flaschengeist/geruecht/controller/ldapController.py

133 lines
5.4 KiB
Python
Raw Normal View History

import ldap
from geruecht.model import MONEY, USER, GASTRO, BAR
from geruecht.exceptions import PermissionDenied
from . import Singleton
class LDAPController(metaclass=Singleton):
'''
Authentification over LDAP. Create Account on-the-fly
'''
def __init__(self, url="ldap://192.168.5.108", dn='dc=ldap,dc=example,dc=local'):
self.url = url
self.dn = dn
self.connect()
def connect(self):
try:
self.client = ldap.initialize(self.url, bytes_mode=False)
except Exception as err:
raise err
def login(self, username, password):
self.connect()
try:
cn = self.client.search_s("ou=user,{}".format(self.dn), ldap.SCOPE_SUBTREE, 'uid={}'.format(username),['cn'])[0][1]['cn'][0].decode('utf-8')
self.client.bind_s("cn={},ou=user,{}".format(cn, self.dn), password)
self.client.unbind_s()
except:
self.client.unbind_s()
raise PermissionDenied("Invalid Password or Username")
def getUserData(self, username):
try:
self.connect()
search_data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'uid={}'.format(username), ['uid', 'givenName', 'sn', 'mail'])
retVal = search_data[0][1]
for k,v in retVal.items():
retVal[k] = v[0].decode('utf-8')
retVal['dn'] = self.dn
retVal['firstname'] = retVal['givenName']
retVal['lastname'] = retVal['sn']
return retVal
except:
raise PermissionDenied("No User exists with this uid.")
def getGroup(self, username):
2019-12-22 21:27:39 +00:00
retVal = []
self.connect()
main_group_data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'uid={}'.format(username), ['gidNumber'])
2019-12-22 21:27:39 +00:00
if main_group_data:
main_group_number = main_group_data[0][1]['gidNumber'][0].decode('utf-8')
group_data = self.client.search_s('ou=group,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'gidNumber={}'.format(main_group_number), ['cn'])
if group_data:
group_name = group_data[0][1]['cn'][0].decode('utf-8')
if group_name == 'ldap-user':
retVal.append(USER)
groups_data = self.client.search_s('ou=group,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'memberUID={}'.format(username), ['cn'])
2019-12-22 21:27:39 +00:00
for data in groups_data:
print(data[1]['cn'][0].decode('utf-8'))
group_name = data[1]['cn'][0].decode('utf-8')
if group_name == 'finanzer':
retVal.append(MONEY)
elif group_name == 'gastro':
retVal.append(GASTRO)
elif group_name == 'bar':
retVal.append(BAR)
return retVal
2019-12-22 22:09:18 +00:00
def __isUserInList(self, list, username):
help_list = []
for user in list:
help_list.append(user['username'])
2019-12-22 22:09:18 +00:00
if username in help_list:
return True
return False
def getAllUser(self):
self.connect()
retVal = []
data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, attrlist=['uid', 'givenName', 'sn', 'mail'])
for user in data:
if 'uid' in user[1]:
username = user[1]['uid'][0].decode('utf-8')
firstname = user[1]['givenName'][0].decode('utf-8')
lastname = user[1]['sn'][0].decode('utf-8')
retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname})
return retVal
2019-12-22 22:09:18 +00:00
def searchUser(self, searchString):
self.connect()
name = searchString.split(" ")
for i in range(len(name)):
name[i] = "*"+name[i]+"*"
print(name)
2019-12-22 22:09:18 +00:00
name_result = []
if len(name) == 1:
if name[0] == "**":
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE,
attrlist=['uid', 'givenName', 'sn']))
else:
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'givenName={}'.format(name[0]), ['uid', 'givenName', 'sn', 'mail']))
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[0]),['uid', 'givenName', 'sn'], 'mail'))
2019-12-22 22:09:18 +00:00
else:
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE,
'givenName={}'.format(name[1]), ['uid', 'givenName', 'sn']))
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[1]),
['uid', 'givenName', 'sn', 'mail']))
2019-12-22 22:09:18 +00:00
retVal = []
for names in name_result:
for user in names:
if 'uid' in user[1]:
username = user[1]['uid'][0].decode('utf-8')
if not self.__isUserInList(retVal, username):
firstname = user[1]['givenName'][0].decode('utf-8')
lastname = user[1]['sn'][0].decode('utf-8')
retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname})
2019-12-22 22:09:18 +00:00
return retVal
if __name__ == '__main__':
a = LDAPController()
a.getUserData('jhille')