Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gyuricska Milán
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
2ef3e434
authored
Feb 15, 2017
by
Czémán Arnold
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add LDAP group owner import and small rework
parent
6f558426
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
52 additions
and
20 deletions
+52
-20
circle/circle/settings/base.py
+5
-3
circle/dashboard/models.py
+47
-17
No files found.
circle/circle/settings/base.py
View file @
2ef3e434
...
...
@@ -651,6 +651,8 @@ if get_env_variable('LDAP_AUTH', 'FALSE') == 'TRUE':
)
# org_id attribute
if
get_env_variable
(
'LDAP_ORG_ID_ATTRIBUTE'
,
False
):
LDAP_ORG_ID_ATTRIBUTE
=
get_env_variable
(
'LDAP_ORG_ID_ATTRIBUTE'
)
LDAP_ORG_ID_ATTRIBUTE
=
(
get_env_variable
(
'LDAP_ORG_ID_ATTRIBUTE'
,
""
)
==
"TRUE"
)
LDAP_GROUP_OWNER_ATTRIBUTE
=
get_env_variable
(
"LDAP_GROUP_OWNER_ATTRIBUTE"
,
"owner"
)
circle/dashboard/models.py
View file @
2ef3e434
...
...
@@ -401,36 +401,48 @@ if hasattr(settings, 'SAML_ORG_ID_ATTRIBUTE'):
pre_user_save
.
connect
(
saml_save_org_id
)
if
hasattr
(
settings
,
'LDAP_ORG_ID_ATTRIBUTE'
):
if
(
hasattr
(
settings
,
'LDAP_ORG_ID_ATTRIBUTE'
)
and
settings
.
LDAP_ORG_ID_ATTRIBUTE
):
logger
.
debug
(
"Register ldap_save_org_id to django-ldap-auth populate user"
)
from
django_auth_ldap.backend
import
populate_user
from
django_auth_ldap.backend
import
populate_user
,
LDAPSettings
import
ldap
def
ldap_connect
(
ldap_settings
):
conn
=
ldap
.
initialize
(
ldap_settings
.
SERVER_URI
)
for
opt
,
value
in
ldap_settings
.
CONNECTION_OPTIONS
.
items
():
conn
.
set_option
(
opt
,
value
)
conn
.
simple_bind_s
(
ldap_settings
.
BIND_DN
,
ldap_settings
.
BIND_PASSWORD
)
return
conn
def
owns
(
conn
,
ldap_settings
,
ownerattr
,
user_dn
,
group_name
):
group
=
ldap_settings
.
GROUP_SEARCH
.
search_with_additional_term_string
(
"(cn=
%
s)"
%
group_name
)
.
execute
(
conn
)
if
len
(
group
)
==
0
:
return
False
group
=
group
[
0
]
owners
=
group
[
1
]
.
get
(
ownerattr
,
[])
return
user_dn
in
map
(
unicode
.
upper
,
owners
)
def
ldap_save_org_id
(
sender
,
user
,
ldap_user
,
**
kwargs
):
logger
.
debug
(
"ldap_save_org_id called by
%
s"
,
user
.
username
)
attributes
=
ldap_user
.
attrs
attr
=
settings
.
LDAP_ORG_ID_ATTRIBUTE
try
:
value
=
attributes
[
attr
][
0
]
.
upper
()
except
Exception
as
e
:
value
=
None
logger
.
info
(
"ldap_save_org_id couldn't find attribute.
%
s"
,
unicode
(
e
))
user_dn
=
ldap_user
.
dn
.
upper
()
if
user
.
pk
is
None
:
user
.
save
()
logger
.
debug
(
"ldap_save_org_id saved user
%
s"
,
unicode
(
user
))
profile
,
created
=
Profile
.
objects
.
get_or_create
(
user
=
user
)
if
created
or
profile
.
org_id
!=
value
:
if
created
or
profile
.
org_id
!=
user_dn
:
logger
.
info
(
"org_id of
%
s added to user
%
s's profile"
,
value
,
user
.
username
)
profile
.
org_id
=
value
user_dn
,
user
.
username
)
profile
.
org_id
=
user_dn
profile
.
save
()
else
:
logger
.
debug
(
"org_id of
%
s already added to user
%
s's profile"
,
value
,
user
.
username
)
logger
.
error
(
ldap_user
.
group_dns
)
for
group
in
ldap_user
.
group_names
:
user_dn
,
user
.
username
)
group_dns
=
map
(
unicode
.
upper
,
ldap_user
.
group_dns
)
for
group
in
group_dns
:
try
:
g
=
GroupProfile
.
search
(
group
)
except
Group
.
DoesNotExist
:
...
...
@@ -440,10 +452,28 @@ if hasattr(settings, 'LDAP_ORG_ID_ATTRIBUTE'):
group
,
unicode
(
g
))
g
.
user_set
.
add
(
user
)
for
i
in
FutureMember
.
objects
.
filter
(
org_id__iexact
=
value
):
for
i
in
FutureMember
.
objects
.
filter
(
org_id__iexact
=
user_dn
):
i
.
group
.
user_set
.
add
(
user
)
i
.
delete
()
ownerattr
=
settings
.
LDAP_GROUP_OWNER_ATTRIBUTE
ldap_settings
=
LDAPSettings
()
# connection will close, when object destroys
# https://www.python-ldap.org/doc/html/ldap.html#ldap-objects
conn
=
ldap_connect
(
ldap_settings
)
for
group
in
zip
(
group_dns
,
ldap_user
.
group_names
):
try
:
g
=
GroupProfile
.
search
(
group
[
0
])
except
Group
.
DoesNotExist
:
logger
.
debug
(
'cant find ownergroup
%
s'
,
group
[
0
])
else
:
if
owns
(
conn
,
ldap_settings
,
ownerattr
,
user_dn
,
group
[
1
]):
logger
.
debug
(
'could find ownergroup
%
s (
%
s)'
,
group
[
0
],
unicode
(
g
))
g
.
profile
.
set_level
(
user
,
'owner'
)
else
:
logger
.
debug
(
'cant find ownergroup
%
s'
,
group
[
0
])
return
False
# User did not change
populate_user
.
connect
(
ldap_save_org_id
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment