mgoetz/ldap_account_manager
Archived
2
2
Fork 0
Code Issues 9 Pull Requests Releases 2 Wiki Activity

Change rdn handling to base dn resetting

Browse Source
This commit is contained in:
Götz 2019-03-29 04:12:19 +01:00
parent f74ff77ac7
commit 875890f958
9 changed files with 65 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
account_helper/models.py
View File

@ -7,7 +7,7 @@ class Realm(models.Model):
name = models.CharField(max_length=200, unique=True)
email = models.EmailField(blank=True, null=True)
admin_group = models.ForeignKey(Group, models.PROTECT, blank=True, null=True)
ldap_rdn_org = models.CharField(max_length=400, unique=True)
ldap_base_dn = models.CharField(max_length=400, unique=True)
def __str__(self):
return f'{self.name} - {self.ldap_rdn_org}'

11
account_manager/forms.py
View File

@ -5,7 +5,6 @@ from .models import LdapUser, LdapGroup
class AddLDAPUserForm(forms.Form):
rdn = forms.ModelChoiceField(queryset=LdapUserRDN.objects.all())
username = forms.CharField(label='Nutzername', max_length=400)
first_name = forms.CharField(label='Vorname', max_length=400)
last_name = forms.CharField(label='Nachname', max_length=400)
@ -13,21 +12,21 @@ class AddLDAPUserForm(forms.Form):
class AddLDAPGroupForm(forms.Form):
rdn = forms.ModelChoiceField(queryset=LdapGroupRDN.objects.all())
name = forms.CharField(label='name', max_length=400)
# TODO show only allowed user
members = forms.ModelMultipleChoiceField(widget=forms.CheckboxSelectMultiple, queryset=LdapUser.objects.all())
class RealmAddForm(forms.Form):
name = forms.CharField(label='Bereichsname', max_length=200)
ldap_rdn_org = forms.CharField(label='LDAP OU Pfad',
help_text='Angabe des Pfads zur Organisation, die die Ordnungseinheiten people und groups enthält. Ohne Routdn. Besipiel: "ou=people, ou=fs_wiai, ou=fachschaften, dc=stuve, dc=de" => ou=fs_wiai, ou=fachschaften, dc=stuve',
ldap_base_dn = forms.CharField(label='LDAP Base DN',
help_text='TODO',
max_length=200)
class RealmUpdateForm(forms.Form):
ldap_rdn_org = forms.CharField(label='LDAP OU Pfad',
help_text='Angabe des Pfads zur Organisation, die die Ordnungseinheiten people und groups enthält. Ohne Routdn. Besipiel: "ou=people, ou=fs_wiai, ou=fachschaften, dc=stuve, dc=de" => ou=fs_wiai, ou=fachschaften, dc=stuve',
ldap_base_dn = forms.CharField(label='LDAP Base DN',
help_text='TODO',
max_length=200)
name = forms.CharField(label='Bereichsname', max_length=200)
email = forms.EmailField(label='E-Mail', required=False)

50
account_manager/models.py
View File

@ -9,13 +9,14 @@ class LdapUser(Model):
Class for representing an LDAP user entry.
"""
# LDAP meta-data
ROOT_DN = "dc=stuve,dc=de"
base_dn = "dc=stuve,dc=de"
object_classes = ['inetOrgPerson']
last_modified = ldap_fields.DateTimeField(db_column='modifyTimestamp', blank=True)
# inetOrgPerson
username = ldap_fields.CharField(db_column='uid', primary_key=True)
rdn = ''
# rdn = ''
password = ldap_fields.CharField(db_column='userPassword')
first_name = ldap_fields.CharField(db_column='cn', blank=True)
last_name = ldap_fields.CharField(db_column='sn', blank=True)
@ -24,17 +25,17 @@ class LdapUser(Model):
mobile_phone = ldap_fields.CharField(db_column='mobile', blank=True)
photo = ldap_fields.ImageField(db_column='jpegPhoto')
def __init__(self, *args, **kwargs):
self.rdn = kwargs.get('rdn', None)
if self.rdn:
del kwargs['rdn']
super().__init__(*args, **kwargs)
def build_dn(self):
"""
Build the Distinguished Name for this entry.
"""
return "%s,%s,%s" % (self.build_rdn(), self.rdn, self.base_dn)
# def __init__(self, *args, **kwargs):
# self.rdn = kwargs.get('rdn', None)
# if self.rdn:
# del kwargs['rdn']
# super().__init__(*args, **kwargs)
#
# def build_dn(self):
# """
# Build the Distinguished Name for this entry.
# """
# return "%s,%s,%s" % (self.build_rdn(), self.rdn, self.base_dn)
def __str__(self):
return self.username
@ -48,25 +49,26 @@ class LdapGroup(Model):
Class for representing an LDAP group entry.
"""
# LDAP meta-data
ROOT_DN = "dc=stuve,dc=de"
base_dn = "dc=stuve,dc=de"
object_classes = ['groupOfNames']
# posixGroup attributes
rdn = ''
# rdn = ''
name = ldap_fields.CharField(db_column='cn', max_length=200, primary_key=True)
members = ldap_fields.ListField(db_column='member')
def __init__(self, *args, **kwargs):
self.rdn = kwargs.get('rdn', None)
if self.rdn:
del kwargs['rdn']
super().__init__(*args, **kwargs)
def build_dn(self):
"""
Build the Distinguished Name for this entry.
"""
return "%s,%s,%s" % (self.build_rdn(), self.rdn, self.base_dn)
# def __init__(self, *args, **kwargs):
# self.rdn = kwargs.get('rdn', None)
# if self.rdn:
# del kwargs['rdn']
# super().__init__(*args, **kwargs)
#
# def build_dn(self):
# """
# Build the Distinguished Name for this entry.
# """
# return "%s,%s,%s" % (self.build_rdn(), self.rdn, self.base_dn)
def __str__(self):
return self.name

