本文整理汇总了Python中mmc.plugins.base.ldapUserGroupControl函数的典型用法代码示例。如果您正苦于以下问题:Python ldapUserGroupControl函数的具体用法?Python ldapUserGroupControl怎么用?Python ldapUserGroupControl使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ldapUserGroupControl函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _create_user
def _create_user(self, username, password, name, surname):
# FIXME ms windows stores strings as UTF-8 while mmc base module waits for ascii
# them so we decode
# username = username.decode('utf-8)')
# name = name.decode('utf-8)').encode('ascii', errors='replace')
# surname = surname.decode('utf-8)').encode('ascii', errors='replace')
logger.debug('calling ldapUserGroupControl().addUser(%s, %s, %s, %s)',
username, password, name, surname)
ldapUserGroupControl().addUser(username, password, name, surname)示例2: _cbProvisioning
def _cbProvisioning(self, auth, authtoken):
"""
Provision the MMC user account with ACLs
"""
if not auth:
self.logger.warning("User authentication with GLPI web interface failed, but going on with provisioning")
profiles = Glpi().getUserProfiles(authtoken.getLogin())
self.logger.debug("User %s GLPI profiles: %s" % (authtoken.getLogin(), str(profiles)))
selected = None
for profile in self.config.profilesOrder:
if profile in profiles:
selected = profile
break
if not selected:
self.logger.info("User GLPI profile can't be applied")
else:
self.logger.debug("Selected GLPI profile is %s" % selected)
try:
acls = self.config.profilesAcl[selected.lower()]
except KeyError:
acls = None
if not acls:
self.logger.info("No ACL to apply for the GLPI profile %s" % selected)
else:
l = ldapUserGroupControl()
self.logger.info("Setting MMC ACL corresponding to GLPI profile %s: %s" % (selected, acls))
uid = authtoken.getLogin()
entry = l.getDetailedUser(uid)
if not "lmcUserObject" in entry["objectClass"]:
entry["objectClass"].append("lmcUserObject")
l.changeUserAttributes(uid, "objectClass", entry["objectClass"])
l.changeUserAttributes(authtoken.getLogin(), "lmcAcl", acls)
return authtoken示例3: getACLOnShare
def getACLOnShare(self, name):
"""
Return a list with all the groups that have rwx access to the share.
@param name: name of the share (last component of the path)
@type name: str
@rtype: tuple
@return: tuple of groups, users that have rwx access to the share.
"""
path = self.getContent(name, "path")
ret = ([], [])
ldapobj = ldapUserGroupControl()
acl1 = posix1e.ACL(file=path)
for e in acl1:
if e.permset.write:
if e.tag_type == posix1e.ACL_GROUP:
res = ldapobj.getDetailedGroupById(str(e.qualifier))
if res:
ret[0].append(res['cn'][0])
else:
ret[0].append(grp.getgrgid(e.qualifier).gr_name)
if e.tag_type == posix1e.ACL_USER:
res = ldapobj.getDetailedUserById(str(e.qualifier))
if res:
ret[1].append(res['uid'][0])
else:
ret[1].append(pwd.getpwuid(e.qualifier).pw_name)
return ret示例4: setUp
def setUp(self):
cleanLdap()
self.l = ldapUserGroupControl("tests-mds/basetest.ini")
self.l.addGroup("grouptestA")
self.l.addGroup("grouptestB")
os.system("cp contrib/samba/smb.conf /etc/samba/smb.conf")
self.s = smbConf(conffile="tests-mds/sambatest.ini", conffilebase="tests-mds/basetest.ini")
os.system("rm -fr %s" % self.s.defaultSharesPath)示例5: doProvisioning
def doProvisioning(self, authtoken):
from mmc.plugins.base import ldapUserGroupControl
self.logger.debug(str(authtoken.getInfos()))
l = ldapUserGroupControl()
userentry = authtoken.getInfos()[1]
uid = userentry[self.config.ldap_uid][0]
if l.existUser(uid):
self.logger.debug("User %s already exists, so this user won't be added" % uid)
else:
givenName = userentry[self.config.ldap_givenName][0].decode("utf-8")
sn = userentry[self.config.ldap_sn][0].decode("utf-8")
l.addUser(uid, authtoken.getPassword(), givenName, sn)
