HPCE/ldapuserdir
0
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Added sphinx documentation and did some cleanup

Browse Source 
Converted all docstrings from doxygen to numpydoc formats
This commit is contained in:
feichtinger
2013-05-02 09:56:22 +02:00
parent d722c32000
commit a3e4694971
10 changed files with 731 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -18,3 +18,4 @@ pip-log.txt
*~
.ropeproject
/docs/_build

2
MANIFEST.in
View File

@@ -1,4 +1,4 @@
include bin/ldapuserdir-ctl
include etc/ldapuserdir-ctl.cfg
recursive-include ldapuserdir
recursive-include ldapuserdir *.py

4
bin/ldapuserdir-ctl
View File

@@ -76,10 +76,10 @@ usage = """%prog [options] groupname [usernames]
the short names (in that case they will be extended by the
standard OU extension)
The configuration is read from a configuration file (default
The configuration is read from a configuration file. Default
locations:
"""
usage += ", ".join(cfgfile_loc) + ')\n'
usage += "\n\t* " + "\n\t* ".join(cfgfile_loc) + '\n'
usage_epilog = """
Examples:

177
docs/Makefile Normal file
View File

@@ -0,0 +1,177 @@
# Makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
PAPER =
BUILDDIR = _build
# User-friendly check for sphinx-build
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
endif
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " dirhtml to make HTML files named index.html in directories"
@echo " singlehtml to make a single large HTML file"
@echo " pickle to make pickle files"
@echo " json to make JSON files"
@echo " htmlhelp to make HTML files and a HTML help project"
@echo " qthelp to make HTML files and a qthelp project"
@echo " devhelp to make HTML files and a Devhelp project"
@echo " epub to make an epub"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " latexpdf to make LaTeX files and run them through pdflatex"
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
@echo " text to make text files"
@echo " man to make manual pages"
@echo " texinfo to make Texinfo files"
@echo " info to make Texinfo files and run them through makeinfo"
@echo " gettext to make PO message catalogs"
@echo " changes to make an overview of all changed/added/deprecated items"
@echo " xml to make Docutils-native XML files"
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
@echo " linkcheck to check all external links for integrity"
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
clean:
rm -rf $(BUILDDIR)/*
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
dirhtml:
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
singlehtml:
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
pickle:
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
json:
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
htmlhelp:
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
qthelp:
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/ldapuserdir.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/ldapuserdir.qhc"
devhelp:
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@echo "To view the help file:"
@echo "# mkdir -p $$HOME/.local/share/devhelp/ldapuserdir"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/ldapuserdir"
@echo "# devhelp"
epub:
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
latexpdf:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
latexpdfja:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through platex and dvipdfmx..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
man:
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
texinfo:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
info:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
gettext:
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
changes:
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
linkcheck:
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
doctest:
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."
xml:
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
@echo
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
pseudoxml:
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
@echo
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."

251
docs/conf.py Normal file
View File

@@ -0,0 +1,251 @@
# -*- coding: utf-8 -*-
#
# ldapuserdir documentation build configuration file, created by
# sphinx-quickstart on Wed May 1 09:14:23 2013.
#
# This file is execfile()d with the current directory set to its containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
import sys, os
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#sys.path.insert(0, os.path.abspath('.'))
# -- General configuration -----------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
#needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = ['sphinx.ext.autodoc',
'sphinx.ext.viewcode',
'numpydoc',
'sphinx.ext.autosummary']
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
# The encoding of source files.
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = u'ldapuserdir'
copyright = u'2013, Derek Feichtinger'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '2.0.0'
# The full version, including alpha/beta/rc tags.
release = '2.0.0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
#today = ''
# Else, today_fmt is used as the format for a strftime call.
#today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['_build']
# The reST default role (used for this markup: `text`) to use for all documents.
#default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
#add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
#add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
#show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
#modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
#keep_warnings = False
# -- Options for HTML output ---------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'default'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
#html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
#html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
#html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
#html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
#html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
#html_last_updated_fmt = '%b %d, %Y'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
#html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
#html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
#html_additional_pages = {}
# If false, no module index is generated.
#html_domain_indices = True
# If false, no index is generated.
#html_use_index = True
# If true, the index is split into individual pages for each letter.
#html_split_index = False
# If true, links to the reST sources are added to the pages.
#html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
#html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
#html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
#html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
#html_file_suffix = None
# Output file base name for HTML help builder.
htmlhelp_basename = 'ldapuserdirdoc'
# -- Options for LaTeX output --------------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
#'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
#'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
#'preamble': '',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title, author, documentclass [howto/manual]).
latex_documents = [
('index', 'ldapuserdir.tex', u'ldapuserdir Documentation',
u'Derek Feichtinger', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
#latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#latex_use_parts = False
# If true, show page references after internal links.
#latex_show_pagerefs = False
# If true, show URL addresses after external links.
#latex_show_urls = False
# Documents to append as an appendix to all manuals.
#latex_appendices = []
# If false, no module index is generated.
#latex_domain_indices = True
# -- Options for manual page output --------------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
('index', 'ldapuserdir', u'ldapuserdir Documentation',
[u'Derek Feichtinger'], 1)
]
# If true, show URL addresses after external links.
#man_show_urls = False
# -- Options for Texinfo output ------------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
('index', 'ldapuserdir', u'ldapuserdir Documentation',
u'Derek Feichtinger', 'ldapuserdir', 'One line description of project.',
'Miscellaneous'),
]
# Documents to append as an appendix to all manuals.
#texinfo_appendices = []
# If false, no module index is generated.
#texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
#texinfo_no_detailmenu = False

