← Back to branch summary

~ubuntu-branches/ubuntu/precise/keystone/precise-security

« back to all changes in this revision

Viewing changes to keystone/backends/ldap/api/user.py

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2011-08-23 10:18:22 UTC
  • Revision ID: james.westby@ubuntu.com-20110823101822-enve6zceb3lqhuvj
Tags: upstream-1.0~d4~20110823.1078
ImportĀ upstreamĀ versionĀ 1.0~d4~20110823.1078

Show diffs side-by-side

added added

removed removed

Lines of Context:
keystone/backends/ldap/api/user.py
 
1
import ldap
 
2
import ldap.filter
 
3
 
 
4
from keystone import utils
 
5
from keystone.backends.api import BaseUserAPI
 
6
from keystone.backends.sqlalchemy.api.user import UserAPI as SQLUserAPI
 
7
 
 
8
from .. import models
 
9
from .base import BaseLdapAPI, add_redirects
 
10
 
 
11
 
 
12
class UserAPI(BaseLdapAPI, BaseUserAPI):
 
13
    DEFAULT_TREE_DN = 'ou=Users,dc=example,dc=com'
 
14
    options_name = 'user_tree_dn'
 
15
    object_class = 'keystoneUser'
 
16
    model = models.User
 
17
    attribute_mapping = {
 
18
        'password': 'userPassword',
 
19
        'email': 'mail',
 
20
        'enabled': 'keystoneEnabled',
 
21
    }
 
22
    attribute_ignore = ['tenant_id']
 
23
 
 
24
    def _ldap_res_to_model(self, res):
 
25
        obj = super(UserAPI, self)._ldap_res_to_model(res)
 
26
        tenants = self.api.tenant.get_user_tenants(obj.id)
 
27
        if len(tenants) > 0:
 
28
            obj.tenant_id = tenants[0].id
 
29
        return obj
 
30
 
 
31
    def create(self, values):
 
32
        super(UserAPI, self).create(values)
 
33
        if values['tenant_id'] is not None:
 
34
            self.api.tenant.add_user(values['tenant_id'], values['id'])
 
35
 
 
36
    def update(self, id, values):
 
37
        old_obj = self.get(id)
 
38
        try:
 
39
            new_tenant = values['tenant_id']
 
40
        except KeyError:
 
41
            pass
 
42
        else:
 
43
            if old_obj.tenant_id != new_tenant:
 
44
                self.api.tenant.remove_user(old_obj.tenant_id, id)
 
45
                self.api.tenant.add_user(new_tenant, id)
 
46
        super(UserAPI, self).update(id, values, old_obj)
 
47
 
 
48
    def delete(self, id):
 
49
        super(UserAPI, self).delete(id)
 
50
        for ref in self.api.role.ref_get_all_global_roles(id):
 
51
            self.api.role.ref_delete(ref.id)
 
52
        for ref in self.api.role.ref_get_all_tenant_roles(id):
 
53
            self.api.role.ref_delete(ref.id)
 
54
 
 
55
    def get_by_email(self, email):
 
56
        users = self.get_all('(mail=%s)' % \
 
57
                            (ldap.filter.escape_filter_chars(email),))
 
58
        try:
 
59
            return users[0]
 
60
        except IndexError:
 
61
            return None
 
62
 
 
63
    def user_roles_by_tenant(self, user_id, tenant_id):
 
64
        return self.api.role.ref_get_all_tenant_roles(user_id, tenant_id)
 
65
 
 
66
    def get_by_tenant(self, id, tenant_id):
 
67
        user_dn = self._id_to_dn(id)
 
68
        user = self.get(id)
 
69
        tenant = self.api.tenant._ldap_get(tenant_id,
 
70
                                           '(member=%s)' % (user_dn,))
 
71
        if tenant is not None:
 
72
            return user
 
73
        else:
 
74
            return None
 
75
 
 
76
    def delete_tenant_user(self, id, tenant_id):
 
77
        self.api.tenant.remove_user(tenant_id, id)
 
78
        self.delete(id)
 
79
 
 
80
    def user_role_add(self, values):
 
81
        return self.api.role.add_user(values.role_id, values.user_id,
 
82
                                      values.tenant_id)
 
83
 
 
84
    def user_get_update(self, id):
 
85
        return self.get(id)
 
86
 
 
87
    def users_get_page(self, marker, limit):
 
88
        return self.get_page(marker, limit)
 
89
 
 
90
    def users_get_page_markers(self, marker, limit):
 
91
        return self.get_page_markers(marker, limit)
 
92
 
 
93
    def users_get_by_tenant_get_page(self, tenant_id, marker, limit):
 
94
        return self._get_page(marker, limit,
 
95
                self.api.tenant.get_users(tenant_id))
 
96
 
 
97
    def users_get_by_tenant_get_page_markers(self, tenant_id, marker, limit):
 
98
        return self._get_page_markers(marker, limit,
 
99
                self.api.tenant.get_users(tenant_id))
 
100
 
 
101
    def check_password(self, user, password):
 
102
        try:
 
103
            self.api.get_connection(self._id_to_dn(user.id), password)
 
104
        except (ldap.NO_SUCH_OBJECT, ldap.INAPPROPRIATE_AUTH,
 
105
                ldap.INVALID_CREDENTIALS):
 
106
            return False
 
107
        else:
 
108
            return True
 
109
 
 
110
    add_redirects(locals(), SQLUserAPI, ['get_by_group', 'tenant_group',
 
111
        'tenant_group_delete', 'user_groups_get_all',
 
112
        'users_tenant_group_get_page', 'users_tenant_group_get_page_markers'])