From 14fc6b1344b08c98016aa7ef5436dcd29a7f8c51 Mon Sep 17 00:00:00 2001 From: Sandrine Avakian Date: Mon, 14 May 2012 16:09:34 +0200 Subject: [PATCH] Added ldap global search function + check in verify_persons. --- sfa/senslab/LDAPapi.py | 74 ++++++++++++++++++++++++++++++++++++--- sfa/senslab/slabdriver.py | 22 ++++++++---- sfa/senslab/slabslices.py | 9 ++--- 3 files changed, 91 insertions(+), 14 deletions(-) diff --git a/sfa/senslab/LDAPapi.py b/sfa/senslab/LDAPapi.py index 55d86711..caad804e 100644 --- a/sfa/senslab/LDAPapi.py +++ b/sfa/senslab/LDAPapi.py @@ -1,6 +1,6 @@ - +from sfa.util.xrn import Xrn,get_authority, import ldap from sfa.util.config import * from sfa.trust.gid import * @@ -16,6 +16,7 @@ class LDAPapi : self.authname=config.SFA_REGISTRY_ROOT_AUTH authinfo=self.senslabauth.get_auth_info(self.authname) + self.auth=Auth() gid=authinfo.get_gid_object() self.ldapdictlist = ['type', @@ -26,8 +27,73 @@ class LDAPapi : 'peer_authority', 'pointer' , 'hrn'] - - def ldapFind(self, record_filter = None, columns=None): + self.baseDN = "ou=people,dc=senslab,dc=info" + + def ldapSearch (self, record ): + + req_ldapdict = {} + + if 'first_name' in record and 'last_name' in record: + req_ldapdict['cn'] = str(record['first_name'])+" "+str(record['last_name']) + if 'email' in record : + req_ldapdict['mail'] = record['email'] + + for k in req_ldapdict: + req_ldap += '('+str(k)+'='+str(req_ldapdict['k'])+')' + if len(req_ldapdict.keys()) >1 : + req_ldap = req_ldap[:0]+"(&"+req_ldap[0:] + size = len(req_ldap) + req_ldap= req_ldap[:(size-1)] +')'+ req_ldap[(size-1):] + print >>sys.stderr, "\r\n \r\n \t LDAP.PY \t\t ldapSearch req_ldap %s" %(req_ldap) + try: + msg_id=self.ldapserv.search(self.baseDN,ldap.SCOPE_SUBTREE,req_ldap, ['mail','givenName', 'sn', 'uid','sshPublicKey']) + #Get all the results matching the search from ldap in one shot (1 value) + result_type, result_data=self.ldapserv.result(msg_id,1) + results = [] + for ldapentry in result_data[1]: + #print>>sys.stderr, " \r\n \t LDAP : ! mail ldapentry[1]['mail'][0] %s " %(ldapentry[1]['mail'][0]) + + tmpname = ldapentry[1]['uid'][0] + + if ldapentry[1]['uid'][0] == "savakian": + tmpname = 'avakian' + + tmpemail = ldapentry[1]['mail'][0] + if ldapentry[1]['mail'][0] == "unknown": + tmpemail = None + + hrn = record['hrn'] + parent_hrn = get_authority(hrn) + peer_authority = None + if parent_hrn is not self.authname: + peer_authority = parent_hrn + + results.append( { + 'type': 'user', + 'pkey': ldapentry[1]['sshPublicKey'][0], + #'uid': ldapentry[1]['uid'][0], + 'uid': tmpname , + 'email':tmpemail, + #'email': ldapentry[1]['mail'][0], + 'first_name': ldapentry[1]['givenName'][0], + 'last_name': ldapentry[1]['sn'][0], +# 'phone': 'none', + 'serial': 'none', + 'authority': parent_hrn, + 'peer_authority': peer_authority, + 'pointer' : -1, + 'hrn': hrn, + } ) + return results + + + except ldap.LDAPError,e : + print >>sys.stderr, "ERROR LDAP %s" %(e) + + + + def ldapFindHrn(self, record_filter = None): + #def ldapFindHrn(self, record_filter = None, columns=None): results = [] @@ -65,7 +131,7 @@ class LDAPapi : ldapfilter+=")" - rindex=self.ldapserv.search("ou=people,dc=senslab,dc=info",ldap.SCOPE_SUBTREE,ldapfilter, ['mail','givenName', 'sn', 