30
docs/index.rst Normal file
View File

@@ -0,0 +1,30 @@
.. ldapuserdir documentation master file, created by
sphinx-quickstart on Wed May 1 09:14:23 2013.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
Welcome to ldapuserdir's documentation!
=======================================
Ldapusedir provides a class to interact with an Active Directory using its
LDAP interface. It allows retrieval of information about users and groups
and also changing group memberships.
It also provides the command line utility ldapuserdir-ctl.
Contents:
.. toctree::
:maxdepth: 2
ldapuserdir - provides class for AD interaction <ldapuserdir.rst>
ldapuserdir-ctl - Command Line Utility <ldapuserdir-ctl.rst>
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`

63
docs/ldapuserdir-ctl.rst Normal file
View File

@@ -0,0 +1,63 @@
Command Line Utility
====================
ldapuserdir-ctl
---------------
Usage: ldapuserdir-ctl [options] groupname [usernames]
Used to inspect or change members of a group in Active Directory User
names can be given as full distinguished names or just as the short
names (in that case they will be extended by the standard OU
extension)
Options::
-h, --help show this help message and exit
-a add group members
-d delete group members
-c CFGFILE path of a config file
--configfile show an example configuration file
-u USERFILTER list all matching ldap users that have defined unix
mappings
--debug debug mode: log messages at debug level
-D USER_DN DN or CN of ldap user for binding to the AD server
(CN=minpriv_user,OU=Services,DC=example.com,DC=ch)
-f PWFILE path to password file (without this pwd will be
prompted for)
-g USER_TO_GROUP get group memberships for this user
-v use more verbose output (with user list only)
--user-ou=USER_OU default OU for users (OU=Users,DC=example.com,DC=ch)
--group-ou=GROUP_OU default OU for groups (OU=Groups,DC=example.com,DC=ch)
-n, --allow-no-mssfu do not restrict to entries with unix (msSFU) mappings
-V show version information
Examples::
List group members
$> ldapuserdir-ctl svc_ra_x06sa
$> ldapuserdir-ctl 'svc_ra_*'
Get group memberships for user mueller
$> ldapuserdir-ctl -g mueller
Add/delete users to/from a group (requires access rights!)
$> ldapuserdir-ctl -a svc_ra_x06sa user1 user2 user3
$> ldapuserdir-ctl -d svc_ra_x06sa user1 user2
List users matching a pattern
$> ldapuserdir-ctl -u 'mueller*'
Configuration file
------------------
The configuration is read from a configuration file that is searched
for in these default locations:
* ~/.ldapuserdir-ctl.cfg
* /etc/ldapuserdir-ctl.cfg
.. literalinclude:: ../etc/ldapuserdir-ctl.cfg
:language: ini

19
docs/ldapuserdir.rst Normal file
View File

@@ -0,0 +1,19 @@
ldapuserdir Package
===================
..
:mod:`ldapuserdir` Package
--------------------------
.. automodule:: ldapuserdir.__init__
:members:
:undoc-members:
:show-inheritance:
:mod:`ldapuserdir` Module
-------------------------
.. automodule:: ldapuserdir.ldapuserdir
:members:
:undoc-members:
:show-inheritance:

7
docs/modules.rst Normal file
View File

@@ -0,0 +1,7 @@
ldapuserdir
===========
.. toctree::
:maxdepth: 4
ldapuserdir

239
ldapuserdir/ldapuserdir.py
View File

@@ -12,7 +12,6 @@ with an LDAP based user directory service
import ldap
#import ldap.ldapobject
import os
import sys
import re
from glob import fnmatch
@@ -21,12 +20,41 @@ import time
class LdapUserDirError(Exception):
"""Exception class for LdapUserDir error conditions"""
def __init__(self, errmsg):
super(LdapUserDirError, self).__init__(errmsg)
class LdapUserDir(object):
""" A class to interact with a LDAP based user and group directory
"""A class to interact with a LDAP based user and group directory
Parameters
----------
serverurl : str
URL of LDAP server (e.g. ldaps://host:port)
user_dn : str
DN of user for authenticating to LDAP
user_pw : str
password for authenticating to LDAP
group_ou : str, optional
base path for groups
user_ou : str, optional
base path for users
logger : logger instance, optional
Attributes
----------
serverurl : str
group_ou : str
user_ou : str
user_dn : str
user_pw : str
logger : logger instance
Raises
------
ldap.LDAPError
Reraises original exception from ldap modules
"""
def __init__(self,
serverurl,
@@ -34,8 +62,7 @@ class LdapUserDir(object):
user_pw,
group_ou = 'ou=example.com',
user_ou = 'ou=example.com',
logger = None,
):
logger = None):
self.serverurl = serverurl
self.group_ou = group_ou
self.user_ou = user_ou
@@ -56,14 +83,6 @@ class LdapUserDir(object):
self._ldap = ldap.initialize(self.serverurl, trace_level=0,
trace_file=sys.stderr)
# use a class which will try reconnections to the server by itself
# self._ldap = ldap.ldapobject.ReconnectLDAPObject(self.serverurl,
# trace_level=0,
# trace_file=sys.stderr,
# retry_max=2)
# note: this strangely led to empty answers after some time of
# running on the test extranet deployment. Maybe need to manage that
# myself
self.logger.debug('binding to: %s\n' % serverurl)
self.logger.debug('binding as user: %s\n' % user_dn)
try:
@@ -90,10 +109,32 @@ class LdapUserDir(object):
"""wrapper of standard ldap.search_s synchronous search that
tries to reconnect
Implemented the functionality myself since the use of the
automatic reconnect available (ReconnectLDAPObject) did not do
a rebind (or it failed). This way I have more control.
Implemented the functionality in this class since the use of
the standard automatic reconnect available
(ReconnectLDAPObject) did not do a rebind correctly.
Parameters
----------
base : str
base DN
scope : {ldap.SCOPE_BASE, ldap.SCOPE_ONELEVEL, ldap.SCOPE_SUBTREE}
filterstr : str
LDAP search filter, optional
attrlist : list of str, optional
list of attributes to search for
attrsonly : int, optional
do not return values for attributes if nonzero
recon_attempts : int, optional
number of reconnects to attempt in case of failure
Raises
------
Reraises original exception from ldap.search_s
Returns
-------
list of tuples
list of tuples of the form (dn, attributes)
"""
attempts = 0
ok = False
@@ -153,10 +194,19 @@ class LdapUserDir(object):
def get_users(self, filter='*', ou=None, mssfu=False):
"""get the names of all users from the directory service
@param filter A filter expression used for the cn part of the ldap dn
@param ou The organisational unit to be used in the ldap search
@param mssfu Whether to only show users with mssfu mappings
@returns A dictionary of the matching users { dn1:list1, ... }
Parameters
----------
filter : str, optional
filter expression used for the cn part of the ldap dn
ou : str, optional
mssfu : bool, optional
Whether to only show users with mssfu mappings
Returns
-------
dict
dictionary of the matching users { dn1:list1, ... }
"""
if ou == None:
user_ou = self.user_ou
@@ -176,8 +226,12 @@ class LdapUserDir(object):
def list_users_etcpwd(self, filter='*', ou=None, verbose = False):
"""Print '/etc/pwd' format like information about matching users
@param filter A filter expression used for the cn part of the ldap dn
@param ou The organisational unit to be used in the ldap search
Parameters
----------
filter : str, optional
filter expression used for the cn part of the ldap dn
ou : str, optional
verbose : bool, optional
"""
r = self.get_users(filter, ou, mssfu=True)
for dn, entry in r:
@@ -206,10 +260,22 @@ class LdapUserDir(object):
def systemuser2dn(self, uname):
"""Converts a user's system username to the dn of the ldap directory
by performing a search on ldap
@param uname The system username
@returns The DN of the user
@exception may throw an ldap.LDAPError or LdapUserDir("No such user")
Parameters
----------
uname : str
system username
Returns
-------
str
DN of the user
Raises
------
LdapUserDirError("No such user")
if no such user exists
"""
#try:
srch = '(&(objectClass=user)(!(objectClass=computer))(msSFU30UidNumber=*)(msSFU30HomeDirectory=*)(cn=%s))' % uname
@@ -227,12 +293,22 @@ class LdapUserDir(object):
def get_groups_struct(self, gfilter='*', ou = None, mssfu=False):
