|
290 |
# (note that there can be schools with a DN such as ou=25g18,ou=25,dc=...) |
290 |
# (note that there can be schools with a DN such as ou=25g18,ou=25,dc=...) |
291 |
schoolDN = ldap_connection.binddn[ldap_connection.binddn.find('ou='):] |
291 |
schoolDN = ldap_connection.binddn[ldap_connection.binddn.find('ou='):] |
292 |
school = ldap_connection.explodeDn( schoolDN, 1 )[0], |
292 |
school = ldap_connection.explodeDn( schoolDN, 1 )[0], |
293 |
_search_base = SchoolSearchBase(school, school, schoolDN) |
293 |
_search_base = SchoolSearchBase(dict(((school, schoolDN),)), school, schoolDN) |
294 |
MODULE.info('LDAP_Connection: setting schoolDN: %s' % _search_base.schoolDN) |
294 |
MODULE.info('LDAP_Connection: setting schoolDN: %s' % _search_base.schoolDN) |
295 |
else: |
295 |
else: |
296 |
MODULE.warn( 'LDAP_Connection: unable to identify ou of this account - showing all OUs!' ) |
296 |
MODULE.warn( 'LDAP_Connection: unable to identify ou of this account - showing all OUs!' ) |
297 |
#_ouswitchenabled = True |
297 |
#_ouswitchenabled = True |
298 |
oulist = ucr.get('ucsschool/local/oulist') |
298 |
oulist = ucr.get('ucsschool/local/oulist') |
299 |
availableSchools = [] |
299 |
availableSchools = {} |
300 |
if oulist: |
300 |
if oulist: |
301 |
# OU list override via UCR variable (it can be necessary to adjust the list of |
301 |
# OU list override via UCR variable (it can be necessary to adjust the list of |
302 |
# visible schools on specific systems manually) |
302 |
# visible schools on specific systems manually) |
303 |
availableSchools = [ x.strip() for x in oulist.split(',') ] |
303 |
# TODO: this is not compatible with district mode |
|
|
304 |
availableSchools = dict([ |
305 |
(x.strip(), 'ou=%s,%s' % (x.strip(), ucr.get('ldap/base'))) |
306 |
for x in oulist.split(',') |
307 |
]) |
304 |
MODULE.info( 'LDAP_Connection: availableSchools overridden by UCR variable ucsschool/local/oulist') |
308 |
MODULE.info( 'LDAP_Connection: availableSchools overridden by UCR variable ucsschool/local/oulist') |
305 |
else: |
309 |
else: |
306 |
# get a list of available OUs via UDM module container/ou |
310 |
# get a list of available OUs via UDM module container/ou |
307 |
ouresult = udm_modules.lookup( |
311 |
ouresult = udm_modules.lookup( |
|
|
312 |
'container/ou', None, ldap_connection, |
313 |
scope = 'sub', superordinate = None, |
314 |
filter = 'objectClass=ucsschoolOrganizationalUnit', |
315 |
base = ucr.get( 'ldap/base' ) |
316 |
) |
317 |
if not ouresult: |
318 |
# fallback in case the corresponding objectClass is not set properly |
319 |
ouresult = udm_modules.lookup( |
308 |
'container/ou', None, ldap_connection, |
320 |
'container/ou', None, ldap_connection, |
309 |
scope = 'one', superordinate = None, |
321 |
scope = 'one', superordinate = None, |
310 |
base = ucr.get( 'ldap/base' ) ) |
322 |
base = ucr.get( 'ldap/base' ) |
|
|
323 |
) |
311 |
ignore_ous = ucr.get( 'ucsschool/ldap/ignore/ous', 'Domain Controllers' ).split( ',' ) |
324 |
ignore_ous = ucr.get( 'ucsschool/ldap/ignore/ous', 'Domain Controllers' ).split( ',' ) |
312 |
availableSchools = [ ou['name'] for ou in ouresult if not ou[ 'name' ] in ignore_ous ] |
325 |
availableSchools = dict([ |
|
|
326 |
(ou['name'], ou.dn) |
327 |
for ou in ouresult if not ou['name'] in ignore_ous |
328 |
]) |
313 |
|
329 |
|
314 |
# use the first available OU as default search base |
330 |
# use the first available OU as default search base |
315 |
if not len(availableSchools): |
331 |
if not len(availableSchools): |
316 |
MODULE.warn('LDAP_Connection: ERROR, COULD NOT FIND ANY OU!!!') |
332 |
