py.lib
py.lib/ldap_utils/ldap_util.py
. Наведение порядка с PostgreSQL
| awgur@3 | 1 # coding: utf-8 |
| awgur@3 | 2 import ldap |
| awgur@3 | 3 |
| awgur@3 | 4 # =========================================================== |
| awgur@3 | 5 # Статус завершения оперций |
| awgur@3 | 6 STATUS_OK = 0 # Всё ОК. |
| awgur@3 | 7 STATUS_BADAUTH = 1 # Не верные пользователь или пароль. |
| awgur@3 | 8 STATUS_SERVERDOWN = 2 # Сервер не доступен. |
| awgur@3 | 9 STATUS_SERVERERROR = 3 # Ошибка при взаимодействии с сервером. |
| awgur@3 | 10 |
| awgur@3 | 11 class LdapError(Exception): pass |
| awgur@3 | 12 |
| awgur@3 | 13 class LdapAuth(object): |
| awgur@3 | 14 def __init__(self, server, userPrefix = 'CORP\\', baseDN = 'DC=example,DC=net', attr = []): |
| awgur@3 | 15 self.server = server |
| awgur@3 | 16 self.prefix = userPrefix |
| awgur@3 | 17 self.status = '' |
| awgur@3 | 18 self.baseDN = baseDN |
| awgur@3 | 19 self.statusCode = 0 |
| awgur@3 | 20 self.groups = None |
| awgur@3 | 21 self.attr = None |
| awgur@3 | 22 self._needAttr = [ i for i in map(str, attr) ] |
| awgur@3 | 23 |
| awgur@3 | 24 def __call__(self, user, passwd): |
| awgur@3 | 25 try: |
| awgur@3 | 26 conn = ldap.initialize(self.server) |
| awgur@3 | 27 conn.set_option(ldap.OPT_REFERRALS, 0) |
| awgur@3 | 28 conn.simple_bind_s(self.prefix + user, passwd) |
| awgur@3 | 29 except ldap.INVALID_CREDENTIALS: |
| awgur@3 | 30 conn.unbind() |
| awgur@3 | 31 self.status = 'Invalid credentials' |
| awgur@3 | 32 self.statusCode = STATUS_BADAUTH |
| awgur@3 | 33 return False |
| awgur@3 | 34 except ldap.SERVER_DOWN: |
| awgur@3 | 35 self.status = 'Server is down' |
| awgur@3 | 36 self.statusCode = STATUS_SERVERDOWN |
| awgur@3 | 37 return False |
| awgur@3 | 38 |
| awgur@3 | 39 self.groups = [] |
| awgur@3 | 40 try: |
| awgur@3 | 41 ldapData = conn.search_s(self.baseDN, ldap.SCOPE_SUBTREE, '(cn=%s)' % user, ['memberOf'] + self._needAttr)[0][1] |
| awgur@3 | 42 for i in ldapData['memberOf']: |
| awgur@3 | 43 self.groups.append(i.split(',')[0].split('=')[1].decode('utf-8')) |
| awgur@3 | 44 del ldapData['memberOf'] |
| awgur@3 | 45 self.attr = ldapData |
| awgur@3 | 46 except KeyError: |
| awgur@3 | 47 self.status = 'User object from LDAP is wrong, it can be anonymous logon' |
| awgur@3 | 48 self.statusCode = STATUS_SERVERERROR |
| awgur@3 | 49 return False |
| awgur@3 | 50 finally: |
| awgur@3 | 51 conn.unbind() |
| awgur@3 | 52 |
| awgur@3 | 53 return True |
| awgur@3 | 54 |
| awgur@3 | 55 def __getitem__(self, key): |
| awgur@3 | 56 return self.attr[key] |
| awgur@3 | 57 |
| awgur@3 | 58 def memberOf(self, group): |
| awgur@3 | 59 """Проверка на присутствие у пользователя некоторой группы |
| awgur@3 | 60 """ |
| awgur@3 | 61 if self.groups == None: |
| awgur@3 | 62 raise LdapError('Request membership before auth call.') |
| awgur@3 | 63 |
| awgur@3 | 64 if not isinstance(group, unicode): |
| awgur@3 | 65 if isinstance(group, str): |
| awgur@3 | 66 group = group.decode('utf-8') |
| awgur@3 | 67 else: |
| awgur@3 | 68 group = str(group).decode('utf-8') |
| awgur@3 | 69 |
| awgur@3 | 70 if group in self.groups: |
| awgur@3 | 71 return True |
| awgur@3 | 72 else: |
| awgur@3 | 73 return False |
| awgur@3 | 74 |
| awgur@3 | 75 def __contains__(self, group): |
| awgur@3 | 76 return self.memberOf(group) |
| awgur@3 | 77 |
| awgur@3 | 78 def memberOfGroups(self, groups): |
| awgur@3 | 79 if not len(groups) > 0: |
| awgur@3 | 80 return False |
| awgur@3 | 81 |
| awgur@3 | 82 for group in groups: |
| awgur@3 | 83 if not group in self: |
| awgur@3 | 84 return False |
| awgur@3 | 85 |
| awgur@3 | 86 return True |