2014-05-30 12:12:21 +02:00
|
|
|
from __future__ import absolute_import
|
|
|
|
|
2014-05-30 18:42:04 +02:00
|
|
|
from django.core.exceptions import ObjectDoesNotExist
|
2014-05-30 12:12:21 +02:00
|
|
|
from celery import shared_task
|
2014-05-30 18:42:04 +02:00
|
|
|
from celery.utils.log import get_task_logger
|
|
|
|
from celery.exceptions import Reject
|
2014-05-30 12:12:21 +02:00
|
|
|
from ldapentities.models import (
|
|
|
|
LdapGroup,
|
|
|
|
LdapUser,
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2014-05-30 18:42:04 +02:00
|
|
|
_logger = get_task_logger(__name__)
|
|
|
|
|
|
|
|
|
2014-05-30 12:12:21 +02:00
|
|
|
@shared_task
|
2014-05-30 18:42:04 +02:00
|
|
|
def create_ldap_group(groupname, gid, descr):
|
|
|
|
try:
|
|
|
|
ldapgroup = LdapGroup.objects.get(name=groupname)
|
|
|
|
_logger.info(
|
|
|
|
'ldap group with dn {0} already exists'.format(ldapgroup.dn)
|
|
|
|
)
|
|
|
|
ldapgroup.gid = gid
|
|
|
|
except LdapGroup.DoesNotExist:
|
|
|
|
ldapgroup = LdapGroup(gid=gid, name=groupname)
|
|
|
|
ldapgroup.description = descr
|
2014-05-30 12:12:21 +02:00
|
|
|
ldapgroup.save()
|
|
|
|
return ldapgroup.dn
|
|
|
|
|
|
|
|
|
|
|
|
@shared_task
|
2014-05-30 18:42:04 +02:00
|
|
|
def create_ldap_user(username, uid, gid, gecos, homedir, shell, password):
|
|
|
|
try:
|
|
|
|
ldapuser = LdapUser.objects.get(username=username)
|
|
|
|
_logger.info(
|
|
|
|
'ldap user with dn {0} already exists'.format(ldapuser.dn)
|
|
|
|
)
|
|
|
|
except LdapUser.DoesNotExist:
|
|
|
|
ldapuser = LdapUser(username=username)
|
|
|
|
try:
|
|
|
|
ldapgroup = LdapGroup.objects.get(gid=gid)
|
|
|
|
except ObjectDoesNotExist as exc:
|
|
|
|
_logger.info('ldap group with gid {0} does not exist')
|
|
|
|
raise Reject(exc, requeue=False)
|
|
|
|
ldapuser.uid = uid
|
|
|
|
ldapuser.group = gid
|
|
|
|
ldapuser.gecos = gecos
|
|
|
|
ldapuser.home_directory = homedir
|
|
|
|
ldapuser.login_shell = shell
|
|
|
|
ldapuser.username = username
|
|
|
|
ldapuser.common_name = username
|
|
|
|
if password is not None:
|
|
|
|
ldapuser.set_password(password)
|
|
|
|
if ldapuser.username in ldapgroup.members:
|
|
|
|
_logger.info('user {0} is already member of {1}'.format(
|
|
|
|
ldapuser.username, ldapgroup.dn)
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
ldapgroup.members.append(ldapuser.username)
|
|
|
|
ldapgroup.save()
|
2014-05-30 12:12:21 +02:00
|
|
|
ldapuser.save()
|
|
|
|
return ldapuser.dn
|
2014-05-30 18:42:04 +02:00
|
|
|
|
|
|
|
|
|
|
|
@shared_task(bind=True)
|
|
|
|
def add_ldap_user_to_group(self, username, groupname):
|
|
|
|
try:
|
|
|
|
ldapgroup = LdapGroup.objects.get(name=groupname)
|
|
|
|
ldapuser = LdapUser.objects.get(username=username)
|
|
|
|
except LdapGroup.DoesNotExist:
|
|
|
|
_logger.error('ldap group {0} does not exist'.format(groupname))
|
|
|
|
except LdapUser.DoesNotExist as exc:
|
|
|
|
_logger.error('ldap user {0} does not exist'.format(username))
|
|
|
|
self.retry(exc=exc, time_limit=5)
|
|
|
|
else:
|
|
|
|
if not ldapuser.username in ldapgroup.members:
|
|
|
|
ldapgroup.members.append(ldapuser.username)
|
|
|
|
ldapgroup.save()
|
|
|
|
else:
|
|
|
|
_logger.info('ldap user {0} is already in group {1}'.format(
|
|
|
|
ldapuser.username, ldapgroup.dn)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
@shared_task
|
|
|
|
def remove_ldap_user_from_group(username, groupname):
|
|
|
|
ldapgroup = LdapGroup.objects.get(name=groupname)
|
|
|
|
ldapuser = LdapUser.objects.get(username=username)
|
|
|
|
if ldapuser.username in ldapgroup.members:
|
|
|
|
ldapgroup.members.remove(ldapuser.username)
|
|
|
|
ldapgroup.save()
|
|
|
|
|
|
|
|
|
|
|
|
@shared_task
|
|
|
|
def delete_ldap_user(username):
|
|
|
|
try:
|
|
|
|
ldapuser = LdapUser.objects.get(username=username)
|
|
|
|
except LdapUser.DoesNotExist:
|
|
|
|
_logger.info('there is no ldap user with uid {0}'.format(
|
|
|
|
username)
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
try:
|
|
|
|
ldapgroup = LdapGroup.objects.get(gid=ldapuser.group)
|
|
|
|
except LdapGroup.DoesNotExist:
|
|
|
|
_logger.info('group {0} for user {1} does not exist'.format(
|
|
|
|
ldapuser.group, ldapuser.username)
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
if ldapuser.username in ldapgroup.members:
|
|
|
|
ldapgroup.members.remove(ldapuser.username)
|
|
|
|
ldapgroup.save()
|
|
|
|
ldapuser.delete()
|
|
|
|
|
|
|
|
|
|
|
|
@shared_task
|
|
|
|
def delete_ldap_group_if_empty(groupname):
|
|
|
|
try:
|
|
|
|
ldapgroup = LdapGroup.objects.get(name=groupname)
|
|
|
|
except LdapGroup.DoesNotExist:
|
|
|
|
_logger.info('ldap group with name {0} does not exist'.format(
|
|
|
|
groupname)
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
if len(ldapgroup.members) == 0:
|
|
|
|
ldapgroup.delete()
|
|
|
|
else:
|
|
|
|
_logger.info('ldap group {0} still has {1} members'.format(
|
|
|
|
ldapgroup.dn, len(ldapgroup.members))
|
|
|
|
)
|