mirror of
https://github.com/retspen/webvirtcloud
synced 2026-03-22 10:34:49 +00:00
Check for ldap3 existence
This commit is contained in:
Kendar
parent
881852af05
commit
b761faccec
1 changed files with 105 additions and 98 deletions
|
|
@ -1,109 +1,116 @@
|
||||||
from django.contrib.auth.backends import ModelBackend
|
from django.contrib.auth.backends import ModelBackend
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from ldap3 import Server, Connection, ALL
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from accounts.models import UserAttributes, UserInstance, UserSSHKey
|
from accounts.models import UserAttributes, UserInstance, UserSSHKey
|
||||||
from django.contrib.auth.models import Permission
|
from django.contrib.auth.models import Permission
|
||||||
from logs.models import Logs
|
from logs.models import Logs
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
#/srv/webvirtcloud/ldap/ldapbackend.py
|
try:
|
||||||
class LdapAuthenticationBackend(ModelBackend):
|
from ldap3 import Server, Connection, ALL
|
||||||
|
#/srv/webvirtcloud/ldap/ldapbackend.py
|
||||||
|
class LdapAuthenticationBackend(ModelBackend):
|
||||||
|
|
||||||
def get_LDAP_user(self, username, password, filterString):
|
def get_LDAP_user(self, username, password, filterString):
|
||||||
print('get_LDAP_user')
|
print('get_LDAP_user')
|
||||||
try:
|
try:
|
||||||
server = Server(settings.LDAP_URL, port=settings.LDAP_PORT,
|
server = Server(settings.LDAP_URL, port=settings.LDAP_PORT,
|
||||||
use_ssl=settings.USE_SSL,get_info=ALL)
|
use_ssl=settings.USE_SSL,get_info=ALL)
|
||||||
connection = Connection(server,
|
connection = Connection(server,
|
||||||
settings.LDAP_MASTER_DN,
|
settings.LDAP_MASTER_DN,
|
||||||
settings.LDAP_MASTER_PW, auto_bind=True)
|
settings.LDAP_MASTER_PW, auto_bind=True)
|
||||||
|
|
||||||
connection.search(settings.LDAP_ROOT_DN,
|
connection.search(settings.LDAP_ROOT_DN,
|
||||||
'(&({attr}={login})({filter}))'.format(
|
'(&({attr}={login})({filter}))'.format(
|
||||||
attr=settings.LDAP_USER_UID_PREFIX,
|
attr=settings.LDAP_USER_UID_PREFIX,
|
||||||
login=username,
|
login=username,
|
||||||
filter=filterString), attributes=[settings.LDAP_USER_UID_PREFIX])
|
filter=filterString), attributes=[settings.LDAP_USER_UID_PREFIX])
|
||||||
|
|
||||||
if len(connection.response) == 0:
|
if len(connection.response) == 0:
|
||||||
print('get_LDAP_user-no response')
|
print('get_LDAP_user-no response')
|
||||||
|
return None
|
||||||
|
|
||||||
|
return connection.response[0]
|
||||||
|
except:
|
||||||
|
print('get_LDAP_user-error')
|
||||||
return None
|
return None
|
||||||
|
|
||||||
return connection.response[0]
|
def authenticate(self, request, username=None, password=None, **kwargs):
|
||||||
except:
|
if not settings.LDAP_ENABLED:
|
||||||
print('get_LDAP_user-error')
|
return None
|
||||||
return None
|
print("authenticate_ldap")
|
||||||
|
# Get the user information from the LDAP if he can be authenticated
|
||||||
|
isAdmin = False
|
||||||
|
isStaff = False
|
||||||
|
|
||||||
def authenticate(self, request, username=None, password=None, **kwargs):
|
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_ADMINS) is None:
|
||||||
if not settings.LDAP_ENABLED:
|
print("authenticate-not admin")
|
||||||
return None
|
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None:
|
||||||
print("authenticate_ldap")
|
print("authenticate-not staff")
|
||||||
# Get the user information from the LDAP if he can be authenticated
|
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None:
|
||||||
isAdmin = False
|
print("authenticate-not user")
|
||||||
isStaff = False
|
return None
|
||||||
|
else:
|
||||||
|
print("authenticate-user")
|
||||||
|
else:
|
||||||
|
isStaff = True
|
||||||
|
print("authenticate-staff")
|
||||||
|
else:
|
||||||
|
isAdmin = True
|
||||||
