2021-05-19 19:19:57 +02:00
|
|
|
""" LDAP server connection helper """
|
2013-06-07 12:13:03 +02:00
|
|
|
|
2019-06-13 19:15:13 +02:00
|
|
|
import copy
|
|
|
|
|
import datetime
|
2021-03-24 13:49:08 +01:00
|
|
|
import logging
|
|
|
|
|
|
2019-06-13 19:59:42 +02:00
|
|
|
import dateutil.parser
|
|
|
|
|
import dateutil.tz
|
2013-06-07 12:13:03 +02:00
|
|
|
import ldap
|
2023-01-16 12:56:12 +01:00
|
|
|
import pytz
|
2022-06-23 18:38:21 +02:00
|
|
|
from ldap import modlist
|
2020-12-15 18:24:50 +01:00
|
|
|
from ldap.controls import SimplePagedResultsControl
|
2021-03-24 18:16:23 +01:00
|
|
|
from ldap.controls.simple import RelaxRulesControl
|
2022-06-07 12:40:53 +02:00
|
|
|
from ldap.dn import escape_dn_chars, explode_dn
|
2013-06-07 12:13:03 +02:00
|
|
|
|
2021-06-02 18:59:09 +02:00
|
|
|
from mylib import pretty_format_dict
|
|
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__)
|
2023-01-16 12:56:12 +01:00
|
|
|
DEFAULT_ENCODING = "utf-8"
|
2021-06-02 18:59:09 +02:00
|
|
|
|
2021-05-19 19:19:57 +02:00
|
|
|
|
2023-01-16 12:56:12 +01:00
|
|
|
def decode_ldap_value(value, encoding="utf-8"):
|
|
|
|
|
"""Decoding LDAP attribute values helper"""
|
2022-06-23 18:34:48 +02:00
|
|
|
if isinstance(value, bytes):
|
2022-06-23 18:56:58 +02:00
|
|
|
return value.decode(encoding)
|
2022-06-23 18:34:48 +02:00
|
|
|
if isinstance(value, list):
|
|
|
|
|
return [decode_ldap_value(v) for v in value]
|
|
|
|
|
if isinstance(value, dict):
|
2023-01-16 12:56:12 +01:00
|
|
|
return {key: decode_ldap_value(values) for key, values in value.items()}
|
2022-06-23 18:34:48 +02:00
|
|
|
return value
|
|
|
|
|
|
|
|
|
|
|
2023-01-16 12:56:12 +01:00
|
|
|
def encode_ldap_value(value, encoding="utf-8"):
|
|
|
|
|
"""Encoding LDAP attribute values helper"""
|
2022-06-23 18:34:48 +02:00
|
|
|
if isinstance(value, str):
|
2022-06-23 18:56:58 +02:00
|
|
|
return value.encode(encoding)
|
2022-06-23 18:34:48 +02:00
|
|
|
if isinstance(value, list):
|
|
|
|
|
return [encode_ldap_value(v) for v in value]
|
|
|
|
|
if isinstance(value, dict):
|
2023-01-16 12:56:12 +01:00
|
|
|
return {key: encode_ldap_value(values) for key, values in value.items()}
|
2022-06-23 18:34:48 +02:00
|
|
|
return value
|
|
|
|
|
|
|
|
|
|
|
2021-05-19 19:19:57 +02:00
|
|
|
class LdapServer:
|
2023-01-16 12:56:12 +01:00
|
|
|
"""LDAP server connection helper""" # pylint: disable=useless-object-inheritance
|
2013-06-07 12:13:03 +02:00
|
|
|
|
2021-03-24 12:40:35 +01:00
|
|
|
uri = None
|
|
|
|
|
dn = None
|
|
|
|
|
pwd = None
|
|
|
|
|
v2 = None
|
|
|
|
|
|
|
|
|
|
con = 0
|
|
|
|
|
|
2023-01-16 12:56:12 +01:00
|
|
|
def __init__(
|
|
|
|
|
self,
|
|
|
|
|
uri,
|
|
|
|
|
dn=None,
|
|
|
|
|
pwd=None,
|
|
|
|
|
v2=None,
|
|
|
|
|
raiseOnError=False,
|
|
|
|
|
logger=False,
|
|
|
|
|
checkCert=True,
|
|
|
|
|
disableReferral=False,
|
|
|
|
|
):
|
2021-05-19 19:19:57 +02:00
|
|
|
self.uri = uri
|
|
|
|
|
self.dn = dn
|
|
|
|
|
self.pwd = pwd
|
|
|
|
|
self.raiseOnError = raiseOnError
|
2022-06-01 18:46:08 +02:00
|
|
|
self.checkCert = checkCert
|
2022-12-09 12:33:09 +01:00
|
|
|
self.disableReferral = disableReferral
|
2021-03-24 12:40:35 +01:00
|
|
|
if v2:
|
2021-05-19 19:19:57 +02:00
|
|
|
self.v2 = True
|
2021-03-24 12:40:35 +01:00
|
|
|
if logger:
|
|
|
|
|
self.logger = logger
|
|
|
|
|
else:
|
2021-05-19 18:07:42 +02:00
|
|
|
self.logger = logging.getLogger(__name__)
|
2021-03-24 12:40:35 +01:00
|
|
|
|
2021-05-19 19:19:57 +02:00
|
|
|
def _error(self, error, level=logging.WARNING):
|
2021-03-24 12:40:35 +01:00
|
|
|
if self.raiseOnError:
|
|
|
|
|
raise LdapServerException(error)
|
2021-03-24 13:49:08 +01:00
|
|
|
self.logger.log(level, error)
|
2021-03-24 12:40:35 +01:00
|
|
|
|
|
|
|
|
def connect(self):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Start connection to LDAP server"""
|
2021-03-24 12:40:35 +01:00
|
|
|
if self.con == 0:
|
|
|
|
|
try:
|
2022-06-01 18:46:08 +02:00
|
|
|
if not self.checkCert:
|
2022-06-23 18:38:21 +02:00
|
|
|
# pylint: disable=no-member
|
2022-06-01 18:46:08 +02:00
|
|
|
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
2022-12-09 12:33:09 +01:00
|
|
|
if self.disableReferral:
|
|
|
|
|
# pylint: disable=no-member
|
|
|
|
|
ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
|
2021-03-24 12:40:35 +01:00
|
|
|
con = ldap.initialize(self.uri)
|
|
|
|
|
if self.v2:
|
2021-03-24 13:49:08 +01:00
|
|
|
con.protocol_version = ldap.VERSION2 # pylint: disable=no-member
|
2021-03-24 12:40:35 +01:00
|
|
|
else:
|
2021-03-24 13:49:08 +01:00
|
|
|
con.protocol_version = ldap.VERSION3 # pylint: disable=no-member
|
2021-03-24 12:40:35 +01:00
|
|
|
|
|
|
|
|
if self.dn:
|
2021-05-19 19:19:57 +02:00
|
|
|
con.simple_bind_s(self.dn, self.pwd)
|
2023-01-16 12:56:12 +01:00
|
|
|
elif self.uri.startswith("ldapi://"):
|
2021-03-24 12:40:35 +01:00
|
|
|
con.sasl_interactive_bind_s("", ldap.sasl.external())
|
|
|
|
|
|
|
|
|
|
self.con = con
|
|
|
|
|
return True
|
2021-03-24 13:49:08 +01:00
|
|
|
except ldap.LDAPError as e: # pylint: disable=no-member
|
2022-06-23 18:38:21 +02:00
|
|
|
self._error(
|
2023-01-16 12:56:12 +01:00
|
|
|
f"LdapServer - Error connecting and binding to LDAP server: {e}",
|
|
|
|
|
logging.CRITICAL,
|
|
|
|
|
)
|
2021-03-24 12:40:35 +01:00
|
|
|
return False
|
|
|
|
|
return True
|
|
|
|
|
|
2021-03-24 13:49:08 +01:00
|
|
|
@staticmethod
|
|
|
|
|
def get_scope(scope):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Map scope parameter to python-ldap value"""
|
|
|
|
|
if scope == "base":
|
2021-03-24 13:49:08 +01:00
|
|
|
return ldap.SCOPE_BASE # pylint: disable=no-member
|
2023-01-16 12:56:12 +01:00
|
|
|
if scope == "one":
|
2021-03-24 13:49:08 +01:00
|
|
|
return ldap.SCOPE_ONELEVEL # pylint: disable=no-member
|
2023-01-16 12:56:12 +01:00
|
|
|
if scope == "sub":
|
2021-03-24 13:49:08 +01:00
|
|
|
return ldap.SCOPE_SUBTREE # pylint: disable=no-member
|
2023-10-27 13:35:59 +02:00
|
|
|
raise LdapServerException(f'Unknown LDAP scope "{scope}"')
|
2021-03-24 12:40:35 +01:00
|
|
|
|
2022-07-20 10:50:58 +02:00
|
|
|
def search(self, basedn, filterstr=None, attrs=None, sizelimit=None, scope=None):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Run a search on LDAP server"""
|
2021-11-03 17:41:15 +01:00
|
|
|
assert self.con or self.connect()
|
2021-03-24 12:40:35 +01:00
|
|
|
res_id = self.con.search(
|
|
|
|
|
basedn,
|
2023-01-16 12:56:12 +01:00
|
|
|
self.get_scope(scope if scope else "sub"),
|
|
|
|
|
filterstr if filterstr else "(objectClass=*)",
|
|
|
|
|
attrs if attrs else [],
|
2021-03-24 12:40:35 +01:00
|
|
|
)
|
|
|
|
|
ret = {}
|
|
|
|
|
c = 0
|
|
|
|
|
while True:
|
2021-05-19 19:19:57 +02:00
|
|
|
res_type, res_data = self.con.result(res_id, 0)
|
2021-03-24 12:40:35 +01:00
|
|
|
if res_data == [] or (sizelimit and c > sizelimit):
|
|
|
|
|
break
|
2021-03-24 13:49:08 +01:00
|
|
|
if res_type == ldap.RES_SEARCH_ENTRY: # pylint: disable=no-member
|
|
|
|
|
ret[res_data[0][0]] = res_data[0][1]
|
2021-03-24 12:40:35 +01:00
|
|
|
c += 1
|
|
|
|
|
return ret
|
|
|
|
|
|
|
|
|
|
def get_object(self, dn, filterstr=None, attrs=None):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Retrieve a LDAP object specified by its DN"""
|
|
|
|
|
result = self.search(dn, filterstr=filterstr, scope="base", attrs=attrs)
|
2021-03-24 12:40:35 +01:00
|
|
|
return result[dn] if dn in result else None
|
|
|
|
|
|
2023-01-16 12:56:12 +01:00
|
|
|
def paged_search(
|
|
|
|
|
