from __future__ import absolute_import from django.core.exceptions import ObjectDoesNotExist from celery import shared_task from celery.utils.log import get_task_logger from celery.exceptions import Reject from ldapentities.models import ( LdapGroup, LdapUser, ) _logger = get_task_logger(__name__) @shared_task def create_ldap_group(groupname, gid, descr): try: ldapgroup = LdapGroup.objects.get(name=groupname) _logger.info( 'ldap group with dn {0} already exists'.format(ldapgroup.dn) ) ldapgroup.gid = gid except LdapGroup.DoesNotExist: ldapgroup = LdapGroup(gid=gid, name=groupname) ldapgroup.description = descr ldapgroup.save() return ldapgroup.dn @shared_task def create_ldap_user(username, uid, gid, gecos, homedir, shell, password): try: ldapuser = LdapUser.objects.get(username=username) _logger.info( 'ldap user with dn {0} already exists'.format(ldapuser.dn) ) except LdapUser.DoesNotExist: ldapuser = LdapUser(username=username) try: ldapgroup = LdapGroup.objects.get(gid=gid) except ObjectDoesNotExist as exc: _logger.info('ldap group with gid {0} does not exist') raise Reject(exc, requeue=False) ldapuser.uid = uid ldapuser.group = gid ldapuser.gecos = gecos ldapuser.home_directory = homedir ldapuser.login_shell = shell ldapuser.username = username ldapuser.common_name = username if password is not None: ldapuser.set_password(password) if ldapuser.username in ldapgroup.members: _logger.info('user {0} is already member of {1}'.format( ldapuser.username, ldapgroup.dn) ) else: ldapgroup.members.append(ldapuser.username) ldapgroup.save() ldapuser.save() return ldapuser.dn @shared_task(bind=True) def add_ldap_user_to_group(self, username, groupname): try: ldapgroup = LdapGroup.objects.get(name=groupname) ldapuser = LdapUser.objects.get(username=username) except LdapGroup.DoesNotExist: _logger.error('ldap group {0} does not exist'.format(groupname)) except LdapUser.DoesNotExist as exc: _logger.error('ldap user {0} does not exist'.format(username)) self.retry(exc=exc, time_limit=5) else: if not ldapuser.username in ldapgroup.members: ldapgroup.members.append(ldapuser.username) ldapgroup.save() else: _logger.info('ldap user {0} is already in group {1}'.format( ldapuser.username, ldapgroup.dn) ) @shared_task def remove_ldap_user_from_group(username, groupname): ldapgroup = LdapGroup.objects.get(name=groupname) ldapuser = LdapUser.objects.get(username=username) if ldapuser.username in ldapgroup.members: ldapgroup.members.remove(ldapuser.username) ldapgroup.save() @shared_task def delete_ldap_user(username): try: ldapuser = LdapUser.objects.get(username=username) except LdapUser.DoesNotExist: _logger.info('there is no ldap user with uid {0}'.format( username) ) else: try: ldapgroup = LdapGroup.objects.get(gid=ldapuser.group) except LdapGroup.DoesNotExist: _logger.info('group {0} for user {1} does not exist'.format( ldapuser.group, ldapuser.username) ) else: if ldapuser.username in ldapgroup.members: ldapgroup.members.remove(ldapuser.username) ldapgroup.save() ldapuser.delete() @shared_task def delete_ldap_group_if_empty(groupname): try: ldapgroup = LdapGroup.objects.get(name=groupname) except LdapGroup.DoesNotExist: _logger.info('ldap group with name {0} does not exist'.format( groupname) ) else: if len(ldapgroup.members) == 0: ldapgroup.delete() else: _logger.info('ldap group {0} still has {1} members'.format( ldapgroup.dn, len(ldapgroup.members)) )