"""
-This API is adapted for OpenLDAP.
-The file contains all LDAP classes and methods needed to:
- - Load the LDAP connection configuration file (login, address..) with
- LdapConfig
- - Connect to LDAP with ldap_co
- - Create a unique LDAP login and password for a user based on his email or
- last name and first name with LoginPassword.
- - Manage entries in LDAP using SFA records with LDAPapi
- (Search, Add, Delete, Modify)
+This API is adapted for OpenLDAP. The file contains all LDAP classes and methods
+needed to:
+- Load the LDAP connection configuration file (login, address..) with LdapConfig
+- Connect to LDAP with ldap_co
+- Create a unique LDAP login and password for a user based on his email or last
+name and first name with LoginPassword.
+- Manage entries in LDAP using SFA records with LDAPapi (Search, Add, Delete,
+Modify)
"""
import random
return {'bool': True}
def close(self):
- """ Close the LDAP connection.
+ """Close the LDAP connection.
Can throw an exception if the unbinding fails.
- :returns: dictionary with the bind status if fails.
- False if not and in this case the error message({'bool','message'})
+
+ :returns: dictionary with the bind status if the unbinding failed and
+ in this case the dict contains an error message. The dictionary keys
+ are : ({'bool','message'})
:rtype: dict or None
"""
class LDAPapi:
"""Defines functions to insert and search entries in the LDAP.
+ .. note:: class supposes the unix schema is used
+
"""
def __init__(self):
logger.setLevelDebug()
first name so that the user's login can be generated.
:param record: Record must contain first_name and last_name.
- :param record: dict
+ :type record: dict
:returns: the generated login for the user described with record if the
login generation is successful, None if it fails.
:rtype: string or None
if record['first_name'] != record['last_name']:
req_ldapdict['cn'] = str(record['first_name'])+" "\
+ str(record['last_name'])
+ if 'uid' in record:
+ req_ldapdict['uid'] = record['uid']
if 'email' in record:
req_ldapdict['mail'] = record['email']
if 'mail' in record:
:param record: dictionnary with the user's data.
:returns: a dictionary with the status (Fail= False, Success= True)
and the uid of the newly added user if successful, or the error
- meassage it is not. Dict has keys bool and message in case of
+ message it is not. Dict has keys bool and message in case of
failure, and bool uid in case of success.
:rtype: dict
parent_hrn = None
peer_authority = None
- if 'hrn' in record:
+ # If the user is coming from External authority (e.g. OneLab)
+ # Then hrn is None, it should be filled in by the creation of Ldap User
+ # XXX LOIC !!! What if a user email is in 2 authorities?
+ if 'hrn' in record and record['hrn'] is not None:
hrn = record['hrn']
parent_hrn = get_authority(hrn)
if parent_hrn != self.authname:
else:
hrn = None
- results = {
- 'type': 'user',
- 'pkey': ldapentry['sshPublicKey'],
- #'uid': ldapentry[1]['uid'][0],
- 'uid': tmpname,
- 'email': tmpemail,
- #'email': ldapentry[1]['mail'][0],
- 'first_name': ldapentry['givenName'][0],
- 'last_name': ldapentry['sn'][0],
- #'phone': 'none',
- 'serial': 'none',
- 'authority': parent_hrn,
- 'peer_authority': peer_authority,
- 'pointer': -1,
- 'hrn': hrn,
- }
+ if hrn is None:
+ results = {
+ 'type': 'user',
+ 'pkey': ldapentry['sshPublicKey'],
+ #'uid': ldapentry[1]['uid'][0],
+ 'uid': tmpname,
+ 'email': tmpemail,
+ #'email': ldapentry[1]['mail'][0],
+ 'first_name': ldapentry['givenName'][0],
+ 'last_name': ldapentry['sn'][0],
+ #'phone': 'none',
+ 'serial': 'none',
+ 'authority': parent_hrn,
+ 'peer_authority': peer_authority,
+ 'pointer': -1,
+ }
+ else:
+ #hrn = None
+ results = {
+ 'type': 'user',
+ 'pkey': ldapentry['sshPublicKey'],
+ #'uid': ldapentry[1]['uid'][0],
+ 'uid': tmpname,
+ 'email': tmpemail,
+ #'email': ldapentry[1]['mail'][0],
+ 'first_name': ldapentry['givenName'][0],
+ 'last_name': ldapentry['sn'][0],
+ #'phone': 'none',
+ 'serial': 'none',
+ 'authority': parent_hrn,
+ 'peer_authority': peer_authority,
+ 'pointer': -1,
+ 'hrn': hrn,
+ }
return results
def LdapFindUser(self, record=None, is_user_enabled=None,
return None
#Asked for a specific user
if record is not None:
+ logger.debug("LOIC - record = %s" % record)
results = self._process_ldap_info_for_one_user(record, result_data)
else:
#Asked for all users in ldap
results = self._process_ldap_info_for_all_users(result_data)
- return results
\ No newline at end of file
+ return results
git://git.onelab.eu / sfa.git / blobdiff