Author: adc
Date: Sun Jul 6 21:25:27 2014
New Revision: 1608293
URL: http://svn.apache.org/r1608293
Log:
Some additions to ldap
- groups
- infrastructure group test
Modified:
labs/panopticon/pan-utils/src/asf/data/ldap.py
labs/panopticon/pan-utils/src/asf/person.py
labs/panopticon/pan-utils/tests/test_ldap.py
Modified: labs/panopticon/pan-utils/src/asf/data/ldap.py
URL:
http://svn.apache.org/viewvc/labs/panopticon/pan-utils/src/asf/data/ldap.py?rev=1608293&r1=1608292&r2=1608293&view=diff
==============================================================================
--- labs/panopticon/pan-utils/src/asf/data/ldap.py (original)
+++ labs/panopticon/pan-utils/src/asf/data/ldap.py Sun Jul 6 21:25:27 2014
@@ -30,7 +30,9 @@ import ldap
LDAP_URL = 'ldaps://minotaur.apache.org:636'
LDAP_TLS_CACERTFILE = None
-LDAP_BASE = 'ou=people,dc=apache,dc=org'
+LDAP_PEOPLE_BASE = 'ou=people,dc=apache,dc=org'
+LDAP_GROUPS_BASE = 'ou=groups,dc=apache,dc=org'
+LDAP_SERVICE_GROUPS_BASE = 'ou=groups,ou=services,dc=apache,dc=org'
TUNNEL_LDAP_URL = 'ldaps://ldap-tunnel.apache.org:6636'
TUNNEL_LDAP_TLS_CACERTFILE = '/etc/openldap/asf-ldap-client.pem'
@@ -73,14 +75,15 @@ class LDAP(object):
:param ldap_url: LDAP URL to use to connect to ASF Active Directory
Server
:param tls_ca_cert_file: TLS CA certificate file to use to connect
to ASF Active Directory Server
"""
- self.base = LDAP_BASE
+ self.base = LDAP_PEOPLE_BASE
self.ldap = generate_ldap_context(ldap_url, tls_ca_cert_file)
self.ldap.simple_bind_s()
- def search(self, search_filter, attributes=None):
+ def search(self, base, search_filter, attributes=None):
"""
Perform a search against the LDAP server.
+ :param base: An LDAP base.
:param search_filter: An LDAP search filter.
:param attributes: LDAP attributes to return. Defaults to all ('*').
@@ -97,7 +100,7 @@ class LDAP(object):
if not search_filter.startswith('(') and not
search_filter.endswith(')'):
search_filter = '(%s)' % search_filter
- res = self.ldap.search_s(self.base, ldap.SCOPE_ONELEVEL,
search_filter, attributes)
+ res = self.ldap.search_s(base, ldap.SCOPE_ONELEVEL, search_filter,
attributes)
if not res:
return None
@@ -107,7 +110,7 @@ class LDAP(object):
return res
- def search_first(self, search_filter, attributes=None):
+ def search_first(self, base, search_filter, attributes=None):
"""
Perform a search against the LDAP server & return the first result
or None.
@@ -115,7 +118,7 @@ class LDAP(object):
:param attributes: LDAP attributes to return. Defaults to all ('*').
"""
- res = self.search(search_filter, attributes=attributes)
+ res = self.search(base, search_filter, attributes=attributes)
if res is None:
return None
@@ -133,7 +136,7 @@ class LDAP(object):
:param attributes: LDAP attributes to return. Defaults to all ('*').
"""
- return self.search_first('(cn=%s)' % name, attributes)
+ return self.search_first(LDAP_PEOPLE_BASE, '(cn=%s)' % name,
attributes)
def find_by_username(self, username, attributes=None):
"""
@@ -143,17 +146,33 @@ class LDAP(object):
:param attributes: LDAP attributes to return. Defaults to all ('*').
"""
- return self.search_first('(uid=%s)' % username, attributes)
+ return self.search_first(LDAP_PEOPLE_BASE, '(uid=%s)' % username,
attributes)
def is_valid_account(self, username):
""" Check if the username is valid in the directory. Returns `True` or
`False`. """
- res = self.search_first('(uid=%s)' % username, 'uid')
+ res = self.search_first(LDAP_PEOPLE_BASE, '(uid=%s)' % username, 'uid')
if res and res == username:
return True
return False
+ def find_groups(self, username):
+ res = self.search(LDAP_GROUPS_BASE, '(memberUid=%s)' % username, 'cn')
+
+ groups = []
+ if res is not None:
+ for _, attributes in res:
+ groups.append(attributes['cn'][0])
+
+ return sorted(groups)
+
+ def is_infrastructure_member(self, username):
+ res = self.search(LDAP_SERVICE_GROUPS_BASE, 'cn=infrastructure',
'member')
+ members = res[0][1]['member']
+ print 'z', res[0][1]['member']
+ return 'uid=%s,ou=people,dc=apache,dc=org' % username in members
+
def default_cacert_file():
""" Return the path to the CA Cert file to validate the TLS connection. """
Modified: labs/panopticon/pan-utils/src/asf/person.py
URL:
http://svn.apache.org/viewvc/labs/panopticon/pan-utils/src/asf/person.py?rev=1608293&r1=1608292&r2=1608293&view=diff
==============================================================================
--- labs/panopticon/pan-utils/src/asf/person.py (original)
+++ labs/panopticon/pan-utils/src/asf/person.py Sun Jul 6 21:25:27 2014
@@ -91,7 +91,7 @@ class Person(object):
@classmethod
def find_by_email(cls, email):
""" Returns an instance of :class:`Person` with the corresponding
email."""
- username = ldap.LDAP().search_first('(asf-altEmail=%s)' % email, 'uid')
+ username = ldap.LDAP().search_first(ldap.LDAP_PEOPLE_BASE,
'(asf-altEmail=%s)' % email, 'uid')
return None if not username else Person(username)
@staticmethod
Modified: labs/panopticon/pan-utils/tests/test_ldap.py
URL:
http://svn.apache.org/viewvc/labs/panopticon/pan-utils/tests/test_ldap.py?rev=1608293&r1=1608292&r2=1608293&view=diff
==============================================================================
--- labs/panopticon/pan-utils/tests/test_ldap.py (original)
+++ labs/panopticon/pan-utils/tests/test_ldap.py Sun Jul 6 21:25:27 2014
@@ -58,5 +58,21 @@ def test_find_by_common_name():
@ensure_ldap
+def test_find_groups():
+ ldap = LDAP()
+
+ result = ldap.find_groups('adc')
+ assert 'incubator' in result
+
+
+@ensure_ldap
+def test_is_infrastructure_member():
+ ldap = LDAP()
+
+ assert not ldap.is_infrastructure_member('adc')
+ assert ldap.is_infrastructure_member('rubys')
+
+
+@ensure_ldap
def test_check_user_password():
assert not check_user_password('adc', 'SECRET')
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@labs.apache.org
For additional commands, e-mail: commits-h...@labs.apache.org
