8 array_values = ['objectClass', 'keyFingerPrint', 'mailWhitelist', 'mailRBL',
9 'mailRHSBL', 'supplementaryGid', 'sshRSAAuthKey',
10 'sudoPassword', 'dnsZoneEntry', 'allowedHost']
11 int_values = ['shadowExpire', 'gidNumber', 'uidNumber']
13 'accountStatus': 'active',
18 def from_search(ldap_connection, base, user):
19 searchresult = ldap_connection.search_s(base, ldap.SCOPE_SUBTREE, 'uid=%s'%(user))
20 if len(searchresult) < 1:
21 raise IndexError, "No such user: %s\n"%(user)
22 elif len(searchresult) > 1:
23 raise IndexError, "More than one hit when getting %s\n"%(user)
25 return Account(searchresult[0][0], searchresult[0][1])
27 def __init__(self, dn, attributes):
29 self.attributes = attributes
32 def __getitem__(self, key):
34 return self.cache[key]
36 if key in self.attributes:
37 if key in self.array_values:
38 self.cache[key] = self.attributes[key]
39 elif not len(self.attributes[key]) == 1:
40 raise ValueError, 'non-array value has not exactly one value'
41 elif key in self.int_values:
42 self.cache[key] = int(self.attributes[key][0])
44 self.cache[key] = self.attributes[key][0]
45 elif key in self.defaults:
46 self.cache[key] = self.defaults[key]
48 raise IndexError, "No such key: %s (dn: %s)"%(key, self.dn)
50 return self.cache[key]
52 def __contains__(self, key):
53 return key in self.attributes
56 if 'mailDisableMessage' in self.attributes:
60 # not locked locked, just reset to something invalid like {crypt}*SSLRESET* is still active
62 if not 'userPassword' in self:
64 if self['userPassword'].upper() == '{CRYPT}*LK*':
66 if self['userPassword'].upper().startswith("{CRYPT}!"):
70 def get_password(self):
71 p = self['userPassword']
72 if not p.upper().startswith('{CRYPT}') or len(p) > 50:
78 def shadow_active(self):
79 if 'shadowExpire' in self and \
80 self['shadowExpire'] < (time.time() / 3600 / 24):
85 return len(self['keyFingerPrint'])
87 def is_active_user(self):
88 return self['accountStatus'] == 'active' and self.numkeys() != 0
90 def is_guest_account(self):
91 return 'guest' in self['supplementaryGid']
93 def latitude_dec(self, anonymized=False):
94 return userdir_ldap.DecDegree(self['latitude'], anonymized)
95 def longitude_dec(self, anonymized=False):
96 return userdir_ldap.DecDegree(self['longitude'], anonymized)
98 def verbose_status(self):
100 status.append('mail: %s' %(['disabled', 'active'][ self.has_mail() ]))
101 status.append('pw: %s' %(['locked', 'active'][ self.pw_active() ]))
102 status.append('shadow: %s'%(['expired', 'active'][ self.shadow_active() ]))
103 status.append('keys: %d' %( self.numkeys() ))
104 status.append('status: %s'%( self['accountStatus'] ))
106 return '(%s)'%(', '.join(status))
108 def delete_mailforward(self):
109 del self.attributes['emailForward']
114 def email_address(self):
115 mailbox = "<%s@%s>" % (self['uid'], userdir_ldap.EmailAppend)
117 if 'cn' in self: tokens.append(self['cn'])
118 if 'sn' in self: tokens.append(self['sn'])
119 tokens.append(mailbox)
120 return ' '.join(tokens)
122 def is_allowed_by_hostacl(self, host):
123 if not 'allowedHost' in self: return False
124 if host in self['allowedHost']: return True
125 # or maybe it's a date limited ACL
126 for entry in self['allowedHost']:
127 list = entry.split(None,1)
128 if len(list) == 1: continue
130 if host != h: continue
132 parsed = datetime.datetime.strptime(expire, '%Y%m%d')
134 print >>sys.stderr, "Cannot parse expiry date in '%s' in hostACL entry for %s."%(entry, self['uid'])
136 return parsed >= datetime.datetime.now()
142 # vim:set shiftwidth=4: