j3d1/webvirtcloud
1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud synced 2026-03-21 18:14:51 +00:00
Code Issues Projects Releases Wiki Activity

Check for ldap3 existence

Browse source
This commit is contained in:
Kendar 2021-05-28 12:55:47 +02:00
parent 881852af05
commit b761faccec
1 changed files with 105 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

203
webvirtcloud/ldapbackend.py
View file

@ -1,109 +1,116 @@
from django.contrib.auth.backends import ModelBackend
from django.contrib.auth.models import User
from ldap3 import Server, Connection, ALL
from django.conf import settings
from accounts.models import UserAttributes, UserInstance, UserSSHKey
from django.contrib.auth.models import Permission
from logs.models import Logs
import uuid
#/srv/webvirtcloud/ldap/ldapbackend.py
class LdapAuthenticationBackend(ModelBackend):
def get_LDAP_user(self, username, password, filterString):
print('get_LDAP_user')
try:
server = Server(settings.LDAP_URL, port=settings.LDAP_PORT,
use_ssl=settings.USE_SSL,get_info=ALL)
connection = Connection(server,
settings.LDAP_MASTER_DN,
settings.LDAP_MASTER_PW, auto_bind=True)
connection.search(settings.LDAP_ROOT_DN,
'(&({attr}={login})({filter}))'.format(
attr=settings.LDAP_USER_UID_PREFIX,
login=username,
filter=filterString), attributes=[settings.LDAP_USER_UID_PREFIX])
if len(connection.response) == 0:
print('get_LDAP_user-no response')
try:
from ldap3 import Server, Connection, ALL
#/srv/webvirtcloud/ldap/ldapbackend.py
class LdapAuthenticationBackend(ModelBackend):
def get_LDAP_user(self, username, password, filterString):
print('get_LDAP_user')
try:
server = Server(settings.LDAP_URL, port=settings.LDAP_PORT,
use_ssl=settings.USE_SSL,get_info=ALL)
connection = Connection(server,
settings.LDAP_MASTER_DN,
settings.LDAP_MASTER_PW, auto_bind=True)
connection.search(settings.LDAP_ROOT_DN,
'(&({attr}={login})({filter}))'.format(
attr=settings.LDAP_USER_UID_PREFIX,
login=username,
filter=filterString), attributes=[settings.LDAP_USER_UID_PREFIX])
if len(connection.response) == 0:
print('get_LDAP_user-no response')
return None
return connection.response[0]
except:
print('get_LDAP_user-error')
return None
return connection.response[0]
except:
print('get_LDAP_user-error')
return None
def authenticate(self, request, username=None, password=None, **kwargs):
if not settings.LDAP_ENABLED:
return None
print("authenticate_ldap")
# Get the user information from the LDAP if he can be authenticated
isAdmin = False
isStaff = False
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_ADMINS) is None:
print("authenticate-not admin")
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None:
print("authenticate-not staff")
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None:
print("authenticate-not user")
return None
else:
print("authenticate-user")
else:
isStaff = True
print("authenticate-staff")
else:
isAdmin = True
isStaff = True
print("authenticate-admin")
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
print("authenticate-create new user")
user = User(username=username)
user.is_active = True
user.is_staff = isStaff
user.is_superuser = isAdmin
user.set_password(uuid.uuid4().hex)
user.save()
maxInstances = 1
maxCpus = 1
maxMemory = 128
maxDiskSize = 1
if isStaff:
maxMemory = 2048
maxDiskSize = 20
permission = Permission.objects.get(codename='clone_instances')
user.user_permissions.add(permission)
if isAdmin:
maxInstances = -1
maxCpus = -1
maxMemory = -1
maxDiskSize = -1
permission = Permission.objects.get(codename='clone_instances')
user.user_permissions.add(permission)
user.save()
UserAttributes.objects.create(
user=user,
max_instances=maxInstances,
max_cpus=maxCpus,
max_memory=maxMemory,
max_disk_size=maxDiskSize,
)
user.save()
def authenticate(self, request, username=None, password=None, **kwargs):
if not settings.LDAP_ENABLED:
return None
print("authenticate_ldap")
# Get the user information from the LDAP if he can be authenticated
isAdmin = False
isStaff = False
print("authenticate-user created")
return user
def get_user(self, user_id):
if not settings.LDAP_ENABLED:
return None
print("get_user_ldap")
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
print("get_user-user not found")
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_ADMINS) is None:
print("authenticate-not admin")
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None:
print("authenticate-not staff")
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None:
print("authenticate-not user")
return None
else:
print("authenticate-user")
else:
isStaff = True
print("authenticate-staff")
else:
isAdmin = True
isStaff = True
print("authenticate-admin")
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
print("authenticate-create new user")
user = User(username=username)
user.is_active = True
user.is_staff = isStaff
user.is_superuser = isAdmin
user.set_password(uuid.uuid4().hex)
user.save()
maxInstances = 1
maxCpus = 1
maxMemory = 128
maxDiskSize = 1
if isStaff:
maxMemory = 2048
maxDiskSize = 20
permission = Permission.objects.get(codename='clone_instances')
user.user_permissions.add(permission)
if isAdmin:
maxInstances = -1
maxCpus = -1
maxMemory = -1
maxDiskSize = -1
permission = Permission.objects.get(codename='clone_instances')
user.user_permissions.add(permission)
user.save()
UserAttributes.objects.create(
user=user,
max_instances=maxInstances,
max_cpus=maxCpus,
max_memory=maxMemory,
max_disk_size=maxDiskSize,
)
user.save()
print("authenticate-user created")
return user
def get_user(self, user_id):
if not settings.LDAP_ENABLED:
return None
print("get_user_ldap")
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
print("get_user-user not found")
return None
except:
class LdapAuthenticationBackend(ModelBackend):
def authenticate(self, request, username=None, password=None, **kwargs):
return None
def get_user(self, user_id):
return None