Back to index

plone3  3.1.7
Functions | Variables
GroupUserFolder.LDAPUserFolderAdapter Namespace Reference

Functions

def _doAddUser
def _doDelUsers
def _find_user_dn
def _mangleRoles
def _doChangeUser
def manage_editGroupRoles

Variables

string __version__ = "$Revision: $"
 GroupUserFolder Copyright (C)2006 Ingeniweb.
string __docformat__ = 'restructuredtext'
tuple MANDATORY_ATTRIBUTES = ("sn", "cn", )
tuple all_groups = self.getGroups(attr='dn')
 Log(LOG_DEBUG, "assigning", role_dns, "to", user_dn)
tuple cur_groups = self.getGroups(dn=user_dn, attr='dn')
list group_dns = []
tuple member_attr = GROUP_MEMBER_MAP.get(self.getGroupType(group))
 action = DELETE
tuple msg
tuple manage_editGroupRoles = postonly(manage_editGroupRoles)
 Log(LOG_DEBUG, "group", group, "subgroup", user_dn, "result", msg)

Function Documentation

def GroupUserFolder.LDAPUserFolderAdapter._doAddUser (   self,
  name,
  password,
  roles,
  domains,
  kw 
) [private]
Special user adding method for use with LDAPUserFolder.
This will ensure parameters are correct for LDAP management

Definition at line 38 of file LDAPUserFolderAdapter.py.

00038 
00039 def _doAddUser(self, name, password, roles, domains, **kw):
00040     """
00041     Special user adding method for use with LDAPUserFolder.
00042     This will ensure parameters are correct for LDAP management
00043     """
00044     kwargs = {}               # We will pass this dict
00045     attrs = {}
00046 
00047     # Get gruf_ldap_required_fields result and fill in mandatory stuff
00048     if hasattr(self, "gruf_ldap_required_fields"):
00049         attrs = self.gruf_ldap_required_fields(login = name)
00050     else:
00051         for attr in MANDATORY_ATTRIBUTES:
00052             attrs[attr] = name
00053     kwargs.update(attrs)
00054 
00055     # We assume that name is rdn attribute
00056     rdn_attr = self._rdnattr
00057     kwargs[rdn_attr] = name
00058 
00059     # Manage password(s)
00060     kwargs['user_pw'] = password
00061     kwargs['confirm_pw'] = password
00062 
00063     # Mangle roles
00064     kwargs['user_roles'] = self._mangleRoles(name, roles)
00065 
00066     # Delegate to LDAPUF default method
00067     msg = self.manage_addUser(kwargs = kwargs)
00068     if msg:
00069         raise RuntimeError, msg
00070 

def GroupUserFolder.LDAPUserFolderAdapter._doChangeUser (   self,
  name,
  password,
  roles,
  domains,
  kw 
) [private]
Update a user

Definition at line 148 of file LDAPUserFolderAdapter.py.

00148 
00149 def _doChangeUser(self, name, password, roles, domains, **kw):
00150     """
00151     Update a user
00152     """
00153     # Find the dn at first
00154     dn = self._find_user_dn(name)
00155     
00156     # Change password
00157     if password is not None:
00158         if password == '':
00159             raise ValueError, "Password must not be empty for LDAP users."
00160         self.manage_editUserPassword(dn, password)
00161         
00162     # Perform role change
00163     self.manage_editUserRoles(dn, self._mangleRoles(name, roles))
00164 
00165     # (No domain management with LDAP.)
00166 
    
def GroupUserFolder.LDAPUserFolderAdapter._doDelUsers (   self,
  names 
) [private]
Remove a bunch of users from LDAP.
We have to call manage_deleteUsers but, before, we need to find their dn.

Definition at line 71 of file LDAPUserFolderAdapter.py.

00071 
00072 def _doDelUsers(self, names):
00073     """
00074     Remove a bunch of users from LDAP.
00075     We have to call manage_deleteUsers but, before, we need to find their dn.
00076     """
00077     dns = []
00078     for name in names:
00079         dns.append(self._find_user_dn(name))
00080 
00081     self.manage_deleteUsers(dns)
00082 

def GroupUserFolder.LDAPUserFolderAdapter._find_user_dn (   self,
  name 
) [private]
Convert a name to an LDAP dn

Definition at line 83 of file LDAPUserFolderAdapter.py.

00083 
00084 def _find_user_dn(self, name):
00085     """
00086     Convert a name to an LDAP dn
00087     """
00088     # Search records matching name
00089     login_attr = self._login_attr
00090     v = self.findUser(search_param = login_attr, search_term = name)
00091 
00092     # Filter to keep exact matches only
00093     v = filter(lambda x: x[login_attr] == name, v)
00094 
00095     # Now, decide what to do
00096     l = len(v)
00097     if not l:
00098         # Invalid name
00099         raise "Invalid user name: '%s'" % (name, )
00100     elif l > 1:
00101         # Several records... don't know how to handle
00102         raise "Duplicate user name for '%s'" % (name, )
00103     return v[0]['dn']
00104 

def GroupUserFolder.LDAPUserFolderAdapter._mangleRoles (   self,
  name,
  roles 
) [private]
Return role_dns for this user

Definition at line 105 of file LDAPUserFolderAdapter.py.

00105 
00106 def _mangleRoles(self, name, roles):
00107     """
00108     Return role_dns for this user
00109     """
00110     # Local groups => the easiest part
00111     if self._local_groups:
00112         return roles
00113 
00114     # We have to transform roles into group dns: transform them as a dict
00115     role_dns = []
00116     all_groups = self.getGroups()
00117     all_roles = self.valid_roles()
00118     groups = {}
00119     for g in all_groups:
00120         groups[g[0]] = g[1]
00121 
00122     # LDAPUF does the mistake of adding possibly invalid roles to the user roles
00123     # (for example, adding the cn of a group additionnaly to the mapped zope role).
00124     # So we must remove from our 'roles' list all roles which are prefixed by group prefix
00125     # but are not actually groups.
00126     # See http://www.dataflake.org/tracker/issue_00376 for more information on that
00127     # particular issue.
00128     # If a group has the same name as a role, we assume that it should be a _role_.
00129     # We should check against group/role mapping here, but... well... XXX TODO !
00130     # See "HERE IT IS" comment below.
00131 
00132     # Scan roles we are asking for to manage groups correctly
00133     for role in roles:
00134         if not role in all_roles:
00135             continue                        # Do not allow propagation of invalid roles
00136         if role.startswith(GROUP_PREFIX):
00137             role = role[GROUP_PREFIX_LEN:]          # Remove group prefix : groups are stored WITHOUT prefix in LDAP
00138             if role in all_roles:
00139                 continue                            # HERE IT IS
00140         r = groups.get(role, None)
00141         if not r:
00142             Log(LOG_WARNING, "LDAP Server doesn't provide a '%s' group (required for user '%s')." % (role, name, ))
00143         else:
00144             role_dns.append(r)
00145 
00146     return role_dns
00147 

Here is the call graph for this function:

def GroupUserFolder.LDAPUserFolderAdapter.manage_editGroupRoles (   self,
  user_dn,
  role_dns = [],
  REQUEST = None 
)
Edit the roles (groups) of a group 

Definition at line 167 of file LDAPUserFolderAdapter.py.

00167 
00168 def manage_editGroupRoles(self, user_dn, role_dns=[], REQUEST=None):
00169     """ Edit the roles (groups) of a group """
00170     from Products.LDAPUserFolder.utils import GROUP_MEMBER_MAP
00171     try:
00172         from Products.LDAPUserFolder.LDAPDelegate import ADD, DELETE
00173     except ImportError:
00174         # Support for LDAPUserFolder >= 2.6
00175         ADD = self._delegate.ADD
00176         DELETE = self._delegate.DELETE
00177 
00178     msg = ""


Variable Documentation

Definition at line 24 of file LDAPUserFolderAdapter.py.

GroupUserFolder Copyright (C)2006 Ingeniweb.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

Definition at line 21 of file LDAPUserFolderAdapter.py.

Definition at line 200 of file LDAPUserFolderAdapter.py.

tuple GroupUserFolder.LDAPUserFolderAdapter.all_groups = self.getGroups(attr='dn')

Log(LOG_DEBUG, "assigning", role_dns, "to", user_dn)

Definition at line 180 of file LDAPUserFolderAdapter.py.

tuple GroupUserFolder.LDAPUserFolderAdapter.cur_groups = self.getGroups(dn=user_dn, attr='dn')

Definition at line 181 of file LDAPUserFolderAdapter.py.

Definition at line 182 of file LDAPUserFolderAdapter.py.

Log(LOG_DEBUG, "group", group, "subgroup", user_dn, "result", msg)

Definition at line 215 of file LDAPUserFolderAdapter.py.

Definition at line 35 of file LDAPUserFolderAdapter.py.

tuple GroupUserFolder.LDAPUserFolderAdapter.member_attr = GROUP_MEMBER_MAP.get(self.getGroupType(group))

Definition at line 197 of file LDAPUserFolderAdapter.py.

Initial value:
00001 self._delegate.modify(
00002                     group
00003                     , action
00004                     , {member_attr : [user_dn]}
00005                     )

Definition at line 206 of file LDAPUserFolderAdapter.py.