self, basedn, filterstr=None, attrs=None, scope=None, pagesize=None, sizelimit=None
|
|
|
|
|
):
|
|
|
|
|
"""Run a paged search on LDAP server"""
|
2021-03-24 18:16:23 +01:00
|
|
|
assert not self.v2, "Paged search is not available on LDAP version 2"
|
2021-11-03 17:41:15 +01:00
|
|
|
assert self.con or self.connect()
|
2022-07-20 10:50:58 +02:00
|
|
|
|
|
|
|
|
# Set parameters default values (if not defined)
|
2023-01-16 12:56:12 +01:00
|
|
|
filterstr = filterstr if filterstr else "(objectClass=*)"
|
2022-07-20 10:50:58 +02:00
|
|
|
attrs = attrs if attrs else []
|
2023-01-16 12:56:12 +01:00
|
|
|
scope = scope if scope else "sub"
|
2022-07-20 10:50:58 +02:00
|
|
|
pagesize = pagesize if pagesize else 500
|
|
|
|
|
|
2021-03-24 12:40:35 +01:00
|
|
|
# Initialize SimplePagedResultsControl object
|
|
|
|
|
page_control = SimplePagedResultsControl(
|
2023-01-16 12:56:12 +01:00
|
|
|
True, size=pagesize, cookie="" # Start without cookie
|
2021-03-24 12:40:35 +01:00
|
|
|
)
|
|
|
|
|
ret = {}
|
|
|
|
|
pages_count = 0
|
|
|
|
|
self.logger.debug(
|
2023-01-16 12:56:12 +01:00
|
|
|
"LdapServer - Paged search with base DN '%s', filter '%s', scope '%s', pagesize=%d"
|
|
|
|
|
" and attrs=%s",
|
2021-03-24 12:40:35 +01:00
|
|
|
basedn,
|
|
|
|
|
filterstr,
|
|
|
|
|
scope,
|
|
|
|
|
pagesize,
|
2023-01-16 12:56:12 +01:00
|
|
|
attrs,
|
2021-03-24 12:40:35 +01:00
|
|
|
)
|
|
|
|
|
while True:
|
|
|
|
|
pages_count += 1
|
|
|
|
|
self.logger.debug(
|
2023-01-16 12:56:12 +01:00
|
|
|
"LdapServer - Paged search: request page %d with a maximum of %d objects"
|
|
|
|
|
" (current total count: %d)",
|
2021-03-24 12:40:35 +01:00
|
|
|
pages_count,
|
|
|
|
|
pagesize,
|
2023-01-16 12:56:12 +01:00
|
|
|
len(ret),
|
2021-03-24 12:40:35 +01:00
|
|
|
)
|
|
|
|
|
try:
|
|
|
|
|
res_id = self.con.search_ext(
|
2023-01-16 12:56:12 +01:00
|
|
|
basedn, self.get_scope(scope), filterstr, attrs, serverctrls=[page_control]
|
2021-03-24 12:40:35 +01:00
|
|
|
)
|
2021-03-24 13:49:08 +01:00
|
|
|
except ldap.LDAPError as e: # pylint: disable=no-member
|
2022-06-23 18:38:21 +02:00
|
|
|
self._error(
|
2023-01-16 12:56:12 +01:00
|
|
|
f"LdapServer - Error running paged search on LDAP server: {e}", logging.CRITICAL
|
|
|
|
|
)
|
2021-03-24 12:40:35 +01:00
|
|
|
return False
|
|
|
|
|
try:
|
2023-01-16 12:56:12 +01:00
|
|
|
# pylint: disable=unused-variable
|
|
|
|
|
rtype, rdata, rmsgid, rctrls = self.con.result3(res_id)
|
2021-03-24 13:49:08 +01:00
|
|
|
except ldap.LDAPError as e: # pylint: disable=no-member
|
2022-06-23 18:38:21 +02:00
|
|
|
self._error(
|
2023-01-16 12:56:12 +01:00
|
|
|
f"LdapServer - Error pulling paged search result from LDAP server: {e}",
|
|
|
|
|
logging.CRITICAL,
|
|
|
|
|
)
|
2021-03-24 12:40:35 +01:00
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
# Detect and catch PagedResultsControl answer from rctrls
|
|
|
|
|
result_page_control = None
|
|
|
|
|
if rctrls:
|
|
|
|
|
for rctrl in rctrls:
|
|
|
|
|
if rctrl.controlType == SimplePagedResultsControl.controlType:
|
|
|
|
|
result_page_control = rctrl
|
|
|
|
|
break
|
|
|
|
|
|
2024-03-15 09:52:23 +01:00
|
|
|
# If PagedResultsControl answer not detected, paged search
|
2021-03-24 12:40:35 +01:00
|
|
|
if not result_page_control:
|
2022-06-23 18:38:21 +02:00
|
|
|
self._error(
|
2023-01-16 12:56:12 +01:00
|
|
|
"LdapServer - Server ignores RFC2696 control, paged search can not works",
|
|
|
|
|
logging.CRITICAL,
|
|
|
|
|
)
|
2021-03-24 12:40:35 +01:00
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
# Store results of this page
|
|
|
|
|
for obj_dn, obj_attrs in rdata:
|
|
|
|
|
ret[obj_dn] = obj_attrs
|
2022-07-20 10:50:58 +02:00
|
|
|
# If sizelimit reached, stop
|
|
|
|
|
if sizelimit and len(ret) >= sizelimit:
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
# If sizelimit reached, stop
|
|
|
|
|
if sizelimit and len(ret) >= sizelimit:
|
|
|
|
|
break
|
2021-03-24 12:40:35 +01:00
|
|
|
|
|
|
|
|
# If no cookie returned, we are done
|
|
|
|
|
if not result_page_control.cookie:
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
# Otherwise, set cookie for the next search
|
|
|
|
|
page_control.cookie = result_page_control.cookie
|
|
|
|
|
|
2023-01-16 12:56:12 +01:00
|
|
|
self.logger.debug(
|
2024-03-15 09:52:23 +01:00
|
|
|
"LdapServer - Paged search end: %d object(s) retrieved in %d page(s) of %d object(s)",
|
2023-01-16 12:56:12 +01:00
|
|
|
len(ret),
|
|
|
|
|
pages_count,
|
|
|
|
|
pagesize,
|
|
|
|
|
)
|
2021-03-24 12:40:35 +01:00
|
|
|
return ret
|
|
|
|
|
|
2022-06-23 18:34:48 +02:00
|
|
|
def add_object(self, dn, attrs, encode=False):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Add an object in LDAP directory"""
|
2022-06-23 18:34:48 +02:00
|
|
|
ldif = modlist.addModlist(encode_ldap_value(attrs) if encode else attrs)
|
2021-11-03 17:41:15 +01:00
|
|
|
assert self.con or self.connect()
|
2021-03-24 12:40:35 +01:00
|
|
|
try:
|
2021-03-24 13:49:08 +01:00
|
|
|
self.logger.debug("LdapServer - Add %s", dn)
|
2021-05-19 19:19:57 +02:00
|
|
|
self.con.add_s(dn, ldif)
|
2021-03-24 12:40:35 +01:00
|
|
|
return True
|
2021-03-24 13:49:08 +01:00
|
|
|
except ldap.LDAPError as e: # pylint: disable=no-member
|
2023-01-16 12:56:12 +01:00
|
|
|
self._error(f"LdapServer - Error adding {dn}: {e}", logging.ERROR)
|
2021-03-24 12:40:35 +01:00
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
2022-06-23 18:34:48 +02:00
|
|
|
def update_object(self, dn, old, new, ignore_attrs=None, relax=False, encode=False):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Update an object in LDAP directory"""
|
2021-03-24 18:16:23 +01:00
|
|
|
assert not relax or not self.v2, "Relax modification is not available on LDAP version 2"
|
2021-03-24 13:49:08 +01:00
|
|
|
ldif = modlist.modifyModlist(
|
2022-06-23 18:34:48 +02:00
|
|
|
encode_ldap_value(old) if encode else old,
|
|
|
|
|
encode_ldap_value(new) if encode else new,
|
2023-01-16 12:56:12 +01:00
|
|
|
ignore_attr_types=ignore_attrs if ignore_attrs else [],
|
2021-03-24 13:49:08 +01:00
|
|
|
)
|
2022-06-23 18:38:21 +02:00
|
|
|
if not ldif:
|
2021-03-24 12:40:35 +01:00
|
|
|
return True
|
2021-11-03 17:41:15 +01:00
|
|
|
assert self.con or self.connect()
|
2021-03-24 12:40:35 +01:00
|
|
|
try:
|
2021-03-24 18:16:23 +01:00
|
|
|
if relax:
|
|
|
|
|
self.con.modify_ext_s(dn, ldif, serverctrls=[RelaxRulesControl()])
|
|
|
|
|
else:
|
|
|
|
|
self.con.modify_s(dn, ldif)
|
2021-03-24 12:40:35 +01:00
|
|
|
return True
|
2021-03-24 13:49:08 +01:00
|
|
|
except ldap.LDAPError as e: # pylint: disable=no-member
|
2022-06-23 18:38:21 +02:00
|
|
|
self._error(
|
2023-01-16 12:56:12 +01:00
|
|
|
f"LdapServer - Error updating {dn} : {e}\nOld: {old}\nNew: {new}", logging.ERROR
|
|
|
|
|
)
|
2021-03-24 12:40:35 +01:00
|
|
|
return False
|
|
|
|
|
|
2023-05-03 11:14:18 +02:00
|
|
|
@classmethod
|
|
|
|
|
def update_need(cls, old, new, ignore_attrs=None, encode=False):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Check if an update is need on a LDAP object based on its old and new attributes values"""
|
2023-05-03 11:14:18 +02:00
|
|
|
ldif = cls.get_changes(old, new, ignore_attrs=ignore_attrs, encode=encode)
|
2022-06-23 18:38:21 +02:00
|
|
|
if not ldif:
|
2021-03-24 12:40:35 +01:00
|
|
|
return False
|
|
|
|
|
return True
|
|
|
|
|
|
2021-03-24 13:49:08 +01:00
|
|
|
@staticmethod
|
2022-06-23 18:34:48 +02:00
|
|
|