if self.config.profileAttr and self.config.profilesAcl:
# Set or update the user right
try:
profile = userentry[self.config.profileAttr][0].lower()
except KeyError:
self.logger.info("No profile information for user %s in attribute %s" % (uid, self.config.profileAttr))
profile = ""
profile = profile.strip()
try:
acls = self.config.profilesAcl[profile]
except KeyError:
self.logger.info("No ACL defined in configuration file for profile '%s'" % profile)
self.logger.info("Setting ACL to empty")
acls = None
if profile and acls:
self.logger.info("Setting MMC ACL corresponding to user profile %s: %s" % (profile, str(acls)))
entry = l.getDetailedUser(uid)
if not "lmcUserObject" in entry["objectClass"]:
entry["objectClass"].append("lmcUserObject")
l.changeUserAttributes(uid, "objectClass", entry["objectClass"])
l.changeUserAttributes(uid, "lmcAcl", acls)
if self.config.profileGroupMapping:
# Set user group membership according to mapping
for prof in self.config.profilesAcl:
groupname = self.config.profileGroupPrefix + prof
if prof != profile:
# Delete the user from a group not belonging to her/his
# profile
try:
l.delUserFromGroup(groupname, uid)
self.logger.debug('Deleting user %s from group %s' % (uid, groupname))
except ldap.NO_SUCH_OBJECT:
# The group does not exist
pass
else:
# Add the user to this group
try:
l.addGroup(groupname)
except ldap.ALREADY_EXISTS:
# This group already exists
pass
self.logger.debug('Adding user %s to group %s' % (uid, groupname))
l.addUserToGroup(groupname, uid)示例6: activate
def activate():
ldapObj = ldapUserGroupControl()
logger = logging.getLogger()
config = MailConfig("mail")
if config.disabled:
logger.warning("Plugin mail: disabled by configuration.")
return False
mailSchema = {
"mailAccount" : ["mail", "mailalias", "maildrop", "mailenable", "mailbox", "mailuserquota", "mailhost", "mailproxy"],
"mailGroup" : ["mail"],
"mailDomain" : ["virtualdomain", "virtualdomaindescription", "mailuserquota"],
}
# Additional LDAP classes/attributes to check for ZARAFA support
if config.zarafa:
mailSchema['zarafa-user'] = ['zarafaAdmin', 'zarafaSharedStoreOnly',
'zarafaAccount', 'zarafaSendAsPrivilege',
'zarafaHidden']
mailSchema['zarafa-group'] = []
# Additional LDAP classes for virtual aliases
if config.vAliasesSupport:
mailSchema['mailAlias'] = ['mailaliasmember']
for objectClass in mailSchema:
schema = ldapObj.getSchema(objectClass)
if not len(schema):
logger.error("LDAP mail schema is not up to date: %s objectClass is not included in LDAP directory" % objectClass)
return False
for attribute in mailSchema[objectClass]:
if not attribute in schema:
logger.error("LDAP mail schema is not up to date: %s attribute is not included in LDAP directory" % attribute)
return False
if config.vAliasesSupport:
# Create required OU
head, path = config.vAliasesDN.split(",", 1)
ouName = head.split("=")[1]
ldapObj.addOu(ouName, path)
if config.vDomainSupport:
# Create required OU
head, path = config.vDomainDN.split(",", 1)
ouName = head.split("=")[1]
ldapObj.addOu(ouName, path)
return True示例7: activate
def activate():
ldapObj = ldapUserGroupControl()
logger = logging.getLogger()
config = UserSshKeyConfig("sshlpk")
if config.disabled:
logger.warning("Plugin sshlpk: disabled by configuration.")
return False
sshkeySchema = ['posixAccount', 'ldapPublicKey']
for objectClass in sshkeySchema:
schema = ldapObj.getSchema(objectClass)
if not len(schema):
logger.error("OpenSSH LDAP public key schema is not available: %s objectClass is not included in LDAP directory" % objectClass);
return False
return True示例8: getACLOnShare
def getACLOnShare(self, name):
"""
Return a list with all the groups that have rwx access to the share.
