kleinhenzes60188
/
social_media_platform
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Development of an internal social media platform with personalised dashboards for students
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
2 Branches
Tree: 95b1878141
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '95b1878141'
${ noResults }
social_media_platform/thesisenv/lib/python3.6/site-packages/ldap3/extend/novell/checkGroupsMemberships.py

checkGroupsMemberships.py 7.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172 
  1. """

  2. """

  3. 

  4. # Created on 2016.05.14

  5. #

  6. # Author: Giovanni Cannata

  7. #

  8. # Copyright 2016 - 2018 Giovanni Cannata

  9. #

  10. # This file is part of ldap3.

  11. #

  12. # ldap3 is free software: you can redistribute it and/or modify

  13. # it under the terms of the GNU Lesser General Public License as published

  14. # by the Free Software Foundation, either version 3 of the License, or

  15. # (at your option) any later version.

  16. #

  17. # ldap3 is distributed in the hope that it will be useful,

  18. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  19. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  20. # GNU Lesser General Public License for more details.

  21. #

  22. # You should have received a copy of the GNU Lesser General Public License

  23. # along with ldap3 in the COPYING and COPYING.LESSER files.

  24. # If not, see <http://www.gnu.org/licenses/>.

  25. 

  26. 

  27. from .addMembersToGroups import edir_add_members_to_groups

  28. from ...core.exceptions import LDAPInvalidDnError

  29. from ... import SEQUENCE_TYPES, BASE, DEREF_NEVER

  30. from ...utils.dn import safe_dn

  31. 

  32. 

  33. def _check_members_have_memberships(connection,

  34.                                     members_dn,

  35.                                     groups_dn):

  36.     """

  37.     :param connection: a bound Connection object

  38.     :param members_dn: the list of members to add to groups

  39.     :param groups_dn: the list of groups where members are to be added

  40.     :return: two booleans. The first when True means that all members have membership in all groups, The second when True means that

  41.     there are inconsistences in the securityEquals attribute

  42.     Checks user's group membership.

  43.     Raises LDAPInvalidDNError if member is not found in the DIT.

  44.     """

  45.     if not isinstance(members_dn, SEQUENCE_TYPES):

  46.         members_dn = [members_dn]

  47. 

  48.     if not isinstance(groups_dn, SEQUENCE_TYPES):

  49.         groups_dn = [groups_dn]

  50. 

  51.     partial = False  # True when a member has groupMembership but doesn't have securityEquals

  52.     for member in members_dn:

  53.         result = connection.search(member, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['groupMembership', 'securityEquals'])

  54. 

  55.         if not connection.strategy.sync:

  56.             response, result = connection.get_response(result)

  57.         else:

  58.             response, result = connection.response, connection.result

  59. 

  60.         if not result['description'] == 'success':  # member not found in DIT

  61.             raise LDAPInvalidDnError(member + ' not found')

  62. 

  63.         existing_security_equals = response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else []

  64.         existing_group_membership = response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else []

  65.         existing_security_equals = [element.lower() for element in existing_security_equals]

  66.         existing_group_membership = [element.lower() for element in existing_group_membership]

  67. 

  68.         for group in groups_dn:

  69.             if group.lower() not in existing_group_membership:

  70.                 return False, False

  71.             if group.lower() not in existing_security_equals:

  72.                 partial = True

  73. 

  74.     return True, partial

  75. 

  76. 

  77. def _check_groups_contain_members(connection,

  78.                                   groups_dn,

  79.                                   members_dn):

  80.     """

  81.     :param connection: a bound Connection object

  82.     :param members_dn: the list of members to add to groups

  83.     :param groups_dn: the list of groups where members are to be added

  84.     :return: two booleans. The first when True means that all members have membership in all groups, The second when True means that

  85.     there are inconsistences in the EquivalentToMe attribute

  86.     Checks if groups have members in their 'member' attribute.

  87.     Raises LDAPInvalidDNError if member is not found in the DIT.

  88.     """

  89.     if not isinstance(groups_dn, SEQUENCE_TYPES):

  90.         groups_dn = [groups_dn]

  91. 

  92.     if not isinstance(members_dn, SEQUENCE_TYPES):

  93.         members_dn = [members_dn]

  94. 

  95.     partial = False  # True when a group has member but doesn't have equivalentToMe

  96.     for group in groups_dn:

  97.         result = connection.search(group, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['member', 'equivalentToMe'])

  98. 

  99.         if not connection.strategy.sync:

  100.             response, result = connection.get_response(result)

  101.         else:

  102.             response, result = connection.response, connection.result

  103. 

  104.         if not result['description'] == 'success':

  105.             raise LDAPInvalidDnError(group + ' not found')

  106. 

  107.         existing_members = response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else []

  108.         existing_equivalent_to_me = response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else []

  109.         existing_members = [element.lower() for element in existing_members]

  110.         existing_equivalent_to_me = [element.lower() for element in existing_equivalent_to_me]

  111.         for member in members_dn:

  112.             if member.lower() not in existing_members:

  113.                 return False, False

  114.             if member.lower() not in existing_equivalent_to_me:

  115.                 partial = True

  116. 

  117.     return True, partial

  118. 

  119. 

  120. def edir_check_groups_memberships(connection,

  121.                                   members_dn,

  122.                                   groups_dn,

  123.                                   fix,

  124.                                   transaction):

  125.     """

  126.     :param connection: a bound Connection object

  127.     :param members_dn: the list of members to check

  128.     :param groups_dn: the list of groups to check

  129.     :param fix: checks for inconsistences in the users-groups relation and fixes them

  130.     :param transaction: activates an LDAP transaction when fixing

  131.     :return: a boolean where True means that the operation was successful and False means an error has happened

  132.     Checks and fixes users-groups relations following the eDirectory rules: groups are checked against 'groupMembership'

  133.     attribute in the member object while members are checked against 'member' attribute in the group object.

  134.     Raises LDAPInvalidDnError if members or groups are not found in the DIT.

  135.     """

  136.     if not isinstance(groups_dn, SEQUENCE_TYPES):

  137.         groups_dn = [groups_dn]

  138. 

  139.     if not isinstance(members_dn, SEQUENCE_TYPES):

  140.         members_dn = [members_dn]

  141. 

  142.     if connection.check_names:  # builds new lists with sanitized dn

  143.         safe_members_dn = []

  144.         safe_groups_dn = []

  145.         for member_dn in members_dn:

  146.             safe_members_dn.append(safe_dn(member_dn))

  147.         for group_dn in groups_dn:

  148.             safe_groups_dn.append(safe_dn(group_dn))

  149. 

  150.         members_dn = safe_members_dn

  151.         groups_dn = safe_groups_dn

  152. 

  153.     try:

  154.         members_have_memberships, partial_member_security = _check_members_have_memberships(connection, members_dn, groups_dn)

  155.         groups_contain_members, partial_group_security = _check_groups_contain_members(connection, groups_dn, members_dn)

  156.     except LDAPInvalidDnError:

  157.         return False

  158. 

  159.     if not members_have_memberships and not groups_contain_members:

  160.         return False

  161. 

  162.     if fix:  # fix any inconsistences

  163.         if (members_have_memberships and not groups_contain_members) \

  164.                 or (groups_contain_members and not members_have_memberships) \

  165.                 or partial_group_security \

  166.                 or partial_member_security:

  167. 

  168.             for member in members_dn:

  169.                 for group in groups_dn:

  170.                     edir_add_members_to_groups(connection, member, group, True, transaction)

  171. 

  172.     return True