def get_changes(old, new, ignore_attrs=None, encode=False):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Retrieve changes (as modlist) on an object based on its old and new attributes values"""
|
2021-03-24 13:49:08 +01:00
|
|
|
return modlist.modifyModlist(
|
2022-06-23 18:34:48 +02:00
|
|
|
encode_ldap_value(old) if encode else old,
|
|
|
|
|
encode_ldap_value(new) if encode else new,
|
2023-01-16 12:56:12 +01:00
|
|
|
ignore_attr_types=ignore_attrs if ignore_attrs else [],
|
2021-03-24 13:49:08 +01:00
|
|
|
)
|
2021-03-24 12:40:35 +01:00
|
|
|
|
2023-05-03 11:14:18 +02:00
|
|
|
@classmethod
|
|
|
|
|
def format_changes(cls, old, new, ignore_attrs=None, prefix=None, encode=False):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""
|
|
|
|
|
Format changes (modlist) on an object based on its old and new attributes values to
|
|
|
|
|
display/log it
|
|
|
|
|
"""
|
2023-05-03 11:14:18 +02:00
|
|
|
return cls.format_modify_modlist(
|
|
|
|
|
cls.get_changes(old, new, ignore_attrs=ignore_attrs, encode=encode),
|
|
|
|
|
prefix=prefix,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def format_modify_modlist(ldif, prefix=None):
|
|
|
|
|
"""Format modify modlist to display/log it"""
|
2021-03-24 12:40:35 +01:00
|
|
|
msg = []
|
2023-01-16 12:56:12 +01:00
|
|
|
prefix = prefix if prefix else ""
|
2023-05-03 11:14:18 +02:00
|
|
|
for op, attr, val in ldif:
|
2021-03-24 13:49:08 +01:00
|
|
|
if op == ldap.MOD_ADD: # pylint: disable=no-member
|
2023-01-16 12:56:12 +01:00
|
|
|
op = "ADD"
|
2021-03-24 13:49:08 +01:00
|
|
|
elif op == ldap.MOD_DELETE: # pylint: disable=no-member
|
2023-01-16 12:56:12 +01:00
|
|
|
op = "DELETE"
|
2021-03-24 13:49:08 +01:00
|
|
|
elif op == ldap.MOD_REPLACE: # pylint: disable=no-member
|
2023-01-16 12:56:12 +01:00
|
|
|
op = "REPLACE"
|
2021-03-24 12:40:35 +01:00
|
|
|
else:
|
2023-01-16 12:56:12 +01:00
|
|
|
op = f"UNKNOWN (={op})"
|
|
|
|
|
if val is None and op == "DELETE":
|
|
|
|
|
msg.append(f"{prefix} - {op} {attr}")
|
2021-03-24 12:40:35 +01:00
|
|
|
else:
|
2023-01-16 12:56:12 +01:00
|
|
|
msg.append(f"{prefix} - {op} {attr}: {val}")
|
|
|
|
|
return "\n".join(msg)
|
2021-03-24 12:40:35 +01:00
|
|
|
|
|
|
|
|
def rename_object(self, dn, new_rdn, new_sup=None, delete_old=True):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Rename an object in LDAP directory"""
|
2021-03-24 12:40:35 +01:00
|
|
|
# If new_rdn is a complete DN, split new RDN and new superior DN
|
2022-06-07 12:40:53 +02:00
|
|
|
if len(explode_dn(new_rdn)) > 1:
|
2021-03-24 12:40:35 +01:00
|
|
|
self.logger.debug(
|
2023-01-16 12:56:12 +01:00
|
|
|
"LdapServer - Rename with a full new DN detected (%s): split new RDN and new"
|
|
|
|
|
" superior DN",
|
|
|
|
|
new_rdn,
|
2021-03-24 12:40:35 +01:00
|
|
|
)
|
2023-01-16 12:56:12 +01:00
|
|
|
assert (
|
|
|
|
|
new_sup is None
|
|
|
|
|
), "You can't provide a complete DN as new_rdn and also provide new_sup parameter"
|
2022-06-07 12:40:53 +02:00
|
|
|
new_dn_parts = explode_dn(new_rdn)
|
2023-01-16 12:56:12 +01:00
|
|
|
new_sup = ",".join(new_dn_parts[1:])
|
2021-03-24 12:40:35 +01:00
|
|
|
new_rdn = new_dn_parts[0]
|
2021-11-03 17:41:15 +01:00
|
|
|
assert self.con or self.connect()
|
2021-03-24 12:40:35 +01:00
|
|
|
try:
|
|
|
|
|
self.logger.debug(
|
|
|
|
|
"LdapServer - Rename %s in %s (new superior: %s, delete old: %s)",
|
|
|
|
|
dn,
|
|
|
|
|
new_rdn,
|
|
|
|
|
"same" if new_sup is None else new_sup,
|
2023-01-16 12:56:12 +01:00
|
|
|
delete_old,
|
2021-03-24 12:40:35 +01:00
|
|
|
)
|
|
|
|
|
self.con.rename_s(dn, new_rdn, newsuperior=new_sup, delold=delete_old)
|
|
|
|
|
return True
|
2021-03-24 13:49:08 +01:00
|
|
|
except ldap.LDAPError as e: # pylint: disable=no-member
|
2021-03-24 12:40:35 +01:00
|
|
|
self._error(
|
2023-01-16 12:56:12 +01:00
|
|
|
f"LdapServer - Error renaming {dn} in {new_rdn} "
|
2022-06-23 18:38:21 +02:00
|
|
|
f'(new superior: {"same" if new_sup is None else new_sup}, '
|
2023-01-16 12:56:12 +01:00
|
|
|
f"delete old: {delete_old}): {e}",
|
|
|
|
|
logging.ERROR,
|
2021-03-24 12:40:35 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
2021-03-24 13:49:08 +01:00
|
|
|
def drop_object(self, dn):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Drop an object in LDAP directory"""
|
2021-11-03 17:41:15 +01:00
|
|
|
assert self.con or self.connect()
|
2021-03-24 12:40:35 +01:00
|
|
|
try:
|
2021-03-24 13:49:08 +01:00
|
|
|
self.logger.debug("LdapServer - Delete %s", dn)
|
2021-03-24 12:40:35 +01:00
|
|
|
self.con.delete_s(dn)
|
|
|
|
|
return True
|
2021-03-24 13:49:08 +01:00
|
|
|
except ldap.LDAPError as e: # pylint: disable=no-member
|
2023-01-16 12:56:12 +01:00
|
|
|
self._error(f"LdapServer - Error deleting {dn}: {e}", logging.ERROR)
|
2021-03-24 12:40:35 +01:00
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
2021-03-24 13:49:08 +01:00
|
|
|
@staticmethod
|
|
|
|
|
def get_dn(obj):
|
2024-03-15 09:52:23 +01:00
|
|
|
"""Retrieve an on object DN from its entry in LDAP search result"""
|
2021-03-24 12:40:35 +01:00
|
|
|
return obj[0][0]
|
|
|
|
|
|
2021-03-24 13:49:08 +01:00
|
|
|
@staticmethod
|
2022-06-23 18:34:48 +02:00
|
|
|
def get_attr(obj, attr, all_values=None, default=None, decode=False):
|
2024-03-15 09:52:23 +01:00
|
|
|
"""Retrieve an on object attribute value(s) from the object entry in LDAP search result"""
|
2021-03-24 12:40:35 +01:00
|
|
|
if attr not in obj:
|
|
|
|
|
for k in obj:
|
|
|
|
|
if k.lower() == attr.lower():
|
|
|
|
|
attr = k
|
|
|
|
|
break
|
2022-06-23 18:34:48 +02:00
|
|
|
if all_values:
|
2021-03-24 12:40:35 +01:00
|
|
|
if attr in obj:
|
2022-06-23 18:34:48 +02:00
|
|
|
return decode_ldap_value(obj[attr]) if decode else obj[attr]
|
2021-03-24 13:49:08 +01:00
|
|
|
return default or []
|
|
|
|
|
if attr in obj:
|
2022-06-23 18:34:48 +02:00
|
|
|
return decode_ldap_value(obj[attr][0]) if decode else obj[attr][0]
|
2021-03-24 13:49:08 +01:00
|
|
|
return default
|
2015-04-01 17:07:49 +02:00
|
|
|
|
2021-05-19 19:19:57 +02:00
|
|
|
|
2023-10-27 13:35:59 +02:00
|
|
|
class LdapException(BaseException):
|
|
|
|
|
"""Generic LDAP exception"""
|
2019-06-13 19:15:13 +02:00
|
|
|
|
2021-06-02 18:59:09 +02:00
|
|
|
|
2023-10-27 13:35:59 +02:00
|
|
|
class LdapServerException(LdapException):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Generic exception raised by LdapServer"""
|
2021-06-02 18:59:09 +02:00
|
|
|
|
2023-10-27 13:35:59 +02:00
|
|
|
|
|
|
|
|
class LdapClientException(LdapException):
|
|
|
|
|
"""Generic exception raised by LdapClient"""
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class LdapClient:
|
|
|
|
|
|
2023-01-16 12:56:12 +01:00
|
|
|
"""LDAP Client (based on python-mylib.LdapServer)"""
|
2021-06-02 18:59:09 +02:00
|
|
|
|
2021-11-03 17:41:15 +01:00
|
|
|
_options = {}
|
|
|
|
|
_config = None
|
|
|
|
|
_config_section = None
|
|
|
|
|
|
|
|
|
|
# Connection
|
|
|
|
|
_conn = None
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
# Cache objects
|
2022-05-27 14:11:40 +02:00
|
|
|
_cached_objects = None
|
2021-06-02 18:59:09 +02:00
|
|
|
|
2023-01-16 12:56:12 +01:00
|
|
|
def __init__(
|
|
|
|
|
self, options=None, options_prefix=None, config=None, config_section=None, initialize=False
|
|
|
|
|
):
|
2021-11-03 17:41:15 +01:00
|
|
|
self._options = options if options else {}
|
2023-01-16 12:56:12 +01:00
|
|
|
self._options_prefix = options_prefix if options_prefix else "ldap_"
|
2021-11-03 17:41:15 +01:00
|
|
|
self._config = config if config else None
|
2023-01-16 12:56:12 +01:00
|
|
|
self._config_section = config_section if config_section else "ldap"
