171
171
def create_user(self, name, access_key, secret_key, is_admin):
172
172
"""Create a user"""
173
173
if self.__user_exists(name):
174
raise exception.Duplicate(_("LDAP user %s already exists") % name)
174
raise exception.LDAPUserExists(user=name)
175
175
if FLAGS.ldap_user_modify_only:
176
176
if self.__ldap_user_exists(name):
177
177
# Retrieve user by name
202
202
self.conn.modify_s(self.__uid_to_dn(name), attr)
203
203
return self.get_user(name)
205
raise exception.NotFound(_("LDAP object for %s doesn't exist")
205
raise exception.LDAPUserNotFound(user_id=name)
209
208
('objectclass', ['person',
226
225
description=None, member_uids=None):
227
226
"""Create a project"""
228
227
if self.__project_exists(name):
229
raise exception.Duplicate(_("Project can't be created because "
230
"project %s already exists") % name)
228
raise exception.ProjectExists(project=name)
231
229
if not self.__user_exists(manager_uid):
232
raise exception.NotFound(_("Project can't be created because "
233
"manager %s doesn't exist")
230
raise exception.LDAPUserNotFound(user_id=manager_uid)
235
231
manager_dn = self.__uid_to_dn(manager_uid)
236
232
# description is a required attribute
237
233
if description is None:
240
236
if member_uids is not None:
241
237
for member_uid in member_uids:
242
238
if not self.__user_exists(member_uid):
243
raise exception.NotFound(_("Project can't be created "
244
"because user %s doesn't exist")
239
raise exception.LDAPUserNotFound(user_id=member_uid)
246
240
members.append(self.__uid_to_dn(member_uid))
247
241
# always add the manager as a member because members is required
248
242
if not manager_dn in members:
267
261
if not self.__user_exists(manager_uid):
268
raise exception.NotFound(_("Project can't be modified because "
269
"manager %s doesn't exist")
262
raise exception.LDAPUserNotFound(user_id=manager_uid)
271
263
manager_dn = self.__uid_to_dn(manager_uid)
272
264
attr.append((self.ldap.MOD_REPLACE, LdapDriver.project_attribute,
347
339
def delete_user(self, uid):
348
340
"""Delete a user"""
349
341
if not self.__user_exists(uid):
350
raise exception.NotFound(_("User %s doesn't exist") % uid)
342
raise exception.LDAPUserNotFound(user_id=uid)
351
343
self.__remove_from_all(uid)
352
344
if FLAGS.ldap_user_modify_only:
353
345
# Delete attributes
471
463
description, member_uids=None):
472
464
"""Create a group"""
473
465
if self.__group_exists(group_dn):
474
raise exception.Duplicate(_("Group can't be created because "
475
"group %s already exists") % name)
466
raise exception.LDAPGroupExists(group=name)
477
468
if member_uids is not None:
478
469
for member_uid in member_uids:
479
470
if not self.__user_exists(member_uid):
480
raise exception.NotFound(_("Group can't be created "
481
"because user %s doesn't exist")
471
raise exception.LDAPUserNotFound(user_id=member_uid)
483
472
members.append(self.__uid_to_dn(member_uid))
484
473
dn = self.__uid_to_dn(uid)
485
474
if not dn in members:
494
483
def __is_in_group(self, uid, group_dn):
495
484
"""Check if user is in group"""
496
485
if not self.__user_exists(uid):
497
raise exception.NotFound(_("User %s can't be searched in group "
498
"because the user doesn't exist") % uid)
486
raise exception.LDAPUserNotFound(user_id=uid)
499
487
if not self.__group_exists(group_dn):
501
489
res = self.__find_object(group_dn,
506
494
def __add_to_group(self, uid, group_dn):
507
495
"""Add user to group"""
508
496
if not self.__user_exists(uid):
509
raise exception.NotFound(_("User %s can't be added to the group "
510
"because the user doesn't exist") % uid)
497
raise exception.LDAPUserNotFound(user_id=uid)
511
498
if not self.__group_exists(group_dn):
512
raise exception.NotFound(_("The group at dn %s doesn't exist") %
499
raise exception.LDAPGroupNotFound(group_id=group_dn)
514
500
if self.__is_in_group(uid, group_dn):
515
raise exception.Duplicate(_("User %(uid)s is already a member of "
516
"the group %(group_dn)s") % locals())
501
raise exception.LDAPMembershipExists(uid=uid, group_dn=group_dn)
517
502
attr = [(self.ldap.MOD_ADD, 'member', self.__uid_to_dn(uid))]
518
503
self.conn.modify_s(group_dn, attr)
520
505
def __remove_from_group(self, uid, group_dn):
521
506
"""Remove user from group"""
522
507
if not self.__group_exists(group_dn):
523
raise exception.NotFound(_("The group at dn %s doesn't exist")
508
raise exception.LDAPGroupNotFound(group_id=group_dn)
525
509
if not self.__user_exists(uid):
526
raise exception.NotFound(_("User %s can't be removed from the "
527
"group because the user doesn't exist")
510
raise exception.LDAPUserNotFound(user_id=uid)
529
511
if not self.__is_in_group(uid, group_dn):
530
raise exception.NotFound(_("User %s is not a member of the group")
512
raise exception.LDAPGroupMembershipNotFound(user_id=uid,
532
514
# NOTE(vish): remove user from group and any sub_groups
533
515
sub_dns = self.__find_group_dns_with_member(group_dn, uid)
534
516
for sub_dn in sub_dns:
548
530
def __remove_from_all(self, uid):
549
531
"""Remove user from all roles and projects"""
550
532
if not self.__user_exists(uid):
551
raise exception.NotFound(_("User %s can't be removed from all "
552
"because the user doesn't exist")
533
raise exception.LDAPUserNotFound(user_id=uid)
554
534
role_dns = self.__find_group_dns_with_member(
555
535
FLAGS.role_project_subtree, uid)
556
536
for role_dn in role_dns:
563
543
def __delete_group(self, group_dn):
564
544
"""Delete Group"""
565
545
if not self.__group_exists(group_dn):
566
raise exception.NotFound(_("Group at dn %s doesn't exist")
546
raise exception.LDAPGroupNotFound(group_id=group_dn)
568
547
self.conn.delete_s(group_dn)
570
549
def __delete_roles(self, project_dn):
added
removed
nova/auth/ldapdriver.py