MODULE.warn('LDAP_Connection: ERROR, COULD NOT FIND ANY OU!!!') |
317 |
_search_base = SchoolSearchBase(['']) |
333 |
_search_base = SchoolSearchBase({}) |
318 |
else: |
334 |
else: |
319 |
MODULE.info( 'LDAP_Connection: availableSchools=%s' % availableSchools ) |
335 |
MODULE.info( 'LDAP_Connection: availableSchools=%s' % availableSchools ) |
320 |
_search_base = SchoolSearchBase(availableSchools) |
336 |
_search_base = SchoolSearchBase(availableSchools) |
|
325 |
The class is inteded for read access only, instead of switching the a |
341 |
The class is inteded for read access only, instead of switching the a |
326 |
search base, a new instance can simply be created. |
342 |
search base, a new instance can simply be created. |
327 |
""" |
343 |
""" |
328 |
def __init__( self, availableSchools, school = None, dn = None, ldapBase = None ): |
344 |
def __init__( self, availableSchools, school = None, dn = None, ldapBase = None, ): |
329 |
if ldapBase: |
345 |
if ldapBase: |
330 |
self._ldapBase = ldapBase |
346 |
self._ldapBase = ldapBase |
331 |
else: |
347 |
else: |
332 |
self._ldapBase = ucr.get('ldap/base') |
348 |
self._ldapBase = ucr.get('ldap/base') |
333 |
|
349 |
|
334 |
self._availableSchools = availableSchools |
350 |
self._availableSchools = availableSchools |
335 |
self._school = school or availableSchools[0] |
351 |
self._school = school or availableSchools.keys()[0] |
336 |
# FIXME: search for OU to get correct dn |
|
|
337 |
self._schoolDN = dn or 'ou=%s,%s' % (self.school, self._ldapBase ) |
338 |
|
352 |
|
|
|
353 |
if dn: |
354 |
# school DN is given |
355 |
self._schoolDN = dn |
356 |
else: |
357 |
# school DN is not given, try to guess it from the dict of all schools |
358 |
if self.school in availableSchools: |
359 |
self._schoolDN = availableSchools[self.school] |
360 |
else: |
361 |
# should not happen... use a poor man's fallback |
362 |
MODULE.error('Could not find corresponding school DN for schoolOU "%s"!' % self.school) |
363 |
self._schoolDN = 'ou=%s,%s' % (self.school, self._ldapBase ) |
364 |
|
339 |
# prefixes |
365 |
# prefixes |
340 |
self._containerAdmins = ucr.get('ucsschool/ldap/default/container/admins', 'admins') |
366 |
self._containerAdmins = ucr.get('ucsschool/ldap/default/container/admins', 'admins') |
341 |
self._containerStudents = ucr.get('ucsschool/ldap/default/container/pupils', 'schueler') |
367 |
self._containerStudents = ucr.get('ucsschool/ldap/default/container/pupils', 'schueler') |
|
514 |
|
540 |
|
515 |
# make sure that at least one school OU |
541 |
# make sure that at least one school OU |
516 |
msg = '' |
542 |
msg = '' |
517 |
if not search_base.availableSchools[0]: |
543 |
if not len(search_base.availableSchools): |
518 |
request.status = MODULE_ERR |
544 |
request.status = MODULE_ERR |
519 |
msg = _('Could not find any school. You have to create a school before continuing. Use the \'Add school\' UMC module to create one.') |
545 |
msg = _('Could not find any school. You have to create a school before continuing. Use the \'Add school\' UMC module to create one.') |
520 |
|
546 |
|
521 |
# return list of school OUs |
547 |
# return list of school OUs |
522 |
self.finished(request.id, search_base.availableSchools, msg) |
548 |
self.finished(request.id, search_base.availableSchools.keys(), msg) |
523 |
|
549 |
|
524 |
def _groups( self, ldap_connection, school, ldap_base, pattern = None, scope = 'sub' ): |
550 |
def _groups( self, ldap_connection, school, ldap_base, pattern = None, scope = 'sub' ): |
525 |
"""Returns a list of all groups of the given school""" |
551 |
"""Returns a list of all groups of the given school""" |