|
2022-05-27 14:11:40 +02:00
|
|
|
self._cached_objects = {}
|
2021-11-03 17:41:15 +01:00
|
|
|
if initialize:
|
|
|
|
|
self.initialize()
|
2021-06-02 18:59:09 +02:00
|
|
|
|
2022-05-27 12:53:11 +02:00
|
|
|
def _get_option(self, option, default=None, required=False):
|
2024-03-15 09:52:23 +01:00
|
|
|
"""Retrieve option value"""
|
2021-11-03 17:41:15 +01:00
|
|
|
if self._options and hasattr(self._options, self._options_prefix + option):
|
|
|
|
|
return getattr(self._options, self._options_prefix + option)
|
|
|
|
|
|
|
|
|
|
if self._config and self._config.defined(self._config_section, option):
|
|
|
|
|
return self._config.get(self._config_section, option)
|
|
|
|
|
|
2023-01-16 12:56:12 +01:00
|
|
|
assert not required, f"Options {option} not defined"
|
2021-11-03 17:41:15 +01:00
|
|
|
|
|
|
|
|
return default
|
|
|
|
|
|
2022-05-27 15:29:16 +02:00
|
|
|
@property
|
|
|
|
|
def _just_try(self):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Check if just-try mode is enabled"""
|
2022-05-27 15:29:16 +02:00
|
|
|
return self._get_option(
|
2023-01-16 12:56:12 +01:00
|
|
|
"just_try", default=(self._config.get_option("just_try") if self._config else False)
|
2022-05-27 15:29:16 +02:00
|
|
|
)
|
|
|
|
|
|
2021-11-03 17:41:15 +01:00
|
|
|
def configure(self, comment=None, **kwargs):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Configure options on registered mylib.Config object"""
|
|
|
|
|
assert self._config, (
|
|
|
|
|
"mylib.Config object not registered. Must be passed to __init__ as config keyword"
|
|
|
|
|
" argument."
|
|
|
|
|
)
|
2021-11-03 17:41:15 +01:00
|
|
|
|
2021-11-23 13:08:44 +01:00
|
|
|
# Load configuration option types only here to avoid global
|
|
|
|
|
# dependency of ldap module with config one.
|
2022-06-01 18:46:08 +02:00
|
|
|
# pylint: disable=import-outside-toplevel
|
2023-01-16 12:56:12 +01:00
|
|
|
from mylib.config import BooleanOption, PasswordOption, StringOption
|
2021-11-03 17:41:15 +01:00
|
|
|
|
|
|
|
|
section = self._config.add_section(
|
|
|
|
|
self._config_section,
|
2023-01-16 12:56:12 +01:00
|
|
|
comment=comment if comment else "LDAP connection",
|
|
|
|
|
loaded_callback=self.initialize,
|
|
|
|
|
**kwargs,
|
|
|
|
|
)
|
2021-11-03 17:41:15 +01:00
|
|
|
|
|
|
|
|
section.add_option(
|
2023-01-16 12:56:12 +01:00
|
|
|
StringOption, "uri", default="ldap://localhost", comment="LDAP server URI"
|
|
|
|
|
)
|
|
|
|
|
section.add_option(StringOption, "binddn", comment="LDAP Bind DN")
|
2021-11-03 17:41:15 +01:00
|
|
|
section.add_option(
|
2023-01-16 12:56:12 +01:00
|
|
|
PasswordOption,
|
|
|
|
|
"bindpwd",
|
2021-11-03 17:41:15 +01:00
|
|
|
comment='LDAP Bind password (set to "keyring" to use XDG keyring)',
|
2023-01-16 12:56:12 +01:00
|
|
|
username_option="binddn",
|
|
|
|
|
keyring_value="keyring",
|
|
|
|
|
)
|
2022-06-01 18:46:08 +02:00
|
|
|
section.add_option(
|
2023-01-16 12:56:12 +01:00
|
|
|
BooleanOption, "checkcert", default=True, comment="Check LDAP certificate"
|
|
|
|
|
)
|
2022-12-09 12:33:09 +01:00
|
|
|
section.add_option(
|
2023-01-16 12:56:12 +01:00
|
|
|
BooleanOption, "disablereferral", default=False, comment="Disable referral following"
|
|
|
|
|
)
|
2021-11-03 17:41:15 +01:00
|
|
|
|
|
|
|
|
return section
|
|
|
|
|
|
|
|
|
|
def initialize(self, loaded_config=None):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Initialize LDAP connection"""
|
2021-11-03 17:41:15 +01:00
|
|
|
if loaded_config:
|
|
|
|
|
self.config = loaded_config
|
2023-01-16 12:56:12 +01:00
|
|
|
uri = self._get_option("uri", required=True)
|
|
|
|
|
binddn = self._get_option("binddn")
|
2024-03-15 09:52:23 +01:00
|
|
|
log.info("Connect to LDAP server %s as %s", uri, binddn if binddn else "anonymous")
|
2021-11-03 17:41:15 +01:00
|
|
|
self._conn = LdapServer(
|
2023-01-16 12:56:12 +01:00
|
|
|
uri,
|
|
|
|
|
dn=binddn,
|
|
|
|
|
pwd=self._get_option("bindpwd"),
|
|
|
|
|
checkCert=self._get_option("checkcert"),
|
|
|
|
|
disableReferral=self._get_option("disablereferral"),
|
|
|
|
|
raiseOnError=True,
|
2021-11-03 17:41:15 +01:00
|
|
|
)
|
2022-05-27 14:11:40 +02:00
|
|
|
# Reset cache
|
|
|
|
|
self._cached_objects = {}
|
2021-11-03 17:41:15 +01:00
|
|
|
return self._conn.connect()
|
|
|
|
|
|
|
|
|
|
def decode(self, value):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Decode LDAP attribute value"""
|
2021-06-02 18:59:09 +02:00
|
|
|
if isinstance(value, list):
|
2021-11-03 17:41:15 +01:00
|
|
|
return [self.decode(v) for v in value]
|
2021-06-02 18:59:09 +02:00
|
|
|
if isinstance(value, str):
|
|
|
|
|
return value
|
2021-11-03 17:41:15 +01:00
|
|
|
return value.decode(
|
2023-01-16 12:56:12 +01:00
|
|
|
self._get_option("encoding", default=DEFAULT_ENCODING),
|
|
|
|
|
self._get_option("encoding_error_policy", default="ignore"),
|
2021-11-03 17:41:15 +01:00
|
|
|
)
|
2021-06-02 18:59:09 +02:00
|
|
|
|
2021-11-03 17:41:15 +01:00
|
|
|
def encode(self, value):
|
2023-01-16 12:56:12 +01:00
|
|
|
"""Encode LDAP attribute value"""
|
2021-06-02 18:59:09 +02:00
|
|
|
if isinstance(value, list):
|
2021-11-03 17:41:15 +01:00
|
|
|
return [self.encode(v) for v in value]
|
2021-06-02 18:59:09 +02:00
|
|
|
if isinstance(value, bytes):
|
|
|
|
|
return value
|
2023-01-16 12:56:12 +01:00
|
|
|
return value.encode(self._get_option("encoding", default=DEFAULT_ENCODING))
|
2021-06-02 18:59:09 +02:00
|
|
|
|
2021-11-03 17:41:15 +01:00
|
|
|
def _get_obj(self, dn, attrs):
|
|
|
|
|
"""
|
|
|
|
|
Build and return LDAP object as dict
|
|
|
|
|
|
|
|
|
|
:param dn: The object DN
|
|
|
|
|
:param attrs: The object attributes as return by python-ldap search
|
|
|
|
|
"""
|
2023-10-27 13:35:59 +02:00
|
|
|
obj = {"dn": dn}
|
2021-06-02 18:59:09 +02:00
|
|
|
for attr in attrs:
|
2022-06-23 18:34:48 +02:00
|
|
|
obj[attr] = [self.decode(v) for v in self._conn.get_attr(attrs, attr, all_values=True)]
|
2021-06-02 18:59:09 +02:00
|
|
|
return obj
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def get_attr(obj, attr, default="", all_values=False):
|
2021-11-03 17:41:15 +01:00
|
|
|
"""
|
|
|
|
|
Get LDAP object attribute value(s)
|
|
|
|
|
|
|
|
|
|
:param obj: The LDAP object as returned by get_object()/get_objects
|
|
|
|
|
:param attr: The attribute name
|
|
|
|
|
:param all_values: If True, all values of the attribute will be
|
|
|
|
|
returned instead of the first value only
|
2024-03-15 09:52:23 +01:00
|
|
|
(optional, default: False)
|
2021-11-03 17:41:15 +01:00
|
|
|
"""
|
2021-12-08 16:58:58 +01:00
|
|
|
if attr not in obj:
|
|
|
|
|
for k in obj:
|
|
|
|
|
if k.lower() == attr.lower():
|
|
|
|
|
attr = k
|
|
|
|
|
break
|
2021-06-02 18:59:09 +02:00
|
|
|
vals = obj.get(attr, [])
|
|
|
|
|
if vals:
|
|
|
|
|
return vals if all_values else vals[0]
|
|
|
|
|
return default if default or not all_values else []
|
|
|
|
|
|
2023-01-16 12:56:12 +01:00
|
|
|
def get_objects(
|
|
|
|
|
self,
|
|
|
|
|
name,
|
|
|
|
|
filterstr,
|
|
|
|
|
basedn,
|
|
|
|
|
attrs,
|
|
|
|
|
key_attr=None,
|
|
|
|
|
warn=True,
|
|
|
|
|
paged_search=False,
|
|
|
|
|
pagesize=None,
|
|
|
|
|
):
|
2021-11-03 17:41:15 +01:00
|
|
|
"""
|
|
|
|
|
Retrieve objects from LDAP
|
|
|
|
|
|
|
|
|
|
:param name: The object type name
|
|
|
|
|
:param filterstr: The LDAP filter to use to search objects on LDAP directory
|
|
|
|
|
:param basedn: The base DN of the search
|
2024-03-15 09:52:23 +01:00
|
|
|
:param attrs: The list of attribute names to retrieve
