|
|
|---|
| 290 |
# (note that there can be schools with a DN such as ou=25g18,ou=25,dc=...) |
290 |
# (note that there can be schools with a DN such as ou=25g18,ou=25,dc=...) |
| 291 |
schoolDN = ldap_connection.binddn[ldap_connection.binddn.find('ou='):] |
291 |
schoolDN = ldap_connection.binddn[ldap_connection.binddn.find('ou='):] |
| 292 |
school = ldap_connection.explodeDn( schoolDN, 1 )[0], |
292 |
school = ldap_connection.explodeDn( schoolDN, 1 )[0], |
| 293 |
_search_base = SchoolSearchBase(school, school, schoolDN) |
293 |
_search_base = SchoolSearchBase(dict(((school, schoolDN),)), school, schoolDN) |
| 294 |
MODULE.info('LDAP_Connection: setting schoolDN: %s' % _search_base.schoolDN) |
294 |
MODULE.info('LDAP_Connection: setting schoolDN: %s' % _search_base.schoolDN) |
| 295 |
else: |
295 |
else: |
| 296 |
MODULE.warn( 'LDAP_Connection: unable to identify ou of this account - showing all OUs!' ) |
296 |
MODULE.warn( 'LDAP_Connection: unable to identify ou of this account - showing all OUs!' ) |
| 297 |
#_ouswitchenabled = True |
297 |
#_ouswitchenabled = True |
| 298 |
oulist = ucr.get('ucsschool/local/oulist') |
298 |
oulist = ucr.get('ucsschool/local/oulist') |
| 299 |
availableSchools = [] |
299 |
availableSchools = {} |
| 300 |
if oulist: |
300 |
if oulist: |
| 301 |
# OU list override via UCR variable (it can be necessary to adjust the list of |
301 |
# OU list override via UCR variable (it can be necessary to adjust the list of |
| 302 |
# visible schools on specific systems manually) |
302 |
# visible schools on specific systems manually) |
| 303 |
availableSchools = [ x.strip() for x in oulist.split(',') ] |
303 |
# TODO: this is not compatible with district mode |
|
|
304 |
availableSchools = dict([ |
| 305 |
(x.strip(), 'ou=%s,%s' % (x.strip(), ucr.get('ldap/base'))) |
| 306 |
for x in oulist.split(',') |
| 307 |
]) |
| 304 |
MODULE.info( 'LDAP_Connection: availableSchools overridden by UCR variable ucsschool/local/oulist') |
308 |
MODULE.info( 'LDAP_Connection: availableSchools overridden by UCR variable ucsschool/local/oulist') |
| 305 |
else: |
309 |
else: |
| 306 |
# get a list of available OUs via UDM module container/ou |
310 |
# get a list of available OUs via UDM module container/ou |
| 307 |
ouresult = udm_modules.lookup( |
311 |
ouresult = udm_modules.lookup( |
|
|
312 |
'container/ou', None, ldap_connection, |
| 313 |
scope = 'sub', superordinate = None, |
| 314 |
filter = 'objectClass=ucsschoolOrganizationalUnit', |
| 315 |
base = ucr.get( 'ldap/base' ) |
| 316 |
) |
| 317 |
if not ouresult: |
| 318 |
# fallback in case the corresponding objectClass is not set properly |
| 319 |
ouresult = udm_modules.lookup( |
| 308 |
'container/ou', None, ldap_connection, |
320 |
'container/ou', None, ldap_connection, |
| 309 |
scope = 'one', superordinate = None, |
321 |
scope = 'one', superordinate = None, |
| 310 |
base = ucr.get( 'ldap/base' ) ) |
322 |
base = ucr.get( 'ldap/base' ) |
|
|
323 |
) |
| 311 |
ignore_ous = ucr.get( 'ucsschool/ldap/ignore/ous', 'Domain Controllers' ).split( ',' ) |
324 |
ignore_ous = ucr.get( 'ucsschool/ldap/ignore/ous', 'Domain Controllers' ).split( ',' ) |
| 312 |
availableSchools = [ ou['name'] for ou in ouresult if not ou[ 'name' ] in ignore_ous ] |
325 |
availableSchools = dict([ |
|
|
326 |
(ou['name'], ou.dn) |
| 327 |
for ou in ouresult if not ou['name'] in ignore_ous |
| 328 |
]) |
| 313 |
|
329 |
|
| 314 |
# use the first available OU as default search base |
330 |
# use the first available OU as default search base |
| 315 |
if not len(availableSchools): |
331 |
if not len(availableSchools): |
| 316 |
MODULE.warn('LDAP_Connection: ERROR, COULD NOT FIND ANY OU!!!') |
332 |
MODULE.warn('LDAP_Connection: ERROR, COULD NOT FIND ANY OU!!!') |
