« back to all changes in this revision
Viewing changes to nova/auth/ldapdriver.py
- browse files at revision 391
- compare with another revision
- download diff
- download tarball
- view history from revision 391
- Committer: Ryan Lane
- Date: 2010-12-10 18:49:54 UTC
- Revision ID: laner@controller-20101210184954-tjn6a5173xjlgz83
Format fixes and modification of Vish's email address.
added
removed
nova/auth/ldapdriver.py
125
125
def get_users(self):
126
126
"""Retrieve list of users"""
127
127
attrs = self.__find_objects(FLAGS.ldap_user_subtree,
128
'(objectclass=novaUser)')
128
'(objectclass=novaUser)')
129
129
users = []
130
130
for attr in attrs:
131
131
user = self.__to_user(attr)
155
155
attr = []
156
156
if 'secretKey' in user.keys():
157
157
attr.append((self.ldap.MOD_REPLACE, 'secretKey',
158
[secret_key]))
158
[secret_key]))
159
159
else:
160
160
attr.append((self.ldap.MOD_ADD, 'secretKey',
161
[secret_key]))
161
[secret_key]))
162
162
if 'accessKey' in user.keys():
163
163
attr.append((self.ldap.MOD_REPLACE, 'accessKey',
164
[access_key]))
164
[access_key]))
165
165
else:
166
166
attr.append((self.ldap.MOD_ADD, 'accessKey',
167
[access_key]))
167
[access_key]))
168
168
if LdapDriver.isadmin_attribute in user.keys():
169
169
attr.append((self.ldap.MOD_REPLACE,
170
LdapDriver.isadmin_attribute, [str(is_admin).upper()]))
170
LdapDriver.isadmin_attribute,
171
[str(is_admin).upper()]))
171
172
else:
172
173
attr.append((self.ldap.MOD_ADD,
173
LdapDriver.isadmin_attribute, [str(is_admin).upper()]))
174
LdapDriver.isadmin_attribute,
175
[str(is_admin).upper()]))
174
176
self.conn.modify_s(self.__uid_to_dn(name), attr)
175
177
return self.get_user(name)
176
178
else:
299
301
else:
300
302
project_dn = 'cn=%s,%s' % (project_id, FLAGS.ldap_project_subtree)
301
303
query = ('(&(&(objectclass=groupOfNames)(!%s))(member=%s))' %
302
(LdapDriver.project_pattern, self.__uid_to_dn(uid)))
304
(LdapDriver.project_pattern, self.__uid_to_dn(uid)))
303
305
roles = self.__find_objects(project_dn, query)
304
306
return [role['cn'][0] for role in roles]
305
307
363
365
def __get_ldap_user(self, uid):
364
366
"""Retrieve LDAP user entry by id"""
365
367
attr = self.__find_object(self.__uid_to_dn(uid),
366
'(objectclass=novaUser)')
368
'(objectclass=novaUser)')
367
369
return attr
368
370
369
371
def __find_object(self, dn, query=None, scope=None):
406
408
def __find_group_dns_with_member(self, tree, uid):
407
409
"""Find dns of group objects in a given tree that contain member"""
408
410
query = ('(&(objectclass=groupOfNames)(member=%s))' %
409
self.__uid_to_dn(uid))
411
self.__uid_to_dn(uid))
410
412
dns = self.__find_dns(tree, query)
411
413
return dns
412
414
436
438
for member_uid in member_uids:
437
439
if not self.__user_exists(member_uid):
438
440
raise exception.NotFound("Group can't be created "
439
"because user %s doesn't exist" % member_uid)
441
"because user %s doesn't exist" %
442
member_uid)
440
443
members.append(self.__uid_to_dn(member_uid))
441
444
dn = self.__uid_to_dn(uid)
442
445
if not dn in members:
452
455
"""Check if user is in group"""
453
456
if not self.__user_exists(uid):
454
457
raise exception.NotFound("User %s can't be searched in group "
455
"because the user doesn't exist" % uid)
458
"because the user doesn't exist" % uid)
456
459
if not self.__group_exists(group_dn):
457
460
return False
458
461
res = self.__find_object(group_dn,
464
467
"""Add user to group"""
465
468
if not self.__user_exists(uid):
466
469
raise exception.NotFound("User %s can't be added to the group "
467
"because the user doesn't exist" % uid)
470
"because the user doesn't exist" % uid)
468
471
if not self.__group_exists(group_dn):
469
472
raise exception.NotFound("The group at dn %s doesn't exist" %
470
473
group_dn)
481
484
group_dn)
482
485
if not self.__user_exists(uid):
483
486
raise exception.NotFound("User %s can't be removed from the "
484
"group because the user doesn't exist" % uid)
487
"group because the user doesn't exist" %
488
uid)
485
489
if not self.__is_in_group(uid, group_dn):
486
490
raise exception.NotFound("User %s is not a member of the group" %
487
491
uid)
488
492
# NOTE(vish): remove user from group and any sub_groups
489
sub_dns = self.__find_group_dns_with_member(
490
group_dn, uid)
493
sub_dns = self.__find_group_dns_with_member(group_dn, uid)
491
494
for sub_dn in sub_dns:
492
495
self.__safe_remove_from_group(uid, sub_dn)
493
496
506
509
"""Remove user from all roles and projects"""
507
510
if not self.__user_exists(uid):
508
511
raise exception.NotFound("User %s can't be removed from all "
509
"because the user doesn't exist" % uid)
512
"because the user doesn't exist" % uid)
510
513
role_dns = self.__find_group_dns_with_member(
511
514
FLAGS.role_project_subtree, uid)
512
515
for role_dn in role_dns:
564
567
@staticmethod
565
568
def __uid_to_dn(uid):
566
569
"""Convert uid to dn"""
567
return FLAGS.ldap_user_id_attribute + '=%s,%s' \
568
% (uid, FLAGS.ldap_user_subtree)
570
return (FLAGS.ldap_user_id_attribute + '=%s,%s'
571
% (uid, FLAGS.ldap_user_subtree))
569
572
570
573
571
574
class FakeLdapDriver(LdapDriver):
Loggerhead is a web-based interface for Breezy
Version: 2.0.1