|
2021-11-03 17:41:15 +01:00
|
|
|
:param key_attr: The attribute name or 'dn' to use as key in result
|
|
|
|
|
(optional, if leave to None, the result will be a list)
|
|
|
|
|
:param warn: If True, a warning message will be logged if no object is found
|
|
|
|
|
in LDAP directory (otherwise, it will be just a debug message)
|
|
|
|
|
(optional, default: True)
|
2022-07-20 10:52:10 +02:00
|
|
|
:param paged_search: If True, use paged search to list objects from LDAP directory
|
|
|
|
|
(optional, default: False)
|
|
|
|
|
:param pagesize: When using paged search, the page size
|
|
|
|
|
(optional, default: see LdapServer.paged_search)
|
2021-11-03 17:41:15 +01:00
|
|
|
"""
|
2021-06-02 18:59:09 +02:00
|
|
|
if name in self._cached_objects:
|
2024-03-15 09:52:23 +01:00
|
|
|
log.debug("Retrieved %s objects from cache", name)
|
2021-06-02 18:59:09 +02:00
|
|
|
else:
|
2021-11-03 17:41:15 +01:00
|
|
|
assert self._conn or self.initialize()
|
2023-01-16 12:56:12 +01:00
|
|
|
log.debug(
|
|
|
|
|
'Looking for LDAP %s with (filter="%s" / basedn="%s")', name, filterstr, basedn
|
|
|
|
|
)
|
2022-07-20 10:52:10 +02:00
|
|
|
if paged_search:
|
|
|
|
|
ldap_data = self._conn.paged_search(
|
2023-01-16 12:56:12 +01:00
|
|
|
basedn=basedn, filterstr=filterstr, attrs=attrs, pagesize=pagesize
|
2022-07-20 10:52:10 +02:00
|
|
|
)
|
|
|
|
|
else:
|
|
|
|
|
ldap_data = self._conn.search(
|
2023-01-16 12:56:12 +01:00
|
|
|
basedn=basedn,
|
|
|
|
|
filterstr=filterstr,
|
|
|
|
|
attrs=attrs,
|
2022-07-20 10:52:10 +02:00
|
|
|
)
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
if not ldap_data:
|
|
|
|
|
if warn:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.warning("No %s found in LDAP", name)
|
2021-06-02 18:59:09 +02:00
|
|
|
else:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.debug("No %s found in LDAP", name)
|
2021-06-02 18:59:09 +02:00
|
|
|
return {}
|
|
|
|
|
|
|
|
|
|
objects = {}
|
|
|
|
|
for obj_dn, obj_attrs in ldap_data.items():
|
2022-12-02 12:09:40 +01:00
|
|
|
# Ignore invalid result (view with an AD)
|
|
|
|
|
if not obj_dn or not isinstance(obj_attrs, dict):
|
|
|
|
|
continue
|
2021-11-03 17:41:15 +01:00
|
|
|
objects[obj_dn] = self._get_obj(obj_dn, obj_attrs)
|
2021-06-02 18:59:09 +02:00
|
|
|
self._cached_objects[name] = objects
|
2023-01-16 12:56:12 +01:00
|
|
|
if not key_attr or key_attr == "dn":
|
2021-06-02 18:59:09 +02:00
|
|
|
return self._cached_objects[name]
|
2023-01-16 12:56:12 +01:00
|
|
|
return {
|
|
|
|
|
self.get_attr(self._cached_objects[name][dn], key_attr): self._cached_objects[name][dn]
|
2021-06-02 18:59:09 +02:00
|
|
|
for dn in self._cached_objects[name]
|
2023-01-16 12:56:12 +01:00
|
|
|
}
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
def get_object(self, type_name, object_name, filterstr, basedn, attrs, warn=True):
|
2021-11-03 17:41:15 +01:00
|
|
|
"""
|
|
|
|
|
Retrieve an object from LDAP specified using LDAP search parameters
|
|
|
|
|
|
|
|
|
|
Only one object is excepted to be returned by the LDAP search, otherwise, one
|
|
|
|
|
LdapClientException will be raised.
|
|
|
|
|
|
|
|
|
|
:param type_name: The object type name
|
|
|
|
|
:param object_name: The object name (only use in log messages)
|
|
|
|
|
:param filterstr: The LDAP filter to use to search the object on LDAP directory
|
|
|
|
|
:param basedn: The base DN of the search
|
2024-03-15 09:52:23 +01:00
|
|
|
:param attrs: The list of attribute names to retrieve
|
2021-11-03 17:41:15 +01:00
|
|
|
:param warn: If True, a warning message will be logged if no object is found
|
|
|
|
|
in LDAP directory (otherwise, it will be just a debug message)
|
|
|
|
|
(optional, default: True)
|
|
|
|
|
"""
|
|
|
|
|
assert self._conn or self.initialize()
|
2023-01-16 12:56:12 +01:00
|
|
|
log.debug(
|
|
|
|
|
'Looking for LDAP %s "%s" with (filter="%s" / basedn="%s")',
|
|
|
|
|
type_name,
|
|
|
|
|
object_name,
|
|
|
|
|
filterstr,
|
|
|
|
|
basedn,
|
2021-06-02 18:59:09 +02:00
|
|
|
)
|
2023-01-16 12:56:12 +01:00
|
|
|
ldap_data = self._conn.search(basedn=basedn, filterstr=filterstr, attrs=attrs)
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
if not ldap_data:
|
|
|
|
|
if warn:
|
|
|
|
|
log.warning('No %s "%s" found in LDAP', type_name, object_name)
|
|
|
|
|
else:
|
|
|
|
|
log.debug('No %s "%s" found in LDAP', type_name, object_name)
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
if len(ldap_data) > 1:
|
2022-06-23 18:38:21 +02:00
|
|
|
raise LdapClientException(
|
2023-01-16 12:56:12 +01:00
|
|
|
f'More than one {type_name} "{object_name}": {" / ".join(ldap_data.keys())}'
|
|
|
|
|
)
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
dn = next(iter(ldap_data))
|
2021-11-03 17:41:15 +01:00
|
|
|
return self._get_obj(dn, ldap_data[dn])
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
def get_object_by_dn(self, type_name, dn, populate_cache_method=None, warn=True):
|
2021-11-03 17:41:15 +01:00
|
|
|
"""
|
|
|
|
|
Retrieve an LDAP object specified by its DN from cache
|
|
|
|
|
|
|
|
|
|
:param type_name: The object type name
|
|
|
|
|
:param dn: The object DN
|
|
|
|
|
:param populate_cache_method: The method to use is cache of LDAP object type
|
|
|
|
|
is not already populated (optional, default,
|
|
|
|
|
False is returned)
|
|
|
|
|
:param warn: If True, a warning message will be logged if object is not found
|
|
|
|
|
in cache (otherwise, it will be just a debug message)
|
|
|
|
|
(optional, default: True)
|
|
|
|
|
"""
|
2021-06-02 18:59:09 +02:00
|
|
|
if type_name not in self._cached_objects:
|
|
|
|
|
if not populate_cache_method:
|
|
|
|
|
return False
|
|
|
|
|
populate_cache_method()
|
2021-06-03 12:26:19 +02:00
|
|
|
if type_name not in self._cached_objects:
|
|
|
|
|
if warn:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.warning("No %s found in LDAP", type_name)
|
2021-06-03 12:26:19 +02:00
|
|
|
else:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.debug("No %s found in LDAP", type_name)
|
2021-06-03 12:26:19 +02:00
|
|
|
return None
|
2021-06-02 18:59:09 +02:00
|
|
|
if dn not in self._cached_objects[type_name]:
|
|
|
|
|
if warn:
|
|
|
|
|
log.warning('No %s found with DN "%s"', type_name, dn)
|
|
|
|
|
else:
|
|
|
|
|
log.debug('No %s found with DN "%s"', type_name, dn)
|
|
|
|
|
return None
|
|
|
|
|
return self._cached_objects[type_name][dn]
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
def object_attr_mached(cls, obj, attr, value, case_sensitive=False):
|
2021-11-03 17:41:15 +01:00
|
|
|
"""
|
|
|
|
|
Determine if object's attribute matched with specified value
|
|
|
|
|
|
|
|
|
|
:param obj: The LDAP object (as returned by get_object/get_objects)
|
|
|
|
|
:param attr: The attribute name
|
|
|
|
|
:param value: The value for the match test
|
|
|
|
|
:param case_sensitive: If True, the match test will be case-sensitive
|
|
|
|
|
(optional, default: False)
|
|
|
|
|
"""
|
2021-06-02 18:59:09 +02:00
|
|
|
if case_sensitive:
|
|
|
|
|
return value in cls.get_attr(obj, attr, all_values=True)
|
|
|
|
|
return value.lower() in [v.lower() for v in cls.get_attr(obj, attr, all_values=True)]
|
|
|
|
|
|
2023-01-16 12:56:12 +01:00
|
|
|
def get_object_by_attr(
|
|
|
|
|
self, type_name, attr, value, populate_cache_method=None, case_sensitive=False, warn=True
|
|
|
|
|
):
|
2021-11-03 17:41:15 +01:00
|
|
|
"""
|
|
|
|
|
Retrieve an LDAP object specified by one of its attribute
|
|
|
|
|
|
|
|
|
|
:param type_name: The object type name
|
|
|
|
|
:param attr: The attribute name
|
|
|
|
|
:param value: The value for the match test
|
|
|
|
|
:param populate_cache_method: The method to use is cache of LDAP object type
|
|
|
|
|
is not already populated (optional, default,
|
|
|
|
|
False is returned)
|
|
|
|
|
:param case_sensitive: If True, the match test will be case-sensitive
|
|
|
|
|
(optional, default: False)
|
|
|
|
|
:param warn: If True, a warning message will be logged if object is not found
|
|
|
|
|
in cache (otherwise, it will be just a debug message)
|
|
|
|
|
(optional, default: True)
|
|
|
|
|
"""
|
2021-06-02 18:59:09 +02:00
|
|
|
if type_name not in self._cached_objects:
|
|
|
|
|
if not populate_cache_method:
|
|
|
|
|
return False
|
|
|
|
|
populate_cache_method()
|
2021-06-03 12:26:19 +02:00
|
|
|
if type_name not in self._cached_objects:
|
|
|
|
|
if warn:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.warning("No %s found in LDAP", type_name)
|
2021-06-03 12:26:19 +02:00
|
|
|
else:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.debug("No %s found in LDAP", type_name)
|
2021-06-03 12:26:19 +02:00
|
|
|
return None
|
2023-01-16 12:56:12 +01:00
|
|
|
matched = {
|
|
|
|
|
dn: obj
|
2021-06-02 18:59:09 +02:00
|
|
|
for dn, obj in self._cached_objects[type_name].items()
|
|
|
|
|
if self.object_attr_mached(obj, attr, value, case_sensitive=case_sensitive)
|
2023-01-16 12:56:12 +01:00
|
|
|
}
|
2021-06-02 18:59:09 +02:00
|
|
|
if not matched:
|
|
|
|
|
if warn:
|
|
|
|
|
log.warning('No %s found with %s="%s"', type_name, attr, value)
|
|
|
|
|
else:
|
|
|
|
|
log.debug('No %s found with %s="%s"', type_name, attr, value)
|
|
|
|
|
return None
|
|
|
|
|
if len(matched) > 1:
|
2022-06-23 18:38:21 +02:00
|
|
|
raise LdapClientException(
|
|
|
|
|
f'More than one {type_name} with {attr}="{value}" found: '
|
2023-01-16 12:56:12 +01:00
|
|
|
f'{" / ".join(matched.keys())}'
|
|
|
|
|
)
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
dn = next(iter(matched))
|
|
|
|
|
return matched[dn]
|
|
|
|
|
|
|
|
|
|
def get_changes(self, ldap_obj, attrs, protected_attrs=None):
|
|
|
|
|
"""
|
|
|
|
|
Retrieve changes on a LDAP object
|
|
|
|
|
|
|
|
|
|
:param ldap_obj: The original LDAP object
|
|
|
|
|
:param attrs: The new LDAP object attributes values
|
|
|
|
|
:param protected_attrs: Optional list of protected attributes
|
|
|
|
|
"""
|
|
|
|
|
old = {}
|
|
|
|
|
new = {}
|
2022-06-23 18:38:21 +02:00
|
|
|
protected_attrs = [a.lower() for a in protected_attrs or []]
|
2023-01-16 12:56:12 +01:00
|
|
|
protected_attrs.append("dn")
|
2021-06-02 18:59:09 +02:00
|
|
|
# New/updated attributes
|
2023-05-03 11:33:19 +02:00
|
|
|
for attr, values in attrs.items():
|
2021-06-02 18:59:09 +02:00
|
|
|
if protected_attrs and attr.lower() in protected_attrs:
|
|
|
|
|
continue
|
|
|
|
|
if attr in ldap_obj and ldap_obj[attr]:
|
2023-05-03 11:33:19 +02:00
|
|
|
if sorted(ldap_obj[attr]) == sorted(values):
|
2021-06-02 18:59:09 +02:00
|
|
|
continue
|
|
|
|
|
old[attr] = self.encode(ldap_obj[attr])
|
2023-05-03 11:33:19 +02:00
|
|
|
elif not values:
|
|
|
|
|
continue
|
|
|
|
|
new[attr] = self.encode(values)
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
# Deleted attributes
|
|
|
|
|
for attr in ldap_obj:
|
2023-01-16 12:56:12 +01:00
|
|
|
if (
|
|
|
|
|
(not protected_attrs or attr.lower() not in protected_attrs)
|
|
|
|
|
and ldap_obj[attr]
|
2023-05-03 11:33:19 +02:00
|
|
|
and not attrs.get(attr)
|
2023-01-16 12:56:12 +01:00
|
|
|
):
|
2021-06-02 18:59:09 +02:00
|
|
|
old[attr] = self.encode(ldap_obj[attr])
|
|
|
|
|
if old == new:
|
|
|
|
|
return None
|
|
|
|
|
return (old, new)
|
|
|
|
|
|
2021-07-12 13:37:41 +02:00
|
|
|
def format_changes(self, changes, protected_attrs=None, prefix=None):
|
2021-11-03 17:41:15 +01:00
|
|
|
"""
|
|
|
|
|
Format changes as string
|
|
|
|
|
|
|
|
|
|
:param changes: The changes as returned by get_changes
|
|
|
|
|
:param protected_attrs: Optional list of protected attributes
|
|
|
|
|
:param prefix: Optional prefix string for each line of the returned string
|
|
|
|
|
"""
|
|
|
|
|
assert self._conn or self.initialize()
|
|
|
|
|
return self._conn.format_changes(
|
2023-01-16 12:56:12 +01:00
|
|
|
changes[0], changes[1], ignore_attrs=protected_attrs, prefix=prefix
|
2021-07-12 13:37:41 +02:00
|
|
|
)
|
|
|
|
|
|
2021-12-08 18:19:37 +01:00
|
|
|
def update_need(self, changes, protected_attrs=None):
|
|
|
|
|
"""
|
|
|
|
|
Check if update is need
|
|
|
|
|
|
|
|
|
|
:param changes: The changes as returned by get_changes
|
|
|
|
|
"""
|
2022-06-01 18:46:37 +02:00
|
|
|
if changes is None:
|
|
|
|
|
return False
|
2021-12-08 18:19:37 +01:00
|
|
|
assert self._conn or self.initialize()
|
2023-01-16 12:56:12 +01:00
|
|
|
return self._conn.update_need(changes[0], changes[1], ignore_attrs=protected_attrs)
|
2021-12-08 18:19:37 +01:00
|
|
|
|
2021-06-02 18:59:09 +02:00
|
|
|
def add_object(self, dn, attrs):
|
|
|
|
|
"""
|
|
|
|
|
Add an object
|
|
|
|
|
|
|
|
|
|
:param dn: The LDAP object DN
|
|
|
|
|
:param attrs: The LDAP object attributes (as dict)
|
|
|
|
|
"""
|
2023-01-16 12:56:12 +01:00
|
|
|
attrs = {attr: self.encode(values) for attr, values in attrs.items() if attr != "dn"}
|
2021-06-02 18:59:09 +02:00
|
|
|
try:
|
2022-05-27 15:29:16 +02:00
|
|
|
if self._just_try:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.debug("Just-try mode : do not really add object in LDAP")
|
2021-06-02 18:59:09 +02:00
|
|
|
return True
|
2021-11-03 17:41:15 +01:00
|
|
|
assert self._conn or self.initialize()
|
|
|
|
|
return self._conn.add_object(dn, attrs)
|
2021-06-02 18:59:09 +02:00
|
|
|
except LdapServerException:
|
|
|
|
|
log.error(
|
|
|
|
|
"An error occurred adding object %s in LDAP:\n%s\n",
|
2023-01-16 12:56:12 +01:00
|
|
|
dn,
|
|
|
|
|
pretty_format_dict(attrs),
|
|
|
|
|
exc_info=True,
|
2021-06-02 18:59:09 +02:00
|
|
|
)
|
|
|
|
|
return False
|
|
|
|
|
|
2023-03-13 17:02:52 +01:00
|
|
|
def update_object(self, ldap_obj, changes, protected_attrs=None, rdn_attr=None, relax=False):
|
2021-06-02 18:59:09 +02:00
|
|
|
"""
|
|
|
|
|
Update an object
|
|
|
|
|
|
|
|
|
|
:param ldap_obj: The original LDAP object
|
2024-03-15 09:52:23 +01:00
|
|
|
:param changes: The changes to make on LDAP object (as formatted by get_changes() method)
|
2021-06-02 18:59:09 +02:00
|
|
|
:param protected_attrs: An optional list of protected attributes
|
|
|
|
|
:param rdn_attr: The LDAP object RDN attribute (to detect renaming, default: auto-detected)
|
2023-03-13 17:02:52 +01:00
|
|
|
:param rdn_attr: Enable relax modification server control (optional, default: false)
|
2021-06-02 18:59:09 +02:00
|
|
|
"""
|
2023-01-16 12:56:12 +01:00
|
|
|
assert (
|
|
|
|
|
isinstance(changes, (list, tuple))
|
|
|
|
|
and len(changes) == 2
|
|
|
|
|
and isinstance(changes[0], dict)
|
|
|
|
|
and isinstance(changes[1], dict)
|
|
|
|
|
), f"changes parameter must be a result of get_changes() method ({type(changes)} given)"
|
2022-05-27 19:54:03 +02:00
|
|
|
# In case of RDN change, we need to modify passed changes, copy it to make it unchanged in
|
|
|
|
|
# this case
|
|
|
|
|
_changes = copy.deepcopy(changes)
|
2021-06-02 18:59:09 +02:00
|
|
|
if not rdn_attr:
|
2023-01-16 12:56:12 +01:00
|
|
|
rdn_attr = ldap_obj["dn"].split("=")[0]
|
|
|
|
|
log.debug("Auto-detected RDN attribute from DN: %s => %s", ldap_obj["dn"], rdn_attr)
|
2022-05-27 19:54:03 +02:00
|
|
|
old_rdn_values = self.get_attr(_changes[0], rdn_attr, all_values=True)
