from geruecht import ldap from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_MD5 from ldap3.utils.hashed import hashed from geruecht.model import MONEY, USER, GASTRO, BAR from geruecht.exceptions import PermissionDenied from . import Singleton from geruecht.exceptions import UsernameExistLDAP, LDAPExcetpion import traceback class LDAPController(metaclass=Singleton): ''' Authentification over LDAP. Create Account on-the-fly ''' def __init__(self, dn='dc=ldap,dc=example,dc=local'): self.dn = dn self.ldap = ldap def login(self, username, password): try: retVal = self.ldap.authenticate(username, password, 'uid', self.dn) if not retVal: raise PermissionDenied("Invalid Password or Username") except Exception as err: traceback.print_exception(err) raise PermissionDenied("Wrong username or password.") def bind(self, user, password): ldap_conn = self.ldap.connect(user.dn, password) return ldap_conn def getUserData(self, username): try: self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid={})'.format(username), SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail']) user = self.ldap.connection.response[0]['attributes'] retVal = { 'dn': self.ldap.connection.response[0]['dn'], 'firstname': user['givenName'][0], 'lastname': user['sn'][0], 'uid': username, } if user['mail']: retVal['mail'] = user['mail'][0] return retVal except: raise PermissionDenied("No User exists with this uid.") def getGroup(self, username): try: retVal = [] self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid={})'.format(username), SUBTREE, attributes=['gidNumber']) response = self.ldap.connection.response main_group_number = self.ldap.connection.response[0]['attributes']['gidNumber'] if main_group_number: group_data = self.ldap.connection.search('ou=group,{}'.format(self.dn), '(gidNumber={})'.format(main_group_number), attributes=['cn']) group_name = self.ldap.connection.response[0]['attributes']['cn'][0] if group_name == 'ldap-user': retVal.append(USER) self.ldap.connection.search('ou=group,{}'.format(self.dn), '(memberUID={})'.format(username), SUBTREE, attributes=['cn']) groups_data = self.ldap.connection.response for data in groups_data: group_name = data['attributes']['cn'][0] if group_name == 'finanzer': retVal.append(MONEY) elif group_name == 'gastro': retVal.append(GASTRO) elif group_name == 'bar': retVal.append(BAR) return retVal except Exception as err: traceback.print_exc() def __isUserInList(self, list, username): help_list = [] for user in list: help_list.append(user['username']) if username in help_list: return True return False def getAllUser(self): retVal = [] self.ldap.connection.search() self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid=*)', SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail']) data = self.ldap.connection.response for user in data: if 'uid' in user['attributes']: username = user['attributes']['uid'][0] firstname = user['attributes']['givenName'][0] lastname = user['attributes']['sn'][0] retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname}) return retVal def searchUser(self, searchString): name = searchString.split(" ") for i in range(len(name)): name[i] = "*"+name[i]+"*" print(name) name_result = [] if len(name) == 1: if name[0] == "**": self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid=*)', SUBTREE, attributes=['uid', 'givenName', 'sn']) name_result.append(self.ldap.connection.response) else: self.ldap.connection.search('ou=user,{}'.format(self.dn), '(givenName={})'.format(name[0]), SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail']) name_result.append(self.ldap.connection.response) self.ldap.connection.search('ou=user,{}'.format(self.dn), '(sn={})'.format(name[0]), SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail']) name_result.append(self.ldap.connection.response) else: self.ldap.connection.search('ou=user,{}'.format(self.dn), '(givenName={})'.format(name[1]), SUBTREE, attributes=['uid', 'givenName', 'sn']) name_result.append(self.ldap.connection.response) self.ldap.connection.search('ou=user,{}'.format(self.dn), '(sn={})'.format(name[1]), SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail']) name_result.append(self.ldap.connection.response) retVal = [] for names in name_result: for user in names: if 'uid' in user['attributes']: username = user['attributes']['uid'][0] if not self.__isUserInList(retVal, username): firstname = user['attributes']['givenName'][0] lastname = user['attributes']['sn'][0] retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname}) return retVal def modifyUser(self, user, conn, attributes): try: if 'username' in attributes: conn.search('ou=user,{}'.format(self.dn), '(uid={})'.format(attributes['username'])) if conn.entries: raise UsernameExistLDAP("Username already exists in LDAP") #create modifyer mody = {} if 'username' in attributes: mody['uid'] = [(MODIFY_REPLACE, [attributes['username']])] if 'firstname' in attributes: mody['givenName'] = [(MODIFY_REPLACE, [attributes['firstname']])] if 'lastname' in attributes: mody['sn'] = [(MODIFY_REPLACE, [attributes['lastname']])] if 'mail' in attributes: mody['mail'] = [(MODIFY_REPLACE, [attributes['mail']])] if 'password' in attributes: salted_password = hashed(HASHED_SALTED_MD5, attributes['password']) mody['userPassword'] = [(MODIFY_REPLACE, [salted_password])] conn.modify(user.dn, mody) except Exception as err: traceback.print_exc() raise LDAPExcetpion("Something went wrong in LDAP: {}".format(err)) if __name__ == '__main__': a = LDAPController() a.getUserData('jhille')