'uid','sshPublicKey']) + rindex=self.ldapserv.search(self.baseDN,ldap.SCOPE_SUBTREE,ldapfilter, ['mail','givenName', 'sn', 'uid','sshPublicKey']) ldapresponse=self.ldapserv.result(rindex,1) for ldapentry in ldapresponse[1]: #print>>sys.stderr, " \r\n \t LDAP : ! mail ldapentry[1]['mail'][0] %s " %(ldapentry[1]['mail'][0]) diff --git a/sfa/senslab/slabdriver.py b/sfa/senslab/slabdriver.py index 30922055..643134dc 100644 --- a/sfa/senslab/slabdriver.py +++ b/sfa/senslab/slabdriver.py @@ -431,7 +431,7 @@ class SlabDriver(Driver): def GetPersons(self, person_filter=None, return_fields=None): - person_list = self.ldap.ldapFind({'authority': self.root_auth }) + person_list = self.ldap.ldapFindHrn({'authority': self.root_auth }) #check = False #if person_filter and isinstance(person_filter, dict): @@ -1014,16 +1014,26 @@ class SlabDriver(Driver): elif str(record['type']) == 'user': #Add the data about slice - print >>sys.stderr, "\r\n \t\t SLABDRIVER.PY fill_record_info USEEEEEEEEEERDESU!" - rec = self.GetSlices(slice_filter = record['record_id'], filter_type = 'record_id_user') + print >>sys.stderr, "\r\n \t\t SLABDRIVER.PY fill_record_info USEEEEEEEEEERDESU! rec %s" %(rec) #Append record in records list, therfore fetches user and slice info again(one more loop) #Will update PIs and researcher for the slice - user_slab = self.GetPersons(recuser.hrn) - print >>sys.stderr, "\r\n \t\t SLABDRIVER.PY fill_record_info user_slab %s !" %(user_slab) + recuser = dbsession.query(RegRecord).filter_by(record_id = rec['record_id_user']).first() + rec.update({'PI':[recuser.hrn], + 'researcher': [recuser.hrn], + 'name':record['hrn'], + 'oar_job_id':rec['oar_job_id'], + 'node_ids': [], + 'person_ids':[rec['record_id_user']]}) + #retourne une liste 100512 + user_slab = self.GetPersons({'hrn':recuser.hrn}) + + print >>sys.stderr, "\r\n \t\t SLABDRIVER.PY fill_record_info user_slab %s ! r ecuser %s " %(user_slab, recuser.hrn) rec.update({'type':'slice','hrn':rec['slice_hrn']}) + record.update(user_slab[0]) records.append(rec) - #print >>sys.stderr, "\r\n \t\t SLABDRIVER.PY fill_record_info ADDING SLIC EINFO rec %s" %(rec) + + print >>sys.stderr, "\r\n \t\t SLABDRIVER.PY fill_record_info ADDING SLICEINFO TO USER records %s" %(records) print >>sys.stderr, "\r\n \t\t SLABDRIVER.PY fill_record_info OKrecords %s" %(records) except TypeError: diff --git a/sfa/senslab/slabslices.py b/sfa/senslab/slabslices.py index 75c1063b..85a5234f 100644 --- a/sfa/senslab/slabslices.py +++ b/sfa/senslab/slabslices.py @@ -459,12 +459,13 @@ class SlabSlices: existing_user_ids.append (users_dict[user['hrn']]['person_id']) #print>>sys.stderr, " \r\n \r\n \t slabslices.py verify_person existing_user_ids.append (users_dict[user['hrn']][k]) %s \r\n existing_users %s " %( existing_user_ids,existing_users) - #User from another federated site , does not have a senslab account yet - #Add them to LDAP + #User from another federated site , does not have a senslab account yet? + #or have multiple SFA accounts + #Check before adding them to LDAP else: - - print>>sys.stderr, " \r\n \r\n \t slabslices.py verify_person HUMHUMHUMHUM ..." + ldap_reslt = self.driver.ldap.ldapSearch(users) + print>>sys.stderr, " \r\n \r\n \t slabslices.py verify_person users HUMHUMHUMHUM ... %s \r\n \t ldap_reslt %s " %(users, ldap_reslt) pass # requested slice users -- 2.47.0