@param name: name of the share (last component of the path)
@type name: str
@rtype: dict
@return: dict of permissions: [list of users/groups]
"""
ldapobj = ldapUserGroupControl(self.conffilebase)
path = self.getContent(name, "path")
public = self.getContent(name, "public")
perms = {'rx': [], 'rwx': []}
if path is False:
return perms
if public == "yes":
return {'rwx': ['@all']}
acls = posix1e.ACL(file=path)
for e in acls:
permset = zip(['r', 'w', 'x'], [e.permset.read, e.permset.write, e.permset.execute])
perm = ''.join([r for r, b in permset if b is True])
entity = ""
if e.tag_type == posix1e.ACL_GROUP:
res = ldapobj.getDetailedGroupById(str(e.qualifier))
if res:
entity = '@' + res['cn'][0]
else:
entity = '@' + grp.getgrgid(e.qualifier).gr_name
if e.tag_type == posix1e.ACL_USER:
res = ldapobj.getDetailedUserById(str(e.qualifier))
if res:
entity = res['uid'][0]
else:
entity = pwd.getpwuid(e.qualifier).pw_name
if perm not in perms and entity:
perms[perm] = [entity]
elif entity:
perms[perm].append(entity)
return perms示例9: cleanLdap
def cleanLdap():
# Wipe out /home
os.system("rm -fr /home/*")
# Wipe out LDAP
os.system("/etc/init.d/slapd stop")
os.system("killall -9 slapd")
os.system("rm -f /var/lib/ldap/*")
os.system("rm -fr /var/backups/*.ldapdb")
os.system("cp contrib/ldap/*.schema /etc/ldap/schema")
os.system("echo slapd slapd/password1 string secret | debconf-set-selections")
os.system("echo slapd slapd/password2 string secret | debconf-set-selections")
os.system("dpkg-reconfigure -pcritical slapd")
os.system("cp contrib/ldap/slapd.conf /etc/ldap")
os.system("/etc/init.d/slapd restart")
time.sleep(5)
# Create Base OU
l = ldapUserGroupControl("tests-mds/basetest.ini")
l.addOu("Groups", "dc=mandriva,dc=com")
l.addOu("Users", "dc=mandriva,dc=com")示例10: activate
def activate():
ldapObj = ldapUserGroupControl()
logger = logging.getLogger()
config = RadiusConfig("radius")
if config.disabled:
logger.warning("Plugin radius: disabled by configuration.")
return False
radiusSchema = ['posixAccount', 'radiusprofile']
for objectClass in radiusSchema:
schema = ldapObj.getSchema(objectClass)
if not len(schema):
logger.error("Radius schema is not available: %s objectClass is \
not included in LDAP directory" % objectClass)
return False
return True示例11: activate
def activate():
ldapObj = ldapUserGroupControl()
config = PPolicyConfig("ppolicy")
if config.disabled:
logger.warning("Plugin ppolicy: disabled by configuration.")
return False
ppolicySchema = ['pwdPolicy', 'device']
for objectClass in ppolicySchema:
schema = ldapObj.getSchema(objectClass)
if not len(schema):
logger.error("LDAP Password Policy schema is not included in LDAP directory: %s objectClass is not available" % objectClass)
return False
# Register default password policy into the LDAP if it does not exist
PPolicy().addPPolicy()
return True示例12: activate
def activate():
config = UserQuotaConfig("userquota")
if config.disabled:
logger.warning("Plugin userquota: disabled by configuration.")
return False
try:
ldapObj = ldapUserGroupControl()
except ldap.INVALID_CREDENTIALS:
logger.error("Can't bind to LDAP: invalid credentials.")
