X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fsenslab%2FLDAPapi.py;h=55e3c0f5efec3568ea730f888e107e84d1342d1c;hb=759d9dc7edbc97a15483000534610e0e44fc1f5d;hp=26b8167188da8c404765d008dd59154d6270db22;hpb=bcddcccb27539888e5ff85da4601c3eeadcfcf4f;p=sfa.git diff --git a/sfa/senslab/LDAPapi.py b/sfa/senslab/LDAPapi.py index 26b81671..55e3c0f5 100644 --- a/sfa/senslab/LDAPapi.py +++ b/sfa/senslab/LDAPapi.py @@ -4,7 +4,7 @@ from sfa.util.xrn import get_authority import ldap from sfa.util.config import Config from sfa.trust.hierarchy import Hierarchy -#from sfa.trust.certificate import * + import ldap.modlist as modlist from sfa.util.sfalogging import logger import os.path @@ -14,6 +14,7 @@ import os.path class LdapConfig(): def __init__(self, config_file = '/etc/sfa/ldap_config.py'): + try: execfile(config_file, self.__dict__) @@ -126,16 +127,44 @@ class LDAPapi : Record contains first name and last name. """ - #Remove all special characters from first_name/last name - lower_first_name = record['first_name'].replace('-','')\ - .replace('_','').replace('[','')\ - .replace(']','').replace(' ','')\ - .lower() - lower_last_name = record['last_name'].replace('-','')\ - .replace('_','').replace('[','')\ - .replace(']','').replace(' ','')\ - .lower() - length_last_name = len(lower_last_name) + if 'first_name' in record and 'last_name' in record: + #Remove all special characters from first_name/last name + lower_first_name = record['first_name'].replace('-','')\ + .replace('_','').replace('[','')\ + .replace(']','').replace(' ','')\ + .lower() + lower_last_name = record['last_name'].replace('-','')\ + .replace('_','').replace('[','')\ + .replace(']','').replace(' ','')\ + .lower() + + + #No first name and last name + #check email + else: + #For compatibility with other ldap func + if 'mail' in record and 'email' not in record: + record['email'] = record['mail'] + email = record['email'] + email = email.split('@')[0].lower() + lower_first_name = None + lower_last_name = None + #Assume there is first name and last name in email + #if there is a separator + separator_list = ['.','_','-'] + for sep in separator_list: + if sep in email: + mail = email.split(sep) + lower_first_name = mail[0] + lower_last_name = mail[1] + break + #Otherwise just take the part before the @ as the + #lower_first_name and lower_last_name + if lower_first_name is None: + lower_first_name = email + lower_last_name = email + + length_last_name = len(lower_last_name) login_max_length = 8 #Try generating a unique login based on first name and last name @@ -216,7 +245,7 @@ class LDAPapi : """ #Keep consistency with Java Senslab's LDAP API #RFC2307SSHAPasswordEncryptor so set the salt size to 8 bytres - return lssha.encrypt(password,salt_size = 8) + return lssha.encrypt(password, salt_size = 8) @@ -280,17 +309,7 @@ class LDAPapi : #Plus, the SFA user may already have an account with senslab #using another login. - #if 'hrn' in record : - #splited_hrn = record['hrn'].split(".") - #if splited_hrn[0] != self.authname : - #logger.warning(" \r\n LDAP.PY \ - #make_ldap_filters_from_record I know nothing \ - #about %s my authname is %s not %s" \ - #%(record['hrn'], self.authname, splited_hrn[0]) ) - - #login=splited_hrn[1] - #req_ldapdict['uid'] = login - + logger.debug("\r\n \t LDAP.PY make_ldap_filters_from_record \ record %s req_ldapdict %s" \ @@ -318,13 +337,22 @@ class LDAPapi : "organizationalPerson", "posixAccount", \ "shadowAccount", "systemQuotas", \ "ldapPublicKey"] - - attrs['givenName'] = str(record['first_name']).lower().capitalize() - attrs['sn'] = str(record['last_name']).lower().capitalize() - attrs['cn'] = attrs['givenName'] + ' ' + attrs['sn'] - attrs['gecos'] = attrs['givenName'] + ' ' + attrs['sn'] + + attrs['uid'] = self.generate_login(record) - + try: + attrs['givenName'] = str(record['first_name']).lower().capitalize() + attrs['sn'] = str(record['last_name']).lower().capitalize() + attrs['cn'] = attrs['givenName'] + ' ' + attrs['sn'] + attrs['gecos'] = attrs['givenName'] + ' ' + attrs['sn'] + + except: + attrs['givenName'] = attrs['uid'] + attrs['sn'] = attrs['uid'] + attrs['cn'] = attrs['uid'] + attrs['gecos'] = attrs['uid'] + + attrs['quota'] = self.ldapUserQuotaNFS attrs['homeDirectory'] = self.ldapUserHomePath + attrs['uid'] attrs['loginShell'] = self.ldapShell @@ -344,7 +372,7 @@ class LDAPapi : #If the user wants to set his own password , he must go to the Senslab #website. password = self.generate_password() - attrs['userPassword']= self.encrypt_password(password) + attrs['userPassword'] = self.encrypt_password(password) #Account automatically validated (no mail request to admins) #Set to 0 to disable the account, -1 to enable it, @@ -364,7 +392,7 @@ class LDAPapi : def LdapAddUser(self, record) : """Add SFA user to LDAP if it is not in LDAP yet. """ - + logger.debug(" \r\n \t LDAP LdapAddUser \r\n\r\n =====================================================\r\n ") user_ldap_attrs = self.make_ldap_attributes_from_record(record) @@ -404,7 +432,7 @@ class LDAPapi : return {'bool' : False, 'message' : error } self.conn.close() - return {'bool': True} + return {'bool': True, 'uid':user_ldap_attrs['uid']} else: return result @@ -630,9 +658,15 @@ class LDAPapi : hrn = record['hrn'] parent_hrn = get_authority(hrn) peer_authority = None - if parent_hrn is not self.authname: + if parent_hrn != self.authname: peer_authority = parent_hrn - + + #In case the user was not imported from Senslab LDAP + #but from another federated site, has an account in + #senslab but currently using his hrn from federated site + #then the login is different from the one found in its hrn + if tmpname != hrn.split('.')[1]: + hrn = None results = { 'type': 'user', 'pkey': ldapentry['sshPublicKey'][0],