X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=userdir_ldap.py;h=0ef10996c91bb95d05045d9822707ce94729b7b7;hp=bdc4fcb877b91d0d1a108ee1e41ce222904fb0cb;hb=a6fb69805c3999a85c064a96c93417bb1c284c5c;hpb=91d5b5c1125595d131fc089aa25a983441b96b7a diff --git a/userdir_ldap.py b/userdir_ldap.py index bdc4fcb..0ef1099 100644 --- a/userdir_ldap.py +++ b/userdir_ldap.py @@ -1,6 +1,6 @@ # Copyright (c) 1999-2000 Jason Gunthorpe # Copyright (c) 2001-2003 Ryan Murray -# Copyright (c) 2004 Joey Schulze +# Copyright (c) 2004-2005 Joey Schulze # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # Some routines and configuration that are used by the ldap progams -import termios, re, string, imp, ldap, sys, whrandom, crypt, rfc822; +import termios, re, imp, ldap, sys, crypt, rfc822; import userdir_gpg try: @@ -42,13 +42,22 @@ Ech_ErrorLog = ConfModule.ech_errorlog; Ech_MainLog = ConfModule.ech_mainlog; # Break up the keyring list -userdir_gpg.SetKeyrings(string.split(ConfModule.keyrings,":")); +userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":")) # This is a list of common last-name prefixes LastNamesPre = {"van": None, "von": None, "le": None, "de": None, "di": None}; # This is a list of common groups on Debian hosts -DebianGroups = {"Debian": 800, "guest": 60000} +DebianGroups = { + "Debian": 800, + "guest": 60000, + "nogroup": 65534 + } + +# ObjectClasses for different object types +UserObjectClasses = ("top", "inetOrgPerson", "debianAccount", "shadowAccount", "debianDeveloper") +RoleObjectClasses = ("top", "debianAccount", "shadowAccount", "debianRoleAccount") +GroupObjectClasses = ("top", "debianGroup") # SSH Key splitting. The result is: # (options,size,modulous,exponent,comment) @@ -111,10 +120,33 @@ def getpass(prompt = "Password: "): print; return passwd; +def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser): + """ + Ask for the AdminUser's password and connect to the LDAP server. + Returns the connection handle. + """ + print "Accessing LDAP directory as '" + AdminUser + "'"; + while (1): + Password = getpass(AdminUser + "'s password: "); + + if len(Password) == 0: + sys.exit(0) + + l = ldap.open(LDAPServer); + UserDn = "uid=" + AdminUser + "," + BaseDn; + + # Connect to the ldap server + try: + l.simple_bind_s(UserDn,Password); + except ldap.INVALID_CREDENTIALS: + continue + break + return l + # Split up a name into multiple components. This tries to best guess how # to split up a name def NameSplit(Name): - Words = re.split(" ",string.strip(Name)); + Words = re.split(" ", Name.strip()) # Insert an empty middle name if (len(Words) == 2): @@ -144,7 +176,7 @@ def NameSplit(Name): Words.append(''); # Merge any of the last name prefixes into one big last name - while LastNamesPre.has_key(string.lower(Words[-2])): + while LastNamesPre.has_key(Words[-2].lower()): Words[-1] = Words[-2] + " " + Words[-1]; del Words[-2]; @@ -155,10 +187,10 @@ def NameSplit(Name): # If the name is multi-word then we glob them all into the last name and # do not worry about a middle name if (len(Words) > 3): - Words[2] = string.join(Words[1:]); + Words[2] = " ".join(Words[1:]) Words[1] = ""; - return (string.strip(Words[0]),string.strip(Words[1]),string.strip(Words[2])); + return (Words[0].strip(), Words[1].strip(), Words[2].strip()); # Compute a random password using /dev/urandom def GenPass(): @@ -215,7 +247,7 @@ def FlushOutstanding(l,Outstanding,Fast=0): # Convert a lat/long attribute into Decimal degrees def DecDegree(Posn,Anon=0): Parts = re.match('[-+]?(\d*)\\.?(\d*)',Posn).groups(); - Val = string.atof(Posn); + Val = float(Posn); if (abs(Val) >= 1806060.0): raise ValueError,"Too Big"; @@ -286,12 +318,12 @@ def FormatPGPKey(Str): I = I + 4; else: Res = Str; - return string.strip(Res); + return Res.strip() # Take an email address and split it into 3 parts, (Name,UID,Domain) def SplitEmail(Addr): # Is not an email address at all - if string.find(Addr,'@') == -1: + if Addr.find('@') == -1: return (Addr,"",""); Res1 = rfc822.AddrlistClass(Addr).getaddress(); @@ -303,7 +335,7 @@ def SplitEmail(Addr): # If there is no @ then the address was not parsed well. Try the alternate # Parsing scheme. This is particularly important when scanning PGP keys. - Res2 = string.split(Res1[1],"@"); + Res2 = Res1[1].split("@"); if len(Res2) != 2: Match = AddressSplit.match(Addr); if Match == None: @@ -364,8 +396,8 @@ def GetUID(l,Name,UnknownMap = {}): # deals with special purpose keys like 'James Troup (Alternate Debian key)' # Some people put their names backwards on their key too.. check that as well if len(Attrs) == 1 and \ - (string.find(string.lower(sn),string.lower(Attrs[0][1]["sn"][0])) != -1 or \ - string.find(string.lower(cn),string.lower(Attrs[0][1]["sn"][0])) != -1): + ( sn.lower().find(Attrs[0][1]["sn"][0].lower()) != -1 or \ + cn.lower().find(Attrs[0][1]["sn"][0].lower()) != -1 ): Stat = EmailAppend+" hit for "+str(Name); return (Name[1],[Stat]); @@ -384,9 +416,18 @@ def GetUID(l,Name,UnknownMap = {}): return (None,None); -def Group2GID(name): - """Returns the numerical id of a common group""" +def Group2GID(l, name): + """ + Returns the numerical id of a common group + on error returns -1 + """ for g in DebianGroups.keys(): if name == g: return DebianGroups[g] - return name + + filter = "(gid=%s)" % name + res = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,filter,["gidNumber"]); + if res: + return int(GetAttr(res[0], "gidNumber")) + + return -1