diff options
author | Bogdano Arendartchuk <bogdano@mandriva.org> | 2007-05-02 17:41:56 +0000 |
---|---|---|
committer | Bogdano Arendartchuk <bogdano@mandriva.org> | 2007-05-02 17:41:56 +0000 |
commit | f76255fe3a7466748de56b422c048039ea59b077 (patch) | |
tree | f6db4aa336bc714374eb68081be0590c8ce6e720 /RepSys | |
parent | 0b5ebe2e1b3becfd57c15dc3d585ffcd22b47076 (diff) | |
download | mgarepo-f76255fe3a7466748de56b422c048039ea59b077.tar mgarepo-f76255fe3a7466748de56b422c048039ea59b077.tar.gz mgarepo-f76255fe3a7466748de56b422c048039ea59b077.tar.bz2 mgarepo-f76255fe3a7466748de56b422c048039ea59b077.tar.xz mgarepo-f76255fe3a7466748de56b422c048039ea59b077.zip |
Introduced the plugin "ldapusers".
This plugin allows to obtain the user names and e-mails from a LDAP server.
See repsys --help-plugin ldapusers for the configuration options.
This plugin also required one small change in the ConfigParser: the class
Config should allow one to get one option value in "raw" format, so that
python format strings can be used as configuration values.
Diffstat (limited to 'RepSys')
-rw-r--r-- | RepSys/ConfigParser.py | 4 | ||||
-rw-r--r-- | RepSys/plugins/ldapusers.py | 118 |
2 files changed, 120 insertions, 2 deletions
diff --git a/RepSys/ConfigParser.py b/RepSys/ConfigParser.py index d995a57..4dc3e3c 100644 --- a/RepSys/ConfigParser.py +++ b/RepSys/ConfigParser.py @@ -388,14 +388,14 @@ class Config: return handler(section, option, walk=True) return self._config.walk(section, option, raw, vars) - def get(self, section, option, default=None, wrap=True): + def get(self, section, option, default=None, raw=False, wrap=True): if wrap: handler = self._wrapped.get(section) if handler: handler = self._wrapped.get(section) return handler(section, option, default) try: - return self._config.get(section, option) + return self._config.get(section, option, raw=raw) except Error: return default diff --git a/RepSys/plugins/ldapusers.py b/RepSys/plugins/ldapusers.py new file mode 100644 index 0000000..aa3438e --- /dev/null +++ b/RepSys/plugins/ldapusers.py @@ -0,0 +1,118 @@ +""" +A Repsys plugin for obtaining users from a LDAP server. + +In order to enable the plugin, the user must define the following +options in repsys.conf: + + ldap-server [required] + the host name of the LDAP server + ldap-port [optional] [default: 389] + the port of the LDAP server + ldap-base [required] + the base DN where the search will be performed + ldap-binddn [optional] [default: empty] + the DN used to bind + ldap-bindpw [optional] [default: empty] + the password used to bind + ldap-filterformat [optional] + [default: (&(objectClass=inetOrgPerson)(uid=%s))] + RFC-2254 filter string used in the search of the user entry. + Note that this is a python format string and will have the user + name as parameter. For example: + + ldap-filterformat = (&(objectClass=inetOrgPerson)(uid=%s)) + + Will result in the search filter: + + (&(objectClass=inetOrgPerson)(uid=john)) + + ldap-format [optional] [default: %(cn)s <%(mail)s>] + This is a python format string. This string will be + formatted using one dict object containing the fields + returned in the LDAP search, for example: + + >>> format = "%(cn)s <%(mail)s>" + >>> d = search(basedn, filter) + >>> d = {"cn": "John Doe", "mail": "john@mandriva.org", + "uidNumber": "1290", "loginShell": "/bin/bash", + ... many other attributes ... } + >>> value = format % d + >>> print value + John Doe <john@mandriva.org> + + Note that only the first value of the attributes will be + used. + +When the searched option is not found, it will try in repsys.conf. All +the values found. (including from repsys.conf) will be cached between +each configuration acess. + +This plugin requires the package python-ldap. + +For more information, look http://qa.mandriva.com/show_bug.cgi?id=30549 +""" +from RepSys import Error, config + +users_cache = {} + +def strip_entry(entry): + "Leave only the first value in all keys in the entry" + new = dict((key, value[0]) for key, value in entry.iteritems()) + return new + + +def make_handler(): + server = config.get("global", "ldap-server") + port = config.get("global", "ldap-port") + basedn = config.get("global", "ldap-base") + binddn = config.get("global", "ldap-binddn") + bindpw = config.get("global", "ldap-bindpw", "") + filterformat = config.get("global", "ldap-filterformat", + "(&(objectClass=inetOrgPerson)(uid=%s))", raw=1) + format = config.get("global", "ldap-format", "%(cn)s <%(mail)s>", raw=1) + + if server is None: + def dummy_wrapper(section, option=None, default=None, walk=False): + return config.get(section, option, default, wrap=False) + return dummy_wrapper + + # only load ldap if it is enabled in configuration, this way we don't + # require everyone to have python-ldap installed + import ldap + + def users_wrapper(section, option=None, default=None, walk=False): + global users_cache + if walk: + raise Error, "ldapusers plugin does not support user listing" + assert option is not None, \ + "When not section walking, option is required" + + value = users_cache.get(option) + if value is not None: + return value + + l = ldap.open(server) + if binddn: + l.bind(binddn, bindpw) + filter = filterformat % option + found = l.search_s(basedn, ldap.SCOPE_SUBTREE, filter) + if found: + dn, entry = found[0] + entry = strip_entry(entry) + try: + value = format % entry + except KeyError, e: + raise Error, "the key %s was not found in LDAP search, " \ + "check your ldap-format configuration" % e + except (TypeError, ValueError), e: + raise Error, "LDAP response formatting error: %s. Check " \ + "your ldap-format configuration" % e + else: + # issue a warning? + value = config.get(section, option, default, wrap=False) + users_cache[option] = value + return value + + return users_wrapper + +config.wrap("users", handler=make_handler()) |