4
from keystone import utils
5
from keystone.backends.api import BaseUserAPI
6
from keystone.backends.sqlalchemy.api.user import UserAPI as SQLUserAPI
9
from .base import BaseLdapAPI, add_redirects
12
class UserAPI(BaseLdapAPI, BaseUserAPI):
13
DEFAULT_TREE_DN = 'ou=Users,dc=example,dc=com'
14
options_name = 'user_tree_dn'
15
object_class = 'keystoneUser'
18
'password': 'userPassword',
20
'enabled': 'keystoneEnabled',
22
attribute_ignore = ['tenant_id']
24
def _ldap_res_to_model(self, res):
25
obj = super(UserAPI, self)._ldap_res_to_model(res)
26
tenants = self.api.tenant.get_user_tenants(obj.id)
28
obj.tenant_id = tenants[0].id
31
def create(self, values):
32
super(UserAPI, self).create(values)
33
if values['tenant_id'] is not None:
34
self.api.tenant.add_user(values['tenant_id'], values['id'])
36
def update(self, id, values):
37
old_obj = self.get(id)
39
new_tenant = values['tenant_id']
43
if old_obj.tenant_id != new_tenant:
44
self.api.tenant.remove_user(old_obj.tenant_id, id)
45
self.api.tenant.add_user(new_tenant, id)
46
super(UserAPI, self).update(id, values, old_obj)
49
super(UserAPI, self).delete(id)
50
for ref in self.api.role.ref_get_all_global_roles(id):
51
self.api.role.ref_delete(ref.id)
52
for ref in self.api.role.ref_get_all_tenant_roles(id):
53
self.api.role.ref_delete(ref.id)
55
def get_by_email(self, email):
56
users = self.get_all('(mail=%s)' % \
57
(ldap.filter.escape_filter_chars(email),))
63
def user_roles_by_tenant(self, user_id, tenant_id):
64
return self.api.role.ref_get_all_tenant_roles(user_id, tenant_id)
66
def get_by_tenant(self, id, tenant_id):
67
user_dn = self._id_to_dn(id)
69
tenant = self.api.tenant._ldap_get(tenant_id,
70
'(member=%s)' % (user_dn,))
71
if tenant is not None:
76
def delete_tenant_user(self, id, tenant_id):
77
self.api.tenant.remove_user(tenant_id, id)
80
def user_role_add(self, values):
81
return self.api.role.add_user(values.role_id, values.user_id,
84
def user_get_update(self, id):
87
def users_get_page(self, marker, limit):
88
return self.get_page(marker, limit)
90
def users_get_page_markers(self, marker, limit):
91
return self.get_page_markers(marker, limit)
93
def users_get_by_tenant_get_page(self, tenant_id, marker, limit):
94
return self._get_page(marker, limit,
95
self.api.tenant.get_users(tenant_id))
97
def users_get_by_tenant_get_page_markers(self, tenant_id, marker, limit):
98
return self._get_page_markers(marker, limit,
99
self.api.tenant.get_users(tenant_id))
101
def check_password(self, user, password):
103
self.api.get_connection(self._id_to_dn(user.id), password)
104
except (ldap.NO_SUCH_OBJECT, ldap.INAPPROPRIATE_AUTH,
105
ldap.INVALID_CREDENTIALS):
110
add_redirects(locals(), SQLUserAPI, ['get_by_group', 'tenant_group',
111
'tenant_group_delete', 'user_groups_get_all',
112
'users_tenant_group_get_page', 'users_tenant_group_get_page_markers'])