Compare commits

...

2 Commits

Author SHA1 Message Date
PCoder c72f97de42 Add code to create user's unix profile also 2019-02-03 13:05:44 +01:00
PCoder f3d90a2b7d Add utility code to get max UID
Other changes:
- Introduce logging
- Introduce .env config parameters
  - LDAP_SEARCH_BASE: The base used in the LDAP search to find uid
  - IPV6_WORK_USER_GROUP: The LDAP group to which the newly added
      user should belong to
2019-02-03 12:59:22 +01:00
2 changed files with 70 additions and 4 deletions

View File

@ -12,9 +12,12 @@ https://docs.djangoproject.com/en/2.1/ref/settings/
import os
import ldap
import logging
from decouple import config, Csv
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
logger = logging.getLogger(__name__)
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@ -207,6 +210,44 @@ LOGGING = {
},
}
LDAP_SEARCH_BASE=config(
'LDAP_SEARCH_BASE',
default='ou=users,dc=ungleich,dc=ch'
)
LDAP_MAX_UID_PATH = os.path.join(
os.path.abspath(os.path.dirname(__file__)),
'ldap_max_uid_file'
)
LDAP_IPV6_WORK_USER_GROUP = config('LDAP_IPV6_WORK_USER_GROUP', cast=int)
def set_max_uid(max_uid):
"""
a utility function to save max_uid value to a file
:param max_uid: an integer representing the max uid
:return:
"""
with open(LDAP_MAX_UID_PATH, 'w+') as handler:
handler.write(max_uid)
def get_max_uid():
"""
A utility function to read the max uid value that was previously set
:return: An integer representing the max uid value that was previously set
"""
try:
with open(LDAP_MAX_UID_PATH, 'r+') as handler:
return int(handler.read())
except FileNotFoundError as fnfe:
logger.error("File not found : " + str(fnfe))
ret = config('DEFAULT_START_UID', cast=int, default=10000)
logger.error("So, returing UID={}".format(ret))
if config('ENABLE_DEBUG_LOG', cast=bool, default=False):
loggers_dict = {}
LOGGING['handlers']['file'] = {

View File

@ -1,17 +1,38 @@
from django.conf import settings
from ldap3 import Server, ServerPool, Connection, ObjectDef, AttrDef, Reader, Writer
from ldap3 import Server, Connection, ObjectDef, Writer, SUBTREE
import logging
logger = logging.getLogger(__name__)
server = Server(settings.AUTH_LDAP_SERVER_URI)
def create_user(user, password, firstname, lastname, email):
conn = Connection(server, settings.AUTH_LDAP_BIND_DN,
settings.AUTH_LDAP_BIND_PASSWORD)
if not conn.bind():
logger.error("conn.bind() returned False. Could not connect.")
raise Exception('Could not connect to LDAP Server')
obj_new_user = ObjectDef(
['inetOrgPerson'], conn)
obj_new_user = ObjectDef(['inetOrgPerson', 'posixAccount'], conn)
uid = settings.get_max_uid() + 1
results = True
while results:
results = conn.search(
search_base=settings.LDAP_SEARCH_BASE,
search_filter=(
'(&(objectClass=inetOrgPerson)(objectClass=posixAccount)'
'(objectClass=top)(uidNumber={uidNumber}))'.format(
uidNumber=uid
)
),
search_scope=SUBTREE,
attributes=['uidNumber'],
)
if results:
logger.debug("{uid} exists. Trying next.".format(uid=uid))
uid += 1
else:
logger.debug("{uid} does not exist. Using it".format(uid=uid))
w = Writer(conn, obj_new_user)
dn = 'uid=%s,ou=users,dc=ungleich,dc=ch' % user
w.new(dn)
@ -20,9 +41,13 @@ def create_user(user, password, firstname, lastname, email):
w[0].cn = firstname + " " + lastname
w[0].mail = email
w[0].userPassword = password
w[0].gidNumber = settings.IPV6_WORK_USER_GROUP
w[0].uidNumber = uid
w[0].homeDirectory = "/home/" + user
if not w.commit():
conn.unbind()
logger.error("w.commit() returned False. Could not write user.")
raise Exception("Couldn't write user")
conn.unbind()
return True