|
isStaff = True
|
||||||
|
print("authenticate-admin")
|
||||||
|
|
||||||
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_ADMINS) is None:
|
try:
|
||||||
print("authenticate-not admin")
|
user = User.objects.get(username=username)
|
||||||
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None:
|
except User.DoesNotExist:
|
||||||
print("authenticate-not staff")
|
print("authenticate-create new user")
|
||||||
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None:
|
user = User(username=username)
|
||||||
print("authenticate-not user")
|
user.is_active = True
|
||||||
return None
|
user.is_staff = isStaff
|
||||||
else:
|
user.is_superuser = isAdmin
|
||||||
print("authenticate-user")
|
user.set_password(uuid.uuid4().hex)
|
||||||
else:
|
user.save()
|
||||||
isStaff = True
|
maxInstances = 1
|
||||||
print("authenticate-staff")
|
maxCpus = 1
|
||||||
else:
|
maxMemory = 128
|
||||||
isAdmin = True
|
maxDiskSize = 1
|
||||||
isStaff = True
|
if isStaff:
|
||||||
print("authenticate-admin")
|
maxMemory = 2048
|
||||||
|
maxDiskSize = 20
|
||||||
|
permission = Permission.objects.get(codename='clone_instances')
|
||||||
|
user.user_permissions.add(permission)
|
||||||
|
if isAdmin:
|
||||||
|
maxInstances = -1
|
||||||
|
maxCpus = -1
|
||||||
|
maxMemory = -1
|
||||||
|
maxDiskSize = -1
|
||||||
|
permission = Permission.objects.get(codename='clone_instances')
|
||||||
|
user.user_permissions.add(permission)
|
||||||
|
user.save()
|
||||||
|
UserAttributes.objects.create(
|
||||||
|
user=user,
|
||||||
|
max_instances=maxInstances,
|
||||||
|
max_cpus=maxCpus,
|
||||||
|
max_memory=maxMemory,
|
||||||
|
max_disk_size=maxDiskSize,
|
||||||
|
)
|
||||||
|
user.save()
|
||||||
|
|
||||||
try:
|
print("authenticate-user created")
|
||||||
user = User.objects.get(username=username)
|
return user
|
||||||
except User.DoesNotExist:
|
|
||||||
print("authenticate-create new user")
|
|
||||||
user = User(username=username)
|
|
||||||
user.is_active = True
|
|
||||||
user.is_staff = isStaff
|
|
||||||
user.is_superuser = isAdmin
|
|
||||||
user.set_password(uuid.uuid4().hex)
|
|
||||||
user.save()
|
|
||||||
maxInstances = 1
|
|
||||||
maxCpus = 1
|
|
||||||
maxMemory = 128
|
|
||||||
maxDiskSize = 1
|
|
||||||
if isStaff:
|
|
||||||
maxMemory = 2048
|
|
||||||
maxDiskSize = 20
|
|
||||||
permission = Permission.objects.get(codename='clone_instances')
|
|
||||||
user.user_permissions.add(permission)
|
|
||||||
if isAdmin:
|
|
||||||
maxInstances = -1
|
|
||||||
maxCpus = -1
|
|
||||||
maxMemory = -1
|
|
||||||
maxDiskSize = -1
|
|
||||||
permission = Permission.objects.get(codename='clone_instances')
|
|
||||||
user.user_permissions.add(permission)
|
|
||||||
user.save()
|
|
||||||
UserAttributes.objects.create(
|
|
||||||
user=user,
|
|
||||||
max_instances=maxInstances,
|
|
||||||
max_cpus=maxCpus,
|
|
||||||
max_memory=maxMemory,
|
|
||||||
max_disk_size=maxDiskSize,
|
|
||||||
)
|
|
||||||
user.save()
|
|
||||||
|
|
||||||
print("authenticate-user created")
|
def get_user(self, user_id):
|
||||||
return user
|
if not settings.LDAP_ENABLED:
|
||||||
|
return None
|
||||||
def get_user(self, user_id):
|
print("get_user_ldap")
|
||||||
if not settings.LDAP_ENABLED:
|
try:
|
||||||
return None
|
return User.objects.get(pk=user_id)
|
||||||
print("get_user_ldap")
|
except User.DoesNotExist:
|
||||||
try:
|
print("get_user-user not found")
|
||||||
return User.objects.get(pk=user_id)
|
return None
|
||||||
except User.DoesNotExist:
|
except:
|
||||||
print("get_user-user not found")
|
class LdapAuthenticationBackend(ModelBackend):
|
||||||
|
def authenticate(self, request, username=None, password=None, **kwargs):
|
||||||
|
return None
|
||||||
|
def get_user(self, user_id):
|
||||||
return None
|
return None
|
||||||
Loading…
Add table
Add a link
Reference in a new issue