diff --git a/gvaldap/ldapentities/models.py b/gvaldap/ldapentities/models.py index f4ee071..ef1d390 100644 --- a/gvaldap/ldapentities/models.py +++ b/gvaldap/ldapentities/models.py @@ -23,6 +23,7 @@ class LdapGroup(ldapmodels.Model): # posixGroup attributes gid = IntegerField(db_column='gidNumber', unique=True) name = CharField(db_column='cn', max_length=200, primary_key=True) + description = CharField(db_column='description') members = ListField(db_column='memberUid', blank=True) def __str__(self): diff --git a/gvaldap/osusers/models.py b/gvaldap/osusers/models.py index e1c641f..e69de29 100644 --- a/gvaldap/osusers/models.py +++ b/gvaldap/osusers/models.py @@ -1,42 +0,0 @@ -from django.db import models -from django.utils.encoding import python_2_unicode_compatible -from django.utils.translation import ugettext as _ - -from model_utils.models import TimeStampedModel - - -@python_2_unicode_compatible -class Group(TimeStampedModel, models.Model): - groupname = models.CharField( - _('Group name'), max_length=16, unique=True) - gid = models.PositiveSmallIntegerField( - _('Group ID'), unique=True, primary_key=True) - descr = models.TextField(_('Description'), blank=True) - passwd = models.CharField( - _('Group password'), max_length=128, blank=True) - - class Meta: - verbose_name = _('Group') - verbose_name_plural = _('Groups') - - def __str__(self): - return '{0} ({1})'.format(self.groupname, self.gid) - - -@python_2_unicode_compatible -class User(TimeStampedModel, models.Model): - username = models.CharField( - _('User name'), max_length=64, unique=True) - uid = models.PositiveSmallIntegerField( - _('User ID'), unique=True, primary_key=True) - group = models.ForeignKey(Group, verbose_name=_('Group')) - gecos = models.CharField(_('Gecos field'), max_length=128, blank=True) - homedir = models.CharField(_('Home directory'), max_length=256) - shell = models.CharField(_('Login shell'), max_length=64) - - class Meta: - verbose_name = _('User') - verbose_name_plural = _('Users') - - def __str__(self): - return '{0} ({1})'.format(self.username, self.uid) diff --git a/gvaldap/osusers/tasks.py b/gvaldap/osusers/tasks.py index f0b6fbc..b1be4c1 100644 --- a/gvaldap/osusers/tasks.py +++ b/gvaldap/osusers/tasks.py @@ -1,28 +1,130 @@ from __future__ import absolute_import +from django.core.exceptions import ObjectDoesNotExist from celery import shared_task +from celery.utils.log import get_task_logger +from celery.exceptions import Reject from ldapentities.models import ( LdapGroup, LdapUser, ) +_logger = get_task_logger(__name__) + + @shared_task -def create_ldap_group(group): - ldapgroup = LdapGroup(gid=group.gid, name=group.groupname) +def create_ldap_group(groupname, gid, descr): + try: + ldapgroup = LdapGroup.objects.get(name=groupname) + _logger.info( + 'ldap group with dn {0} already exists'.format(ldapgroup.dn) + ) + ldapgroup.gid = gid + except LdapGroup.DoesNotExist: + ldapgroup = LdapGroup(gid=gid, name=groupname) + ldapgroup.description = descr ldapgroup.save() return ldapgroup.dn @shared_task -def create_ldap_user(user, password): - ldapuser = LdapUser( - uid=user.uid, group=user.group.gid, gecos=user.gecos, - home_directory=user.homedir, login_shell=user.shell, - username=user.username, common_name=user.username) - ldapuser.set_password(password) - ldapgroup = LdapGroup.objects.get(gid=ldapuser.group) - ldapgroup.members.append(ldapuser.username) - ldapgroup.save() +def create_ldap_user(username, uid, gid, gecos, homedir, shell, password): + try: + ldapuser = LdapUser.objects.get(username=username) + _logger.info( + 'ldap user with dn {0} already exists'.format(ldapuser.dn) + ) + except LdapUser.DoesNotExist: + ldapuser = LdapUser(username=username) + try: + ldapgroup = LdapGroup.objects.get(gid=gid) + except ObjectDoesNotExist as exc: + _logger.info('ldap group with gid {0} does not exist') + raise Reject(exc, requeue=False) + ldapuser.uid = uid + ldapuser.group = gid + ldapuser.gecos = gecos + ldapuser.home_directory = homedir + ldapuser.login_shell = shell + ldapuser.username = username + ldapuser.common_name = username + if password is not None: + ldapuser.set_password(password) + if ldapuser.username in ldapgroup.members: + _logger.info('user {0} is already member of {1}'.format( + ldapuser.username, ldapgroup.dn) + ) + else: + ldapgroup.members.append(ldapuser.username) + ldapgroup.save() ldapuser.save() return ldapuser.dn + + +@shared_task(bind=True) +def add_ldap_user_to_group(self, username, groupname): + try: + ldapgroup = LdapGroup.objects.get(name=groupname) + ldapuser = LdapUser.objects.get(username=username) + except LdapGroup.DoesNotExist: + _logger.error('ldap group {0} does not exist'.format(groupname)) + except LdapUser.DoesNotExist as exc: + _logger.error('ldap user {0} does not exist'.format(username)) + self.retry(exc=exc, time_limit=5) + else: + if not ldapuser.username in ldapgroup.members: + ldapgroup.members.append(ldapuser.username) + ldapgroup.save() + else: + _logger.info('ldap user {0} is already in group {1}'.format( + ldapuser.username, ldapgroup.dn) + ) + + +@shared_task +def remove_ldap_user_from_group(username, groupname): + ldapgroup = LdapGroup.objects.get(name=groupname) + ldapuser = LdapUser.objects.get(username=username) + if ldapuser.username in ldapgroup.members: + ldapgroup.members.remove(ldapuser.username) + ldapgroup.save() + + +@shared_task +def delete_ldap_user(username): + try: + ldapuser = LdapUser.objects.get(username=username) + except LdapUser.DoesNotExist: + _logger.info('there is no ldap user with uid {0}'.format( + username) + ) + else: + try: + ldapgroup = LdapGroup.objects.get(gid=ldapuser.group) + except LdapGroup.DoesNotExist: + _logger.info('group {0} for user {1} does not exist'.format( + ldapuser.group, ldapuser.username) + ) + else: + if ldapuser.username in ldapgroup.members: + ldapgroup.members.remove(ldapuser.username) + ldapgroup.save() + ldapuser.delete() + + +@shared_task +def delete_ldap_group_if_empty(groupname): + try: + ldapgroup = LdapGroup.objects.get(name=groupname) + except LdapGroup.DoesNotExist: + _logger.info('ldap group with name {0} does not exist'.format( + groupname) + ) + else: + if len(ldapgroup.members) == 0: + ldapgroup.delete() + else: + _logger.info('ldap group {0} still has {1} members'.format( + ldapgroup.dn, len(ldapgroup.members)) + )