return False
# Test if the quota LDAP schema is available in the directory
try:
schema = ldapObj.getSchema("systemQuotas")
if len(schema) <= 0:
logger.error("Quota schema is not included in LDAP directory");
return False
except:
logger.exception("Invalid schema")
return False
# Check local file systems
if config.runquotascript == "/bin/sh":
for device in getDevicemap():
dev, blocksize, name = device.split(':')
if not os.path.exists(dev):
logger.error("%s does not exists");
return False
code, out, err = mmctools.shlaunch("quotaon -aup | grep '%s) is on'" % dev)
if code != 0 or not len(out) == 1:
logger.error("User quotas are not enabled on %s" % dev);
return False
return True示例13: setUp
def setUp(self):
cleanLdap()
self.l = ldapUserGroupControl("tests-mds/basetest.ini")
self.l.addGroup("allusers")
self.u = UserQuotaControl(conffile = "tests-mds/userquotatest.ini", conffilebase = "tests-mds/basetest.ini")示例14: _create_group
def _create_group(self, name, description=None):
logger.debug('calling ldapUserGroupControl().addGroup(%s)', name)
ldapUserGroupControl().addGroup(name)示例15: activate
def activate():
"""
this function define if the module "base" can be activated.
@return: return True if this module can be activate
@rtype: boolean
"""
config = SambaConfig("samba")
if config.disabled:
logger.info("samba plugin disabled by configuration.")
return False
if config.defaultSharesPath:
if config.defaultSharesPath.endswith("/"):
logger.error("Trailing / is not allowed in defaultSharesPath")
return False
if not os.path.exists(config.defaultSharesPath):
logger.error("The default shares path '%s' does not exist" % config.defaultSharesPath)
return False
for cpath in config.authorizedSharePaths:
if cpath.endswith("/"):
logger.error("Trailing / is not allowed in authorizedSharePaths")
return False
if not os.path.exists(cpath):
logger.error("The authorized share path '%s' does not exist" % cpath)
return False
# Verify if samba conf file exist
conf = config.samba_conf_file
if not os.path.exists(conf):
logger.error(conf + " does not exist")
return False
# validate smb.conf
smbconf = SambaConf()
if not smbconf.validate(conf):
logger.error("SAMBA configuration file is not valid")
return False
# For each share, test if it sharePath exists
for share in getDetailedShares():
shareName = share[0]
infos = shareInfo(shareName)
if infos:
sharePath = infos["sharePath"]
if sharePath and not "%" in sharePath and not os.path.exists(sharePath):
# only show error
logger.error("The samba share path '%s' does not exist." % sharePath)
else:
return False
try:
ldapObj = ldapUserGroupControl()
except ldap.INVALID_CREDENTIALS:
logger.error("Can't bind to LDAP: invalid credentials.")
return False
# Test if the Samba LDAP schema is available in the directory
try:
schema = ldapObj.getSchema("sambaSamAccount")
if len(schema) <= 0:
logger.error("Samba schema is not included in LDAP directory")
return False
except:
logger.exception("invalid schema")
return False
# Verify if init script exist
init = config.samba_init_script
if not os.path.exists(init):
logger.error(init + " does not exist")
return False
# If SAMBA is defined as a PDC, make extra checks
if smbconf.isPdc():
samba = SambaLDAP()
# Create SAMBA computers account OU if it doesn't exist
head, path = samba.baseComputersDN.split(",", 1)
ouName = head.split("=")[1]
samba.addOu(ouName, path)
# Check that a sambaDomainName entry is in LDAP directory
domainInfos = samba.getDomain()
# Set domain policy
samba.setDomainPolicy()
if not domainInfos:
logger.error(
"Can't find sambaDomainName entry in LDAP for domain %s. Please check your SAMBA LDAP configuration."
% smbconf.getContent("global", "workgroup")
)
return False
smbconfbasesuffix = smbconf.getContent("global", "ldap suffix")
if not smbconfbasesuffix:
logger.error("SAMBA 'ldap suffix' option is not setted.")
return False
if ldap.explode_dn(samba.baseDN) != ldap.explode_dn(smbconfbasesuffix):
logger.error("SAMBA 'ldap suffix' option is not equal to MMC 'baseDN' option.")
return False
# Check that SAMBA and MMC given OU are in sync
for option in [
#.........这里部分代码省略.........