aboutsummaryrefslogtreecommitdiffstats
path: root/RepSys
diff options
context:
space:
mode:
authorBogdano Arendartchuk <bogdano@mandriva.org>2007-05-02 17:41:56 +0000
committerBogdano Arendartchuk <bogdano@mandriva.org>2007-05-02 17:41:56 +0000
commitf76255fe3a7466748de56b422c048039ea59b077 (patch)
treef6db4aa336bc714374eb68081be0590c8ce6e720 /RepSys
parent0b5ebe2e1b3becfd57c15dc3d585ffcd22b47076 (diff)
downloadmgarepo-f76255fe3a7466748de56b422c048039ea59b077.tar
mgarepo-f76255fe3a7466748de56b422c048039ea59b077.tar.gz
mgarepo-f76255fe3a7466748de56b422c048039ea59b077.tar.bz2
mgarepo-f76255fe3a7466748de56b422c048039ea59b077.tar.xz
mgarepo-f76255fe3a7466748de56b422c048039ea59b077.zip
Introduced the plugin "ldapusers".
This plugin allows to obtain the user names and e-mails from a LDAP server. See repsys --help-plugin ldapusers for the configuration options. This plugin also required one small change in the ConfigParser: the class Config should allow one to get one option value in "raw" format, so that python format strings can be used as configuration values.
Diffstat (limited to 'RepSys')
-rw-r--r--RepSys/ConfigParser.py4
-rw-r--r--RepSys/plugins/ldapusers.py118
2 files changed, 120 insertions, 2 deletions
diff --git a/RepSys/ConfigParser.py b/RepSys/ConfigParser.py
index d995a57..4dc3e3c 100644
--- a/RepSys/ConfigParser.py
+++ b/RepSys/ConfigParser.py
@@ -388,14 +388,14 @@ class Config:
return handler(section, option, walk=True)
return self._config.walk(section, option, raw, vars)
- def get(self, section, option, default=None, wrap=True):
+ def get(self, section, option, default=None, raw=False, wrap=True):
if wrap:
handler = self._wrapped.get(section)
if handler:
handler = self._wrapped.get(section)
return handler(section, option, default)
try:
- return self._config.get(section, option)
+ return self._config.get(section, option, raw=raw)
except Error:
return default
diff --git a/RepSys/plugins/ldapusers.py b/RepSys/plugins/ldapusers.py
new file mode 100644
index 0000000..aa3438e
--- /dev/null
+++ b/RepSys/plugins/ldapusers.py
@@ -0,0 +1,118 @@
+"""
+A Repsys plugin for obtaining users from a LDAP server.
+
+In order to enable the plugin, the user must define the following
+options in repsys.conf:
+
+ ldap-server [required]
+ the host name of the LDAP server
+ ldap-port [optional] [default: 389]
+ the port of the LDAP server
+ ldap-base [required]
+ the base DN where the search will be performed
+ ldap-binddn [optional] [default: empty]
+ the DN used to bind
+ ldap-bindpw [optional] [default: empty]
+ the password used to bind
+ ldap-filterformat [optional]
+ [default: (&(objectClass=inetOrgPerson)(uid=%s))]
+ RFC-2254 filter string used in the search of the user entry.
+ Note that this is a python format string and will have the user
+ name as parameter. For example:
+
+ ldap-filterformat = (&(objectClass=inetOrgPerson)(uid=%s))
+
+ Will result in the search filter:
+
+ (&(objectClass=inetOrgPerson)(uid=john))
+
+ ldap-format [optional] [default: %(cn)s <%(mail)s>]
+ This is a python format string. This string will be
+ formatted using one dict object containing the fields
+ returned in the LDAP search, for example:
+
+ >>> format = "%(cn)s <%(mail)s>"
+ >>> d = search(basedn, filter)
+ >>> d = {"cn": "John Doe", "mail": "john@mandriva.org",
+ "uidNumber": "1290", "loginShell": "/bin/bash",
+ ... many other attributes ... }
+ >>> value = format % d
+ >>> print value
+ John Doe <john@mandriva.org>
+
+ Note that only the first value of the attributes will be
+ used.
+
+When the searched option is not found, it will try in repsys.conf. All
+the values found. (including from repsys.conf) will be cached between
+each configuration acess.
+
+This plugin requires the package python-ldap.
+
+For more information, look http://qa.mandriva.com/show_bug.cgi?id=30549
+"""
+from RepSys import Error, config
+
+users_cache = {}
+
+def strip_entry(entry):
+ "Leave only the first value in all keys in the entry"
+ new = dict((key, value[0]) for key, value in entry.iteritems())
+ return new
+
+
+def make_handler():
+ server = config.get("global", "ldap-server")
+ port = config.get("global", "ldap-port")
+ basedn = config.get("global", "ldap-base")
+ binddn = config.get("global", "ldap-binddn")
+ bindpw = config.get("global", "ldap-bindpw", "")
+ filterformat = config.get("global", "ldap-filterformat",
+ "(&(objectClass=inetOrgPerson)(uid=%s))", raw=1)
+ format = config.get("global", "ldap-format", "%(cn)s <%(mail)s>", raw=1)
+
+ if server is None:
+ def dummy_wrapper(section, option=None, default=None, walk=False):
+ return config.get(section, option, default, wrap=False)
+ return dummy_wrapper
+
+ # only load ldap if it is enabled in configuration, this way we don't
+ # require everyone to have python-ldap installed
+ import ldap
+
+ def users_wrapper(section, option=None, default=None, walk=False):
+ global users_cache
+ if walk:
+ raise Error, "ldapusers plugin does not support user listing"
+ assert option is not None, \
+ "When not section walking, option is required"
+
+ value = users_cache.get(option)
+ if value is not None:
+ return value
+
+ l = ldap.open(server)
+ if binddn:
+ l.bind(binddn, bindpw)
+ filter = filterformat % option
+ found = l.search_s(basedn, ldap.SCOPE_SUBTREE, filter)
+ if found:
+ dn, entry = found[0]
+ entry = strip_entry(entry)
+ try:
+ value = format % entry
+ except KeyError, e:
+ raise Error, "the key %s was not found in LDAP search, " \
+ "check your ldap-format configuration" % e
+ except (TypeError, ValueError), e:
+ raise Error, "LDAP response formatting error: %s. Check " \
+ "your ldap-format configuration" % e
+ else:
+ # issue a warning?
+ value = config.get(section, option, default, wrap=False)
+ users_cache[option] = value
+ return value
+
+ return users_wrapper
+
+config.wrap("users", handler=make_handler())