5
account_manager/urls.py
View File

@ -4,10 +4,13 @@ from . import views
urlpatterns = [
path('realm/', views.realm, name='realm-home'),
path('realm/<int:id>/', views.realm_detail, name='realm-detail'),
path('realm/<int:id>/user/', views.realm_user, name='realm-user-list'),
path('realm/<int:id>/users/', views.realm_user, name='realm-user-list'),
path('realm/<int:id>/groups/', views.realm_groups, name='realm-group-list'),
path('realm/<int:id>/update/', views.realm_update, name='realm-update'),
path('realm/<int:realm_id>/user/', views.user_add, name='realm-user-add'),
path('realm/<int:realm_id>/group/', views.group_add, name='realm-group-add'),
path('user/list/', views.userlist, name='user-list'),
path('user/get/<str:dn>/', views.user_detail, name='user'),

36
account_manager/views.py
View File

@ -37,14 +37,14 @@ def realm_detail(request, id):
def realm_update(request, id):
if request.user.is_superuser:
realm_obj = Realm.objects.get(id=id)
data = {'id': realm_obj.id, 'ldap_rdn_org': realm_obj.ldap_rdn_org, 'name': realm_obj.name,
data = {'id': realm_obj.id, 'ldap_base_dn': realm_obj.ldap_base_dn, 'name': realm_obj.name,
'email': realm_obj.email,
'admin_group': realm_obj.admin_group}
if request.method == 'POST':
form = RealmUpdateForm(request.POST)
if form.is_valid():
realm_obj.name = form.cleaned_data['name']
realm_obj.ldap_rdn_org = form.cleaned_data['ldap_rdn_org']
realm_obj.ldap_base_dn = form.cleaned_data['ldap_base_dn']
realm_obj.email = form.cleaned_data['email']
admin_ldap_group = form.cleaned_data['admin_group']
@ -61,20 +61,21 @@ def realm_update(request, id):
def realm_user(request, id):
realm_obj = Realm.objects.get(id=id)
dn = f'uid=*,ou=people,{realm_obj.ldap_rdn_org},{LdapUser.base_dn}'
realm_users = LdapUser.objects.filter(dn=dn)
LdapUser.base_dn = realm_obj.ldap_base_dn
realm_users = LdapUser.objects.all()
return render(request, 'realm/realm_user.jinja2', {'realm': realm_obj, 'realm_user': realm_users})
def realm_groups(request, id):
realm_obj = Realm.objects.get(id=id)
dn = f'ou=groups,{realm_obj.ldap_rdn_org},{LdapUser.base_dn}'
LdapGroup.base_dn = dn
LdapGroup.base_dn = realm_obj.ldap_base_dn
realm_groups_obj = LdapGroup.objects.all()
return render(request, 'realm/realm_groups.jinja2', {'realm': realm_obj, 'realm_groups': realm_groups_obj})
def userlist(request):
LdapUser.base_dn = LdapUser.ROOT_DN
LdapGroup.base_dn = LdapGroup.ROOT_DN
user = LdapUser.objects.all()
groups = LdapGroup.objects.all()
context = {'users': user, 'groups': groups}
@ -88,28 +89,28 @@ def user_detail(request, dn):
return render(request, 'user/user_detail.jinja2', context)
def user_add(request):
def user_add(request, realm_id):
realm_obj = Realm.objects.get(id=realm_id)
# if this is a POST request we need to process the form data
if request.method == 'POST':
# create a form instance and populate it with data from the request:
form = AddLDAPUserForm(request.POST)
# check whether it's valid:
if form.is_valid():
rdn = form.cleaned_data['rdn']
username = form.cleaned_data['username']
password = form.cleaned_data['password']
first_name = form.cleaned_data['first_name']
last_name = form.cleaned_data['last_name']
LdapUser.objects.create(rdn=rdn, username=username,
LdapUser.base_dn = realm_obj.ldap_base_dn
LdapUser.objects.create(username=username,
password=password, first_name=first_name,
last_name=last_name, )
return redirect('user-list')
return redirect('realm-user-list', realm_id)
# if a GET (or any other method) we'll create a blank form
else:
form = AddLDAPUserForm()
return render(request, 'user/user_add.jinja2', {'form': form})
return render(request, 'user/user_add.jinja2', {'form': form, 'realm': realm_obj})
def group_detail(request, dn):
@ -118,22 +119,23 @@ def group_detail(request, dn):
return render(request, 'user/group_detail.jinja2', context)
def group_add(request):
def group_add(request, realm_id):
realm_obj = Realm.objects.get(id=realm_id)
# if this is a POST request we need to process the form data
if request.method == 'POST':
# create a form instance and populate it with data from the request:
form = AddLDAPGroupForm(request.POST)
# check whether it's valid:
if form.is_valid():
rdn = form.cleaned_data['rdn']
name = form.cleaned_data['name']
members = form.cleaned_data['members']
members = [member.dn for member in members]
LdapGroup.objects.create(rdn=rdn, name=name, members=members)
return redirect('user-list')
LdapGroup.base_dn = realm_obj.ldap_base_dn
LdapGroup.objects.create(name=name, members=members)
return redirect('realm-group-list', realm_id)
# if a GET (or any other method) we'll create a blank form
else:
form = AddLDAPGroupForm()
return render(request, 'group/group_add.jinja2', {'form': form})
return render(request, 'group/group_add.jinja2', {'form': form, 'realm': realm_obj})