|
|
|
|
|
new_rdn_values = self.get_attr(_changes[1], rdn_attr, all_values=True)
|
2021-06-02 18:59:09 +02:00
|
|
|
if old_rdn_values or new_rdn_values:
|
|
|
|
|
if not new_rdn_values:
|
|
|
|
|
log.error(
|
|
|
|
|
"%s : Attribute %s can't be deleted because it's used as RDN.",
|
2023-01-16 12:56:12 +01:00
|
|
|
ldap_obj["dn"],
|
|
|
|
|
rdn_attr,
|
2021-06-02 18:59:09 +02:00
|
|
|
)
|
|
|
|
|
return False
|
|
|
|
|
log.debug(
|
2023-01-16 12:56:12 +01:00
|
|
|
"%s: Changes detected on %s RDN attribute: must rename object before updating it",
|
|
|
|
|
ldap_obj["dn"],
|
|
|
|
|
rdn_attr,
|
2021-06-02 18:59:09 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Compute new object DN
|
2023-01-16 12:56:12 +01:00
|
|
|
dn_parts = explode_dn(self.decode(ldap_obj["dn"]))
|
|
|
|
|
basedn = ",".join(dn_parts[1:])
|
|
|
|
|
new_rdn = f"{rdn_attr}={escape_dn_chars(self.decode(new_rdn_values[0]))}"
|
|
|
|
|
new_dn = f"{new_rdn},{basedn}"
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
# Rename object
|
2023-01-16 12:56:12 +01:00
|
|
|
log.debug("%s: Rename to %s", ldap_obj["dn"], new_dn)
|
2022-06-07 12:40:53 +02:00
|
|
|
if not self.move_object(ldap_obj, new_dn):
|
2021-06-02 18:59:09 +02:00
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
# Remove RDN in changes list
|
2022-05-27 19:54:03 +02:00
|
|
|
for attr in list(_changes[0].keys()):
|
2021-06-02 18:59:09 +02:00
|
|
|
if attr.lower() == rdn_attr.lower():
|
2022-05-27 19:54:03 +02:00
|
|
|
del _changes[0][attr]
|
|
|
|
|
for attr in list(_changes[1].keys()):
|
2021-06-02 18:59:09 +02:00
|
|
|
if attr.lower() == rdn_attr.lower():
|
2022-05-27 19:54:03 +02:00
|
|
|
del _changes[1][attr]
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
# Check that there are other changes
|
2022-05-27 19:54:03 +02:00
|
|
|
if not _changes[0] and not _changes[1]:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.debug("%s: No other change after renaming", new_dn)
|
2021-06-02 18:59:09 +02:00
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
# Otherwise, update object DN
|
2023-01-16 12:56:12 +01:00
|
|
|
ldap_obj["dn"] = new_dn
|
2021-06-02 18:59:09 +02:00
|
|
|
else:
|
2024-03-15 09:52:23 +01:00
|
|
|
log.debug("%s: No change detected on RDN attribute %s", ldap_obj["dn"], rdn_attr)
|
2021-06-02 18:59:09 +02:00
|
|
|
|
|
|
|
|
try:
|
2022-05-27 15:29:16 +02:00
|
|
|
if self._just_try:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.debug("Just-try mode : do not really update object in LDAP")
|
2021-06-02 18:59:09 +02:00
|
|
|
return True
|
2021-11-03 17:41:15 +01:00
|
|
|
assert self._conn or self.initialize()
|
|
|
|
|
return self._conn.update_object(
|
2023-03-13 17:02:52 +01:00
|
|
|
ldap_obj["dn"], _changes[0], _changes[1], ignore_attrs=protected_attrs, relax=relax
|
2021-06-02 18:59:09 +02:00
|
|
|
)
|
|
|
|
|
except LdapServerException:
|
|
|
|
|
log.error(
|
|
|
|
|
"An error occurred updating object %s in LDAP:\n%s\n -> \n%s\n\n",
|
2023-01-16 12:56:12 +01:00
|
|
|
ldap_obj["dn"],
|
|
|
|
|
pretty_format_dict(_changes[0]),
|
|
|
|
|
pretty_format_dict(_changes[1]),
|
|
|
|
|
exc_info=True,
|
2021-06-02 18:59:09 +02:00
|
|
|
)
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def move_object(self, ldap_obj, new_dn_or_rdn):
|
|
|
|
|
"""
|
|
|
|
|
Move/rename an object
|
|
|
|
|
|
|
|
|
|
:param ldap_obj: The original LDAP object
|
|
|
|
|
:param new_dn_or_rdn: The new LDAP object's DN (or RDN)
|
|
|
|
|
"""
|
|
|
|
|
try:
|
2022-05-27 15:29:16 +02:00
|
|
|
if self._just_try:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.debug("Just-try mode : do not really move object in LDAP")
|
2021-06-02 18:59:09 +02:00
|
|
|
return True
|
2021-11-03 17:41:15 +01:00
|
|
|
assert self._conn or self.initialize()
|
2023-01-16 12:56:12 +01:00
|
|
|
return self._conn.rename_object(ldap_obj["dn"], new_dn_or_rdn)
|
2021-06-02 18:59:09 +02:00
|
|
|
except LdapServerException:
|
|
|
|
|
log.error(
|
|
|
|
|
"An error occurred moving object %s in LDAP (destination: %s)",
|
2023-01-16 12:56:12 +01:00
|
|
|
ldap_obj["dn"],
|
|
|
|
|
new_dn_or_rdn,
|
|
|
|
|
exc_info=True,
|
2021-06-02 18:59:09 +02:00
|
|
|
)
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def drop_object(self, ldap_obj):
|
|
|
|
|
"""
|
|
|
|
|
Drop/delete an object
|
|
|
|
|
|
|
|
|
|
:param ldap_obj: The original LDAP object to delete/drop
|
|
|
|
|
"""
|
|
|
|
|
try:
|
2022-05-27 15:29:16 +02:00
|
|
|
if self._just_try:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.debug("Just-try mode : do not really drop object in LDAP")
|
2021-06-02 18:59:09 +02:00
|
|
|
return True
|
2021-11-03 17:41:15 +01:00
|
|
|
assert self._conn or self.initialize()
|
2023-01-16 12:56:12 +01:00
|
|
|
return self._conn.drop_object(ldap_obj["dn"])
|
2021-06-02 18:59:09 +02:00
|
|
|
except LdapServerException:
|
2023-01-16 12:56:12 +01:00
|
|
|
log.error("An error occurred removing object %s in LDAP", ldap_obj["dn"], exc_info=True)
|
2021-06-02 18:59:09 +02:00
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
2019-06-13 19:15:13 +02:00
|
|
|
#
|
2021-05-19 19:19:57 +02:00
|
|
|
# LDAP date string helpers
|
2019-06-13 19:15:13 +02:00
|
|
|
#
|
2021-05-19 19:19:57 +02:00
|
|
|
|
|
|
|
|
|
2019-09-30 12:25:58 +02:00
|
|
|
def parse_datetime(value, to_timezone=None, default_timezone=None, naive=None):
|
2021-03-24 12:40:35 +01:00
|
|
|
"""
|
|
|
|
|
Convert LDAP date string to datetime.datetime object
|
|
|
|
|
|
|
|
|
|
:param value: The LDAP date string to convert
|
|
|
|
|
:param to_timezone: If specified, the return datetime will be converted to this
|
2023-01-16 12:56:12 +01:00
|
|
|
specific timezone (optional, default : timezone of the LDAP date
|
|
|
|
|
string)
|
2021-03-24 12:40:35 +01:00
|
|
|
:param default_timezone: The timezone used if LDAP date string does not specified
|
|
|
|
|
the timezone (optional, default : server local timezone)
|
2023-01-16 12:56:12 +01:00
|
|
|
:param naive: Use naive datetime : return naive datetime object (without timezone
|
|
|
|
|
conversion from LDAP)
|
2021-03-24 12:40:35 +01:00
|
|
|
"""
|
2023-01-16 12:56:12 +01:00
|
|
|
assert to_timezone is None or isinstance(
|
|
|
|
|
to_timezone, (datetime.tzinfo, str)
|
|
|
|
|
), f"to_timezone must be None, a datetime.tzinfo object or a string (not {type(to_timezone)})"
|
|
|
|
|
assert default_timezone is None or isinstance(
|
|
|
|
|
default_timezone, (datetime.tzinfo, pytz.tzinfo.DstTzInfo, str)
|
|
|
|
|
), (
|
|
|
|
|
"default_timezone parameter must be None, a string, a pytz.tzinfo.DstTzInfo or a"
|
|
|
|
|
f" datetime.tzinfo object (not {type(default_timezone)})"
|
|
|
|
|
)
|
2021-03-24 12:40:35 +01:00
|
|
|
date = dateutil.parser.parse(value, dayfirst=False)
|
|
|
|
|
if not date.tzinfo:
|
|
|
|
|
if naive:
|
|
|
|
|
return date
|
|
|
|
|
if not default_timezone:
|
|
|
|
|
default_timezone = pytz.utc
|
2023-01-16 12:56:12 +01:00
|
|
|
elif default_timezone == "local":
|
2021-03-24 12:40:35 +01:00
|
|
|
default_timezone = dateutil.tz.tzlocal()
|
|
|
|
|
elif isinstance(default_timezone, str):
|
|
|
|
|
default_timezone = pytz.timezone(default_timezone)
|
|
|
|
|
if isinstance(default_timezone, pytz.tzinfo.DstTzInfo):
|
|
|
|
|
date = default_timezone.localize(date)
|
|
|
|
|
elif isinstance(default_timezone, datetime.tzinfo):
|
|
|
|
|
date = date.replace(tzinfo=default_timezone)
|
|
|
|
|
else:
|
2023-10-27 13:35:59 +02:00
|
|
|
raise LdapException("It's not supposed to happen!")
