- hrn=self.authname+"."+ tmpname
-
- tmpemail = ldapentry[1]['mail'][0]
- if ldapentry[1]['mail'][0] == "unknown":
- tmpemail = None
-
-
- parent_hrn = get_authority(hrn)
- parent_auth_info = self.senslabauth.get_auth_info(parent_hrn)
-
- results.append( {
- 'type': 'user',
- 'pkey': ldapentry[1]['sshPublicKey'][0],
- #'uid': ldapentry[1]['uid'][0],
- 'uid': tmpname ,
- 'email':tmpemail,
- #'email': ldapentry[1]['mail'][0],
- 'first_name': ldapentry[1]['givenName'][0],
- 'last_name': ldapentry[1]['sn'][0],
-# 'phone': 'none',
- 'serial': 'none',
- 'authority': self.authname,
- 'peer_authority': '',
- 'pointer' : -1,
- 'hrn': hrn,
- } )
- return results
+
+ def LdapDelete(self, person_dn):
+ """
+ Deletes a person in LDAP. Uses the dn of the user.
+ """
+ #Connect and bind
+ result = self.conn.connect()
+ if(result['bool']):
+ try:
+ self.conn.ldapserv.delete_s(person_dn)
+ self.conn.close()
+ return {'bool': True}
+
+ except ldap.LDAPError, error:
+ logger.log_exc("LDAP Delete Error %s" %error)
+ return {'bool': False}
+
+
+ def LdapDeleteUser(self, record_filter):
+ """
+ Deletes a SFA person in LDAP, based on the user's hrn.
+ """
+ #Find uid of the person
+ person = self.LdapFindUser(record_filter,[])
+ logger.debug("LDAPapi.py \t LdapDeleteUser record %s person %s" \
+ %(record_filter, person))
+
+ if person:
+ dn = 'uid=' + person['uid'] + "," +self.baseDN
+ else:
+ return {'bool': False}
+
+ result = self.LdapDelete(dn)
+ return result
+
+
+ def LdapModify(self, dn, old_attributes_dict, new_attributes_dict):
+ """ Modifies a LDAP entry """
+
+ ldif = modlist.modifyModlist(old_attributes_dict,new_attributes_dict)
+ # Connect and bind/authenticate
+ result = self.conn.connect()
+ if (result['bool']):
+ try:
+ self.conn.ldapserv.modify_s(dn,ldif)
+ self.conn.close()
+ return {'bool' : True }
+ except ldap.LDAPError, error:
+ logger.log_exc("LDAP LdapModify Error %s" %error)
+ return {'bool' : False }
+
+
+ def LdapModifyUser(self, user_record, new_attributes_dict):
+ """
+ Gets the record from one user_uid_login based on record_filter
+ and changes the attributes according to the specified new_attributes.
+ Does not use this if we need to modify the uid. Use a ModRDN
+ #operation instead ( modify relative DN )
+ """
+ if user_record is None:
+ logger.error("LDAP \t LdapModifyUser Need user record ")
+ return {'bool': False}
+
+ #Get all the attributes of the user_uid_login
+ #person = self.LdapFindUser(record_filter,[])
+ req_ldap = self.make_ldap_filters_from_record(user_record)
+ person_list = self.LdapSearch(req_ldap,[])
+ logger.debug("LDAPapi.py \t LdapModifyUser person_list : %s" \
+ %(person_list))
+ if person_list and len(person_list) > 1 :
+ logger.error("LDAP \t LdapModifyUser Too many users returned")
+ return {'bool': False}
+ if person_list is None :
+ logger.error("LDAP \t LdapModifyUser User %s doesn't exist "\
+ %(user_record))
+ return {'bool': False}
+
+ # The dn of our existing entry/object
+ #One result only from ldapSearch
+ person = person_list[0][1]
+ dn = 'uid=' + person['uid'][0] + "," +self.baseDN
+
+ if new_attributes_dict:
+ old = {}
+ for k in new_attributes_dict:
+ if k not in person:
+ old[k] = ''
+ else :
+ old[k] = person[k]
+ logger.debug(" LDAPapi.py \t LdapModifyUser new_attributes %s"\
+ %( new_attributes_dict))
+ result = self.LdapModify(dn, old,new_attributes_dict)
+ return result
+ else:
+ logger.error("LDAP \t LdapModifyUser No new attributes given. ")
+ return {'bool': False}
+
+
+
+
+ def LdapMarkUserAsDeleted(self, record):
+
+
+ new_attrs = {}
+ #Disable account
+ new_attrs['shadowExpire'] = '0'
+ logger.debug(" LDAPapi.py \t LdapMarkUserAsDeleted ")
+ ret = self.LdapModifyUser(record, new_attrs)
+ return ret