entrouvert
/
veridic
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
This repository has been archived on 2023-02-21. You can view files and clone it, but cannot push or open issues or pull requests.
veridic/acs/attribute_aggregator/ldap_sources.py

133 lines
5.1 KiB
Python
Raw Blame History

'''
VERIDIC - Towards a centralized access control system
Copyright (C) 2011 Mikael Ates
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
'''
import logging
import ldap
from attribute_aggregator.core import get_user_alias_in_source, \
get_attribute_name_in_namespace
logger = logging.getLogger('acs')
def get_all_attributes(user, definitions=None, **kwargs):
'''
Dictionnary format:
attributes = dict()
data_from_source = list()
a1 = dict()
a1['definition'] = definition_name
a1['name'] = attribute_name_in_ns
a1['namespace'] = ns_name
a1['values'] = list_of_values
data_from_source.append(a1)
...
data_from_source.append(a2)
attributes[source_name] = data_from_source
First attempt on 'definition' key.
Else, definition is searched by 'name' and 'namespece' keys.
'''
if not user:
logger.error('get_all_attributes: No user provided')
return None
logger.debug('get_all_attributes: Searching attributes for user %s' % user)
from attribute_aggregator.models import LdapSource
sources = LdapSource.objects.all()
if not sources:
logger.debug('get_all_attributes: No LDAP source configured')
return None
attributes = {}
for source in sources:
logger.debug('get_all_attributes: The LDAP source is known as %s' \
% source.name)
identifier = get_user_alias_in_source(user, source)
if not identifier:
logger.error('get_all_attributes: No user identifier known into that \
source')
else:
logger.debug('get_all_attributes: the user is known as %s in source %s' \
% (identifier, source.name))
try:
l = ldap.open(source.server)
l.protocol_version = ldap.VERSION3
username = source.user
password = source.password
if username and password:
l.simple_bind(username, password)
except ldap.LDAPError, err:
logger.error('get_all_attributes: an error occured at binding due \
to %s' % err)
else:
base_dn = source.base
search_scope = ldap.SCOPE_SUBTREE
retrieve_attributes = None
if definitions:
retrieve_attributes = [\
get_attribute_name_in_namespace(definition,
'X500') for definition in definitions]
dn = ldap.dn.explode_dn(identifier,
flags=ldap.DN_FORMAT_LDAPV3)
search_filter = dn[0]
logger.debug('get_all_attributes: rdn is %s' % search_filter)
data = []
try:
ldap_result_id = l.search(base_dn, search_scope,
search_filter, retrieve_attributes)
result_type, result_data = l.result(ldap_result_id, 0)
logger.debug('get_all_attributes: result %s %s' % (result_type,
result_data))
for d, dic in result_data:
logger.debug('get_all_attributes: found %s' % d)
if d == identifier:
logger.debug('get_all_attributes: Attributes are %s' \
% dic)
for key in dic.keys():
attr = {}
attr['name'] = key
attr['values'] = [\
a.decode('utf-8'). \
encode('ascii', 'ignore') \
for a in dic[key]]
attr['namespace'] = 'X500'
data.append(attr)
except ldap.LDAPError, err:
logger.error('get_all_attributes: an error occured at searching \
due to %s' % err)
else:
if not data:
logger.error('get_all_attributes: no attribute found')
else:
attributes[source.name] = data
logger.debug('get_all_attributes: the attributes returned are %s' % attributes)
return attributes
def get_listed_attributes(user, definitions, **kwargs):
return get_all_attributes(user, definitions=definitions, **kwargs)
View Git Blame Copy Permalink