sfa/senslab/LDAPapi.py

   1
   2
   3 from sfa.util.xrn import Xrn,get_authority
   4 import ldap
   5 from sfa.util.config import *
   6 from sfa.trust.gid import *
   7 from sfa.trust.hierarchy import *
   8 from sfa.trust.auth import *
   9 from sfa.trust.certificate import *
  10
  11 class LDAPapi :
  12         def __init__(self, record_filter = None):
  13                 self.senslabauth=Hierarchy()
  14                 config=Config()
  15                 self.authname=config.SFA_REGISTRY_ROOT_AUTH
  16                 authinfo=self.senslabauth.get_auth_info(self.authname)
  17
  18
  19                 self.auth=Auth()
  20                 gid=authinfo.get_gid_object()
  21                 self.ldapdictlist = ['type',
  22                                 'pkey',
  23                                 'uid',
  24                                 'serial',
  25                                 'authority',
  26                                 'peer_authority',
  27                                 'pointer' ,
  28                                 'hrn']
  29                 self.baseDN = "ou=people,dc=senslab,dc=info"
  30
  31         def connect (self):
  32            self.ldapserv=ldap.open("192.168.0.251")
  33
  34         def authenticate(self):
  35             self.l = ldap.initialize("ldaps://192.168.0.251:636/")
  36
  37             # Bind/authenticate with a user with apropriate rights to add objects
  38             self.l = simple_bind_s(" ","")
  39
  40         def ldapAdd(self, record) :
  41             self.authenticate()
  42
  43             return
  44
  45         def parse_record(self, record):
  46             req_ldapdict = {}
  47             if 'first_name' in record  and 'last_name' in record:
  48                 req_ldapdict['cn'] = str(record['first_name'])+" "+str(record['last_name'])
  49             if 'email' in record :
  50                 req_ldapdict['mail'] = record['email']
  51
  52             req_ldap=''
  53             print >>sys.stderr, "\r\n \r\n \t LDAP.PY \t\t   parse_record record %s req_ldapdict %s" %(record,req_ldapdict)
  54             for k in req_ldapdict:
  55                 req_ldap += '('+str(k)+'='+str(req_ldapdict[k])+')'
  56             if  len(req_ldapdict.keys()) >1 :
  57                 req_ldap = req_ldap[:0]+"(&"+req_ldap[0:]
  58                 size = len(req_ldap)
  59                 req_ldap= req_ldap[:(size-1)] +')'+ req_ldap[(size-1):]
  60
  61             return req_ldap
  62
  63         def parse_ldapresults(self, ldapentry):
  64             return
  65
  66
  67
  68         def ldapSearch (self, record ):
  69
  70
  71             self.connect()
  72             req_ldap = self.parse_record(record)
  73             print >>sys.stderr, "\r\n \r\n \t LDAP.PY \t\t ldapSearch  req_ldap %s" %(req_ldap)
  74             try:
  75                 msg_id=self.ldapserv.search(self.baseDN,ldap.SCOPE_SUBTREE,req_ldap, ['mail','givenName', 'sn', 'uid','sshPublicKey'])
  76                 #Get all the results matching the search from ldap in one shot (1 value)
  77                 result_type, result_data=self.ldapserv.result(msg_id,1)
  78                 results = []
  79                 print >>sys.stderr, "\r\n \r\n \t LDAP.PY \t\t ldapSearch  result_data %s" %(result_data)
  80                 #Dafuq is this result_data shit ??
