
except Group.DoesNotExist: | except Group.DoesNotExist: | ||
... | @@ -440,10 +452,28 @@ if hasattr(settings, 'LDAP_ORG_ID_ATTRIBUTE'): | ... | @@ -440,10 +452,28 @@ if hasattr(settings, 'LDAP_ORG_ID_ATTRIBUTE'): |
group, unicode(g)) | group, unicode(g)) | ||
g.user_set.add(user) | g.user_set.add(user) | ||
for i in FutureMember.objects.filter(org_id__iexact=value): | for i in FutureMember.objects.filter(org_id__iexact=user_dn): | ||
i.group.user_set.add(user) | i.group.user_set.add(user) | ||
i.delete() | i.delete() | ||
ownerattr = settings.LDAP_GROUP_OWNER_ATTRIBUTE | |||
ldap_settings = LDAPSettings() | |||
# connection will close, when object destroys | |||
# https://www.python-ldap.org/doc/html/ldap.html#ldap-objects | |||
conn = ldap_connect(ldap_settings) | |||
for group in zip(group_dns, ldap_user.group_names): | |||
try: | |||
g = GroupProfile.search(group[0]) | |||
except Group.DoesNotExist: | |||
logger.debug('cant find ownergroup %s', group[0]) | |||
else: | |||
if owns(conn, ldap_settings, ownerattr, user_dn, group[1]): | |||
logger.debug('could find ownergroup %s (%s)', | |||
group[0], unicode(g)) | |||
g.profile.set_level(user, 'owner') | |||
else: | |||
logger.debug('cant find ownergroup %s', group[0]) | |||
return False # User did not change | return False # User did not change | ||
populate_user.connect(ldap_save_org_id) | populate_user.connect(ldap_save_org_id) | ||
... | ... |