|
2021-03-24 12:40:35 +01:00
|
|
|
elif naive:
|
|
|
|
|
return date.replace(tzinfo=None)
|
|
|
|
|
if to_timezone:
|
2023-01-16 12:56:12 +01:00
|
|
|
if to_timezone == "local":
|
2021-03-24 12:40:35 +01:00
|
|
|
to_timezone = dateutil.tz.tzlocal()
|
|
|
|
|
elif isinstance(to_timezone, str):
|
|
|
|
|
to_timezone = pytz.timezone(to_timezone)
|
|
|
|
|
return date.astimezone(to_timezone)
|
|
|
|
|
return date
|
2019-06-13 19:15:13 +02:00
|
|
|
|
2021-05-19 19:19:57 +02:00
|
|
|
|
2021-05-26 11:55:16 +02:00
|
|
|
def parse_date(value, to_timezone=None, default_timezone=None, naive=True):
|
2021-03-24 12:40:35 +01:00
|
|
|
"""
|
|
|
|
|
Convert LDAP date string to datetime.date object
|
|
|
|
|
|
|
|
|
|
:param value: The LDAP date string to convert
|
|
|
|
|
:param to_timezone: If specified, the return datetime will be converted to this
|
2023-01-16 12:56:12 +01:00
|
|
|
specific timezone (optional, default : timezone of the LDAP date
|
|
|
|
|
string)
|
2021-03-24 12:40:35 +01:00
|
|
|
:param default_timezone: The timezone used if LDAP date string does not specified
|
|
|
|
|
the timezone (optional, default : server local timezone)
|
|
|
|
|
:param naive: Use naive datetime : do not handle timezone conversion from LDAP
|
|
|
|
|
"""
|
|
|
|
|
return parse_datetime(value, to_timezone, default_timezone, naive).date()
|
2019-06-13 19:15:13 +02:00
|
|
|
|
2021-05-19 19:19:57 +02:00
|
|
|
|
2019-09-30 12:25:58 +02:00
|
|
|
def format_datetime(value, from_timezone=None, to_timezone=None, naive=None):
|
2021-03-24 12:40:35 +01:00
|
|
|
"""
|
|
|
|
|
Convert datetime.datetime object to LDAP date string
|
|
|
|
|
|
|
|
|
|
:param value: The datetime.datetime object to convert
|
|
|
|
|
:param from_timezone: The timezone used if datetime.datetime object is naive (no tzinfo)
|
|
|
|
|
(optional, default : server local timezone)
|
|
|
|
|
:param to_timezone: The timezone used in LDAP (optional, default : UTC)
|
2023-01-16 12:56:12 +01:00
|
|
|
:param naive: Use naive datetime : datetime store as UTC in LDAP (without
|
|
|
|
|
conversion)
|
2021-03-24 12:40:35 +01:00
|
|
|
"""
|
2023-01-16 12:56:12 +01:00
|
|
|
assert isinstance(
|
|
|
|
|
value, datetime.datetime
|
|
|
|
|
), f"First parameter must be an datetime.datetime object (not {type(value)})"
|
|
|
|
|
assert from_timezone is None or isinstance(
|
|
|
|
|
from_timezone, (datetime.tzinfo, pytz.tzinfo.DstTzInfo, str)
|
|
|
|
|
), (
|
|
|
|
|
"from_timezone parameter must be None, a string, a pytz.tzinfo.DstTzInfo or a"
|
|
|
|
|
f" datetime.tzinfo object (not {type(from_timezone)})"
|
|
|
|
|
)
|
|
|
|
|
assert to_timezone is None or isinstance(
|
|
|
|
|
to_timezone, (datetime.tzinfo, str)
|
|
|
|
|
), f"to_timezone must be None, a datetime.tzinfo object or a string (not {type(to_timezone)})"
|
2021-03-24 12:40:35 +01:00
|
|
|
if not value.tzinfo and not naive:
|
2023-01-16 12:56:12 +01:00
|
|
|
if not from_timezone or from_timezone == "local":
|
2021-03-24 12:40:35 +01:00
|
|
|
from_timezone = dateutil.tz.tzlocal()
|
|
|
|
|
elif isinstance(from_timezone, str):
|
|
|
|
|
from_timezone = pytz.timezone(from_timezone)
|
|
|
|
|
if isinstance(from_timezone, pytz.tzinfo.DstTzInfo):
|
|
|
|
|
from_value = from_timezone.localize(value)
|
|
|
|
|
elif isinstance(from_timezone, datetime.tzinfo):
|
|
|
|
|
from_value = value.replace(tzinfo=from_timezone)
|
|
|
|
|
else:
|
2023-10-27 13:35:59 +02:00
|
|
|
raise LdapException("It's not supposed to happen!")
|
2021-03-24 12:40:35 +01:00
|
|
|
elif naive:
|
|
|
|
|
from_value = value.replace(tzinfo=pytz.utc)
|
|
|
|
|
else:
|
|
|
|
|
from_value = copy.deepcopy(value)
|
|
|
|
|
if not to_timezone:
|
|
|
|
|
to_timezone = pytz.utc
|
2023-01-16 12:56:12 +01:00
|
|
|
elif to_timezone == "local":
|
2021-03-24 12:40:35 +01:00
|
|
|
to_timezone = dateutil.tz.tzlocal()
|
|
|
|
|
elif isinstance(to_timezone, str):
|
|
|
|
|
to_timezone = pytz.timezone(to_timezone)
|
|
|
|
|
to_value = from_value.astimezone(to_timezone) if not naive else from_value
|
2023-01-16 12:56:12 +01:00
|
|
|
datestring = to_value.strftime("%Y%m%d%H%M%S%z")
|
|
|
|
|
if datestring.endswith("+0000"):
|
|
|
|
|
datestring = datestring.replace("+0000", "Z")
|
2021-03-24 12:40:35 +01:00
|
|
|
return datestring
|
2019-06-13 19:15:13 +02:00
|
|
|
|
2021-05-19 19:19:57 +02:00
|
|
|
|
2021-05-26 11:55:16 +02:00
|
|
|
def format_date(value, from_timezone=None, to_timezone=None, naive=True):
|
2021-03-24 12:40:35 +01:00
|
|
|
"""
|
|
|
|
|
Convert datetime.date object to LDAP date string
|
|
|
|
|
|
|
|
|
|
:param value: The datetime.date object to convert
|
|
|
|
|
:param from_timezone: The timezone used if datetime.datetime object is naive (no tzinfo)
|
|
|
|
|
(optional, default : server local timezone)
|
|
|
|
|
:param to_timezone: The timezone used in LDAP (optional, default : UTC)
|
2023-01-16 12:56:12 +01:00
|
|
|
:param naive: Use naive datetime : do not handle timezone conversion before
|
2024-03-15 09:52:23 +01:00
|
|
|
formatting and return datetime as UTC (because LDAP required a
|
2023-01-16 12:56:12 +01:00
|
|
|
timezone)
|
2021-03-24 12:40:35 +01:00
|
|
|
"""
|
2023-01-16 12:56:12 +01:00
|
|
|
assert isinstance(
|
|
|
|
|
value, datetime.date
|
|
|
|
|
), f"First parameter must be an datetime.date object (not {type(value)})"
|
|
|
|
|
return format_datetime(
|
|
|
|
|
datetime.datetime.combine(value, datetime.datetime.min.time()),
|
|
|
|
|
from_timezone,
|
|
|
|
|
to_timezone,
|
|
|
|
|
naive,
|
|
|
|
|
)
|
