Compare commits
2 Commits
8e07151837
...
c72f97de42
Author | SHA1 | Date |
---|---|---|
PCoder | c72f97de42 | |
PCoder | f3d90a2b7d |
|
@ -12,9 +12,12 @@ https://docs.djangoproject.com/en/2.1/ref/settings/
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import ldap
|
import ldap
|
||||||
|
import logging
|
||||||
from decouple import config, Csv
|
from decouple import config, Csv
|
||||||
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
|
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
||||||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||||
|
|
||||||
|
@ -207,6 +210,44 @@ LOGGING = {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
LDAP_SEARCH_BASE=config(
|
||||||
|
'LDAP_SEARCH_BASE',
|
||||||
|
default='ou=users,dc=ungleich,dc=ch'
|
||||||
|
)
|
||||||
|
|
||||||
|
LDAP_MAX_UID_PATH = os.path.join(
|
||||||
|
os.path.abspath(os.path.dirname(__file__)),
|
||||||
|
'ldap_max_uid_file'
|
||||||
|
)
|
||||||
|
|
||||||
|
LDAP_IPV6_WORK_USER_GROUP = config('LDAP_IPV6_WORK_USER_GROUP', cast=int)
|
||||||
|
|
||||||
|
|
||||||
|
def set_max_uid(max_uid):
|
||||||
|
"""
|
||||||
|
a utility function to save max_uid value to a file
|
||||||
|
|
||||||
|
:param max_uid: an integer representing the max uid
|
||||||
|
:return:
|
||||||
|
"""
|
||||||
|
with open(LDAP_MAX_UID_PATH, 'w+') as handler:
|
||||||
|
handler.write(max_uid)
|
||||||
|
|
||||||
|
|
||||||
|
def get_max_uid():
|
||||||
|
"""
|
||||||
|
A utility function to read the max uid value that was previously set
|
||||||
|
|
||||||
|
:return: An integer representing the max uid value that was previously set
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
with open(LDAP_MAX_UID_PATH, 'r+') as handler:
|
||||||
|
return int(handler.read())
|
||||||
|
except FileNotFoundError as fnfe:
|
||||||
|
logger.error("File not found : " + str(fnfe))
|
||||||
|
ret = config('DEFAULT_START_UID', cast=int, default=10000)
|
||||||
|
logger.error("So, returing UID={}".format(ret))
|
||||||
|
|
||||||
if config('ENABLE_DEBUG_LOG', cast=bool, default=False):
|
if config('ENABLE_DEBUG_LOG', cast=bool, default=False):
|
||||||
loggers_dict = {}
|
loggers_dict = {}
|
||||||
LOGGING['handlers']['file'] = {
|
LOGGING['handlers']['file'] = {
|
||||||
|
|
|
@ -1,17 +1,38 @@
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from ldap3 import Server, ServerPool, Connection, ObjectDef, AttrDef, Reader, Writer
|
from ldap3 import Server, Connection, ObjectDef, Writer, SUBTREE
|
||||||
|
import logging
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
server = Server(settings.AUTH_LDAP_SERVER_URI)
|
server = Server(settings.AUTH_LDAP_SERVER_URI)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def create_user(user, password, firstname, lastname, email):
|
def create_user(user, password, firstname, lastname, email):
|
||||||
conn = Connection(server, settings.AUTH_LDAP_BIND_DN,
|
conn = Connection(server, settings.AUTH_LDAP_BIND_DN,
|
||||||
settings.AUTH_LDAP_BIND_PASSWORD)
|
settings.AUTH_LDAP_BIND_PASSWORD)
|
||||||
if not conn.bind():
|
if not conn.bind():
|
||||||
|
logger.error("conn.bind() returned False. Could not connect.")
|
||||||
raise Exception('Could not connect to LDAP Server')
|
raise Exception('Could not connect to LDAP Server')
|
||||||
obj_new_user = ObjectDef(
|
obj_new_user = ObjectDef(['inetOrgPerson', 'posixAccount'], conn)
|
||||||
['inetOrgPerson'], conn)
|
uid = settings.get_max_uid() + 1
|
||||||
|
results = True
|
||||||
|
while results:
|
||||||
|
results = conn.search(
|
||||||
|
search_base=settings.LDAP_SEARCH_BASE,
|
||||||
|
search_filter=(
|
||||||
|
'(&(objectClass=inetOrgPerson)(objectClass=posixAccount)'
|
||||||
|
'(objectClass=top)(uidNumber={uidNumber}))'.format(
|
||||||
|
uidNumber=uid
|
||||||
|
)
|
||||||
|
),
|
||||||
|
search_scope=SUBTREE,
|
||||||
|
attributes=['uidNumber'],
|
||||||
|
)
|
||||||
|
if results:
|
||||||
|
logger.debug("{uid} exists. Trying next.".format(uid=uid))
|
||||||
|
uid += 1
|
||||||
|
else:
|
||||||
|
logger.debug("{uid} does not exist. Using it".format(uid=uid))
|
||||||
|
|
||||||
w = Writer(conn, obj_new_user)
|
w = Writer(conn, obj_new_user)
|
||||||
dn = 'uid=%s,ou=users,dc=ungleich,dc=ch' % user
|
dn = 'uid=%s,ou=users,dc=ungleich,dc=ch' % user
|
||||||
w.new(dn)
|
w.new(dn)
|
||||||
|
@ -20,9 +41,13 @@ def create_user(user, password, firstname, lastname, email):
|
||||||
w[0].cn = firstname + " " + lastname
|
w[0].cn = firstname + " " + lastname
|
||||||
w[0].mail = email
|
w[0].mail = email
|
||||||
w[0].userPassword = password
|
w[0].userPassword = password
|
||||||
|
w[0].gidNumber = settings.IPV6_WORK_USER_GROUP
|
||||||
|
w[0].uidNumber = uid
|
||||||
|
w[0].homeDirectory = "/home/" + user
|
||||||
|
|
||||||
if not w.commit():
|
if not w.commit():
|
||||||
conn.unbind()
|
conn.unbind()
|
||||||
|
logger.error("w.commit() returned False. Could not write user.")
|
||||||
raise Exception("Couldn't write user")
|
raise Exception("Couldn't write user")
|
||||||
conn.unbind()
|
conn.unbind()
|
||||||
return True
|
return True
|
||||||
|
|
Loading…
Reference in New Issue