Commits

sqbell committed 4607d26

LDAP groups are being updated when adding a dDrive user.

  • Participants
  • Parent commits 4fb4fee

Comments (0)

Files changed (5)

controllers/ldap/user.py

     @decorators.require_login
     def GET(self, domainName=None):
         i = web.input()
-
         if domainName is None:
             self.cur_domain = ''
         else:
         else:
             numberOfCurrentAccounts = 0
 
+        # Get groups.
+        allGroups = connutils.getGroups(self.cur_domain)
+
         # Get current domain quota size.
         result = connutils.getDomainCurrentQuotaSizeFromLDAP(domain=self.cur_domain)
         if result[0] is True:
                           numberOfCurrentAccounts=numberOfCurrentAccounts,
                           domainCurrentQuotaSize=domainCurrentQuotaSize,
                           msg=i.get('msg'),
+                          allGroups=allGroups,
                          )
 
     @decorators.csrf_protected
     @decorators.require_login
     def POST(self):
-        i = web.input()
-
+        i = web.input(ldap_group=[])
         # Get domain name, username, cn.
         self.cur_domain = web.safestr(i.get('domainName'))
         self.username = web.safestr(i.get('username'))

libs/ldaplib/connUtils.py

     # Check whether uidNumber exists.
     def uidNumberExists(self, domain, uidNumber,):
         self.domain = str(domain)
-        self.uidNumber = int(uidNumber)
+        self.uidNumber = str(uidNumber)
 
-        ldap_filter = '(&(objectClass=posixAccount)(uidNumber=%d))' % (self.uidNumber)
+        ldap_filter = '(&(objectClass=posixAccount)(uidNumber=%s))' % (self.uidNumber)
 
         try:
             self.number = self.getNumberOfCurrentAccountsUnderDomain(
             # Account 'EXISTS' (fake) if ldap lookup failed.
             return True
 
+    # Check whether group with gidNumber exists.
+    def gidNumberValid(self, domain, gidNumber,):
+        self.domain = str(domain)
+        self.gidNumber = str(gidNumber)
+
+        ldap_filter = '(&(objectClass=posixGroup)(gidNumber=%s))' % (self.gidNumber)
+        self.searchdn = "ou=Groups," + ldaputils.convKeywordToDN(self.domain, accountType='domain')
+
+        try:
+            result = self.conn.search_s(
+                self.searchdn,
+                ldap.SCOPE_SUBTREE,
+                ldap_filter,
+                ['dn', ],
+            )
+
+            if len(result) == 0:
+                return False
+            else:
+                return True
+        except Exception, e:
+            return (False, ldaputils.getExceptionDesc(e))
+
+    # Get a list of groups
+    def getGroups(self, domain,):
+        self.domain = str(domain)
+
+        ldap_filter = '(objectClass=posixGroup)'
+        self.searchdn = "ou=Groups," + ldaputils.convKeywordToDN(self.domain, accountType='domain')
+
+        try:
+            result = self.conn.search_s(
+                self.searchdn,
+                ldap.SCOPE_SUBTREE,
+                ldap_filter,
+                ['dn', 'cn'],
+            )
+
+            return result
+        except Exception, e:
+            return (False, ldaputils.getExceptionDesc(e))
+
+    # Add user to a group
+    def addUserToGroup(self, domain, username, group,):
+        self.domain = str(domain)
+        self.group = str(group)
+        self.username = str(username)
+
+        self.groupdn = "cn=" + self.group + ",ou=Groups," + ldaputils.convKeywordToDN(self.domain, accountType='domain')
+
+        try:
+            self.addOrDelAttrValue(self.groupdn, "memberUid", self.username, "add")
+        except Exception, e:
+            return (False, ldaputils.getExceptionDesc(e))
+
     @decorators.require_domain_access
     def enableOrDisableAccount(self, domain, account, dn, action, accountTypeInLogger=None):
         self.domain = web.safestr(domain).strip().lower()

libs/ldaplib/user.py

         self.domain = web.safestr(data.get('domainName')).strip().lower()
         self.username = web.safestr(data.get('username')).strip().lower()
         self.mail = self.username + '@' + self.domain
-        self.groups = data.get('groups', [])
 
         connutils = connUtils.Utils()
 
-        # Lets check if samba values are supplied
+        # Lets check if samba values are supplied.
         if 'ddriveStatus' in data:
             self.ddriveEnabled = True
 
             else:
                 return (False, 'INCORRECT_UID_NUMBER')
 
-            # TODO: Check if such group exists
             self.gidNumber = str(data.get('gidNumber')).strip()
             if self.gidNumber.isdigit():
                 self.gidNumber = int(self.gidNumber)
             else:
                 return (False, 'INCORRECT_GID_NUMBER')
 
-            # Check if given uidNumber is not used
+            # Check if given uidNumber is not used.
             if connutils.uidNumberExists(domain=self.domain, uidNumber=self.uidNumber,):
                 return (False, 'UID_ALREADY_EXISTS')
 
+            # Check if given gidNumber exists.
+            if not connutils.gidNumberValid(domain=self.domain, gidNumber=self.gidNumber,):
+                return (False, 'MISSING_GROUP')
+
+            # LDAP groups.
+            self.ldap_groups = []
+            for group in data.get('ldap_group', []):
+                self.ldap_groups.append(web.safestr(group))
+
         if not iredutils.isDomain(self.domain) or not iredutils.isEmail(self.mail):
             return (False, 'MISSING_DOMAIN_OR_USERNAME')
 
 
         try:
             self.conn.add_s(ldap.filter.escape_filter_chars(self.dn), ldif,)
+
+            # Only add to groups if create was actually successful.
+            for group in self.ldap_groups:
+                connutils.addUserToGroup(domain=self.domain, username=self.username, group=group,)
+
             web.logger(msg="Create user: %s." % (self.mail), domain=self.domain, event='create',)
             return (True,)
         except ldap.ALREADY_EXISTS:

templates/default/ldap/user/create.html

         display_quota,
         display_gid_number,
         display_uid_number,
+        display_group_checkbox,
         display_ddrive_status
         with context
         %}
                                     )
                         }}
 
+                        <div class="bt-space5">&nbsp;</div>
 
                         {{ display_ddrive_status(ddriveStatus, accountType='user') }}
 
                         {{ display_gid_number(gidNumber) }}
                         {{ display_uid_number(uidNumber) }}
 
+                        {% for g in allGroups %}
+                            {{ display_group_checkbox(g[1]['cn'][0]) }}
+                        {% endfor %}
+
                     </div>{# .col2-3 #}
                     <div class="col1-4 lastcol">
                         {{ display_random_password(maxPasswordLength) }}

templates/default/macros/general.html

     </div>
 {%- endmacro %}
 
+{% macro display_group_checkbox(groupCn) -%}
+    <div class="form-field clear">
+        <h4 class="size-250 fl-space">{{ _(groupCn) }}</h4>
+        <div class="form-checkbox-item clear">
+            {#
+                ldap: yes, no
+                mysql: true, false
+            #}
+            <span class="clean-padding bt-space20"><input class="checkbox" name="ldap_group" value="{{ groupCn }}" type="checkbox" {% if value in ['yes', true,] %}checked{%endif%} /></span>
+        </div>
+    </div>
+{%- endmacro %}
 
 {% macro display_recipient_bcc(address='') -%}
     {% if address is sameas none %}