2
templates/group/group_add.jinja2
View File

@ -1,4 +1,4 @@
<form action="{{ url('group-add') }}" method="post">
<form action="{{ url('realm-group-add', args=[realm.id]) }}" method="post">
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
{{ form.as_p() }}
<input type="submit" value="Submit">

6
templates/realm/realm_detailed.jinja2
View File

@ -3,7 +3,7 @@
<a href="{{ url('user-add') }}">Nutzer anlegen</a> | <a href="{{ url('group-add') }}">Gruppe anlegen</a>
<h1>Bereich {{ realm.name }}</h1>
<h2>Bereich Info</h2>
<p>LDAP OU: {{ realm.ldap_rdn_org }}</p>
<p>LDAP OU: {{ realm.ldap_base_dn }}</p>
<p>Email: {{ realm.email }}</p>
<p>Admin Gruppe: {{ realm.admin_group }}</p>
@ -11,11 +11,11 @@
<h2><a href="{{ url('realm-update', args=[realm.id]) }}">Bereichsinformationen anpassen</a></h2>
{% endblock %}
<h2><a href="{{ url('realm-user-add', args=[realm.id]) }}">Nutzer hinzufügen</a></h2>
{% block user_content %}
<h2><a href="{{ url('realm-user-list', args=[realm.id]) }}">Nutzer</a></h2>
{% endblock %}
<h2><a href="{{ url('realm-group-add', args=[realm.id]) }}">Gruppen hinzufügen</a></h2>
{% block groups_content %}
<h2><a href="{{ url('realm-group-list', args=[realm.id]) }}">Gruppen</a></h2>
{% endblock %}

10
templates/realm/realm_groups.jinja2
View File

@ -5,11 +5,11 @@
{% for group in realm_groups %}
<h3>{{ group.name }}</h3>
<p>DN: {{ group.dn }}</p>
<p>Nutzername: {{ group.name }}</p>
<h2>Mitglieder</h2>
{% for user in group.members %}
<p>{{ user }}</p>
{% endfor %}
{# <p>Nutzername: {{ group.name }}</p>#}
{# <h2>Mitglieder</h2>#}
{# {% for user in group.members %}#}
{# <p>{{ user }}</p>#}
{# {% endfor %}#}
<hr>
{% endfor %}
{% endblock %}

2
templates/user/user_add.jinja2
View File

@ -1,4 +1,4 @@
<form action="{{ url('user-add') }}" method="post">
<form action="{{ url('realm-user-add', args=[realm.id]) }}" method="post">
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
{{ form.as_p() }}
<input type="submit" value="Submit">