| 317 |
_search_base = SchoolSearchBase(['']) |
333 |
_search_base = SchoolSearchBase({}) |
| 318 |
else: |
334 |
else: |
| 319 |
MODULE.info( 'LDAP_Connection: availableSchools=%s' % availableSchools ) |
335 |
MODULE.info( 'LDAP_Connection: availableSchools=%s' % availableSchools ) |
| 320 |
_search_base = SchoolSearchBase(availableSchools) |
336 |
_search_base = SchoolSearchBase(availableSchools) |
|
|
|---|
| 325 |
The class is inteded for read access only, instead of switching the a |
341 |
The class is inteded for read access only, instead of switching the a |
| 326 |
search base, a new instance can simply be created. |
342 |
search base, a new instance can simply be created. |
| 327 |
""" |
343 |
""" |
| 328 |
def __init__( self, availableSchools, school = None, dn = None, ldapBase = None ): |
344 |
def __init__( self, availableSchools, school = None, dn = None, ldapBase = None, ): |
| 329 |
if ldapBase: |
345 |
if ldapBase: |
| 330 |
self._ldapBase = ldapBase |
346 |
self._ldapBase = ldapBase |
| 331 |
else: |
347 |
else: |
| 332 |
self._ldapBase = ucr.get('ldap/base') |
348 |
self._ldapBase = ucr.get('ldap/base') |
| 333 |
|
349 |
|
| 334 |
self._availableSchools = availableSchools |
350 |
self._availableSchools = availableSchools |
| 335 |
self._school = school or availableSchools[0] |
351 |
self._school = school |
| 336 |
# FIXME: search for OU to get correct dn |
352 |
if not self._school and len(availableSchools): |
| 337 |
self._schoolDN = dn or 'ou=%s,%s' % (self.school, self._ldapBase ) |
353 |
self._school = availableSchools.keys()[0] |
| 338 |
|
354 |
|
|
|
355 |
if dn: |
| 356 |
# school DN is given |
| 357 |
self._schoolDN = dn |
| 358 |
else: |
| 359 |
# school DN is not given, try to guess it from the dict of all schools |
| 360 |
if self.school in availableSchools: |
| 361 |
self._schoolDN = availableSchools[self.school] |
| 362 |
else: |
| 363 |
# should not happen... use a poor man's fallback |
| 364 |
MODULE.error('Could not find corresponding school DN for schoolOU "%s"!' % self.school) |
| 365 |
self._schoolDN = 'ou=%s,%s' % (self.school, self._ldapBase ) |
| 366 |
|
| 339 |
# prefixes |
367 |
# prefixes |
| 340 |
self._containerAdmins = ucr.get('ucsschool/ldap/default/container/admins', 'admins') |
368 |
self._containerAdmins = ucr.get('ucsschool/ldap/default/container/admins', 'admins') |
| 341 |
self._containerStudents = ucr.get('ucsschool/ldap/default/container/pupils', 'schueler') |
369 |
self._containerStudents = ucr.get('ucsschool/ldap/default/container/pupils', 'schueler') |
|
|
|---|
| 514 |
|
542 |
|
| 515 |
# make sure that at least one school OU |
543 |
# make sure that at least one school OU |
| 516 |
msg = '' |
544 |
msg = '' |
| 517 |
if not search_base.availableSchools[0]: |
545 |
if not len(search_base.availableSchools): |
| 518 |
request.status = MODULE_ERR |
546 |
request.status = MODULE_ERR |
| 519 |
msg = _('Could not find any school. You have to create a school before continuing. Use the \'Add school\' UMC module to create one.') |
547 |
msg = _('Could not find any school. You have to create a school before continuing. Use the \'Add school\' UMC module to create one.') |
| 520 |
|
548 |
|
| 521 |
# return list of school OUs |
549 |
# return list of school OUs |
| 522 |
self.finished(request.id, search_base.availableSchools, msg) |
550 |
self.finished(request.id, search_base.availableSchools.keys(), msg) |
| 523 |
|
551 |
|
| 524 |
def _groups( self, ldap_connection, school, ldap_base, pattern = None, scope = 'sub' ): |
552 |
def _groups( self, ldap_connection, school, ldap_base, pattern = None, scope = 'sub' ): |
| 525 |
"""Returns a list of all groups of the given school""" |
553 |
"""Returns a list of all groups of the given school""" |