  81                 ldapentry = result_data[0][1]
  82                 #print>>sys.stderr, " \r\n \t LDAP : ! mail ldapentry[1]['mail'][0] %s " %(ldapentry[1]['mail'][0])
  83                 print >>sys.stderr, "\r\n \r\n \t LDAP.PY \t\t ldapSearch  ldapentry %s" %(ldapentry)
  84                 tmpname = ldapentry['uid'][0]
  85
  86                 if ldapentry['uid'][0] == "savakian":
  87                     tmpname = 'avakian'
  88
  89                 tmpemail = ldapentry['mail'][0]
  90                 if ldapentry['mail'][0] == "unknown":
  91                     tmpemail = None
  92
  93                 hrn = record['hrn']
  94                 parent_hrn = get_authority(hrn)
  95                 peer_authority = None
  96                 if parent_hrn is not self.authname:
  97                     peer_authority = parent_hrn
  98
  99                 results.append(  {
 100                                 'type': 'user',
 101                                 'pkey': ldapentry['sshPublicKey'][0],
 102                                 #'uid': ldapentry[1]['uid'][0],
 103                                 'uid': tmpname ,
 104                                 'email':tmpemail,
 105                                 #'email': ldapentry[1]['mail'][0],
 106                                 'first_name': ldapentry['givenName'][0],
 107                                 'last_name': ldapentry['sn'][0],
 108 #                               'phone': 'none',
 109                                 'serial': 'none',
 110                                 'authority': parent_hrn,
 111                                 'peer_authority': peer_authority,
 112                                 'pointer' : -1,
 113                                 'hrn': hrn,
 114                                 } )
 115                 return results
 116
 117
 118             except  ldap.LDAPError,e :
 119                 print >>sys.stderr, "ERROR LDAP %s" %(e)
 120
 121
 122
 123
 124         def ldapFindHrn(self, record_filter = None):
 125         #def ldapFindHrn(self, record_filter = None, columns=None):
 126
 127                 results = []
 128                 self.connect()
 129                 if 'authority' in record_filter:
 130                 # ask for authority
 131                         if record_filter['authority']==self.authname:
 132                                 # which is SFA_REGISTRY_ROOT_AUTH
 133                                 # request all records which are under our authority, ie all ldap entries
 134                                 ldapfilter="cn=*"
 135                         else:
 136                                 #which is NOT SFA_REGISTRY_ROOT_AUTH
 137                                 return []
 138                 else :
 139                         if not 'hrn' in record_filter:
 140                                 print >>sys.stderr,"find : don't know how to handle filter ",record_filter
 141                                 return []
 142                         else:
 143                                 hrns=[]
 144                                 h=record_filter['hrn']
 145                                 if  isinstance(h,list):
 146                                         hrns=h
 147                                 else :
 148                                         hrns.append(h)
 149
 150                                 ldapfilter="(|"
 151                                 for hrn in hrns:
 152                                         splited_hrn=hrn.split(".")
 153                                         if splited_hrn[0] != self.authname :
 154                                                 print >>sys.stderr,"i know nothing about",hrn, " my authname is ", self.authname, " not ", splited_hrn[0]
 155                                         else :
 156                                                 login=splited_hrn[1]
 157                                                 ldapfilter+="(uid="
 158                                                 ldapfilter+=login
 159                                                 ldapfilter+=")"
 160                                 ldapfilter+=")"
 161
 162
 163                 rindex=self.ldapserv.search(self.baseDN,ldap.SCOPE_SUBTREE,ldapfilter, ['mail','givenName', 'sn', 'uid','sshPublicKey'])
 164                 ldapresponse=self.ldapserv.result(rindex,1)
 165                 #print>>sys.stderr, " \r\n \t LDAP : ldapresponse %s " %(ldapresponse)
 166                 for ldapentry in ldapresponse[1]:
 167                         #print>>sys.stderr, " \r\n \t LDAP : ! mail ldapentry[1]['mail'][0] %s " %(ldapentry[1]['mail'][0])
 168
 169                         tmpname = ldapentry[1]['uid'][0]
 170
 171                         if ldapentry[1]['uid'][0] == "savakian":
 172                             tmpname = 'avakian'
 173
 174                         hrn=self.authname+"."+ tmpname
 175
 176                         tmpemail = ldapentry[1]['mail'][0]
 177                         if ldapentry[1]['mail'][0] == "unknown":
 178                             tmpemail = None
 179 #                       uuid=create_uuid()
 180
 181 #                       RSA_KEY_STRING=ldapentry[1]['sshPublicKey'][0]
 182
 183 #                       pkey=convert_public_key(RSA_KEY_STRING)
 184
 185 #                       gid=self.senslabauth.create_gid("urn:publicid:IDN+"+self.authname+"+user+"+ldapentry[1]['uid'][0], uuid, pkey, CA=False)
 186
 187                         parent_hrn = get_authority(hrn)
 188                         parent_auth_info = self.senslabauth.get_auth_info(parent_hrn)
 189
 190                         results.append(  {
 191                                 'type': 'user',
 192                                 'pkey': ldapentry[1]['sshPublicKey'][0],
 193                                 #'uid': ldapentry[1]['uid'][0],
 194                                 'uid': tmpname ,
 195                                 'email':tmpemail,
 196                                 #'email': ldapentry[1]['mail'][0],
 197                                 'first_name': ldapentry[1]['givenName'][0],
 198                                 'last_name': ldapentry[1]['sn'][0],
 199 #                               'phone': 'none',
 200                                 'serial': 'none',
 201                                 'authority': self.authname,
 202                                 'peer_authority': '',
 203                                 'pointer' : -1,
 204                                 'hrn': hrn,
 205                                 } )
 206                 return results