"""searches for groups that match filter
returns the full ldap search result structure for the search
with the optional filter applied to the cn field
@param filter A filter expression used for the cn part of the ldap dn
@param ou The organisational unit to be used in the ldap search
@param mssfu Whether to only show users with mssfu mappings
@returns A dictionary of the matching groups { dn1:list1, ... }
Parameters
----------
gfilter : str, optional
filter expression used for the cn part of the ldap dn
ou : str, optional
mssfu : bool, optional
Whether to only show users with mssfu mappings
Returns
-------
dict
dictionary of the matching groups { dn1:list1, ... }
"""
if ou == None:
group_ou = self.group_ou
@@ -257,15 +333,20 @@ class LdapUserDir(object):
Parameters
----------
dn : distinguished name
gfilter : filter expression used for the cn part of the results, optional
returndn : If True then return DNs, optional
recursive : recurse into hierarchical groups, optional
mssfu : whether to only return entries with MSsfu attributes, optional
dn : str
distinguished name
gfilter : str, optional
filter expression used for the cn part of the results
returndn : bool, optional
If True then return DNs, else CNs
recursive : bool, optional
if True, recurse into hierarchical groups
mssfu : bool, optional
whether to only return entries with MSsfu attributes
Returns
-------
List of groups
list
"""
self.logger.debug('get_memberof for %s' % dn)
@@ -304,25 +385,35 @@ class LdapUserDir(object):
return grplist
# reslist = []defu
# for dn, entry in r:
# reslist.append(dn)
# if returndn:
# return reslist
def get_groups_for_user(self, user, gfilter='*', ou=None, returndn = False,
mssfu=False):
"""Get groups for a particular user from LDAP.
The function will try to determine whether it receives a DN or
a system username that needs to be converted to a DN first.
@param user The user's DN or system name
@param gfilter A filter expression used for the cn part of the ldap dn
@param ou The organisational unit to be used in the ldap search
@param returndn If set True the function will return DN, otherwise CN
@param mssfu Whether to only show users with mssfu mappings
@returns list of group names
Parameters
----------
user : str
system username or user DN
gfilter : str, optional
filter expression used for the cn part of the ldap dn
ou : str, optional
The organisational unit to be used in the ldap search
returndn : bool, optional
If set True the function will return DN, otherwise CN
mssfu : bool, optional
Whether to only show users with mssfu mappings
Returns
-------
list
Raises
------
RuntimeError
if CN cannot be identified in a resulting group
"""
if ou == None:
group_ou = self.group_ou
@@ -357,14 +448,22 @@ class LdapUserDir(object):
return cnlist
def list_groups(self, filter = '*', ou = None, mssfu=False):
"""Prints a list of groups from the LDAP directory
@param filter A filter expression used for the cn part of the ldap dn
@param ou The organisational unit to be used in the ldap search
"""Prints a list of groups from the LDAP directory to stdout
Parameters
----------
filter : str, optional
filter expression used for the cn part of the ldap dn
ou : str, optional
organisational unit to be used in the ldap search
mssfu : bool, optional
Whether to only show users with mssfu mappings
"""
r = self.get_groups_struct(filter, ou, mssfu)
if len(r) == 0:
sys.stderr.write("Error: no groups found (filter: %s)\n" % filter)
return 0
return
for dn, entry in r:
print entry['cn'][0]
@@ -373,10 +472,22 @@ class LdapUserDir(object):
print ' member: ', cn
def _mod_groupmembers(self, ldapmode, dngroup, usernames):
"""modifies members of an LDAP group entry
@param ldapmode Either ldap.MOD_ADD, or ldap.MOD_DELETE
@param dngroup DN of the group
@param usernames List of usernames (system names or DNs)
"""modifies (adds/deletes) members of an LDAP group entry
Parameters
----------
ldapmode : {ldap.MOD_ADD, ldap.MOD_DELETE}
dngroup : str
DN of the group
usernames : list of str
List of usernames (system names or DNs)
Raises
------
ldap.LDAPError
Reraises original exception for LDAP problems
RuntimeError
if no such user exists
"""
if not self.has_dn_format(dngroup):
dngroup = ''.join(['cn=', dngroup, ',', self.group_ou])
@@ -402,15 +513,25 @@ class LdapUserDir(object):
def add_groupmembers(self, group, usernames):
"""Adds users to an LDAP group
@param dngroup DN of the group
@param usernames List of usernames (system names or DNs)
Parameters
----------
dngroup : str
DN of the group
usernames : list of str
List of usernames (system names or DNs)
"""
self._mod_groupmembers(ldap.MOD_ADD, group, usernames)
def del_groupmembers(self, group, usernames):
"""Deletes users from an LDAP group
@param dngroup DN of the group
@param usernames List of usernames (system names or DNs)
Parameters
----------
dngroup : str
DN of the group
usernames : list of str
List of usernames (system names or DNs)
"""
self._mod_groupmembers(ldap.MOD_DELETE, group, usernames)