Change rdn handling to base dn resetting

account_helper/models.py

@@ -7,7 +7,7 @@ class Realm(models.Model):
     name = models.CharField(max_length=200, unique=True)
     email = models.EmailField(blank=True, null=True)
     admin_group = models.ForeignKey(Group, models.PROTECT, blank=True, null=True)
-    ldap_rdn_org = models.CharField(max_length=400, unique=True)
+    ldap_base_dn = models.CharField(max_length=400, unique=True)
 
     def __str__(self):
         return f'{self.name} - {self.ldap_rdn_org}'

account_manager/forms.py

@@ -5,7 +5,6 @@ from .models import LdapUser, LdapGroup
 
 
 class AddLDAPUserForm(forms.Form):
-    rdn = forms.ModelChoiceField(queryset=LdapUserRDN.objects.all())
     username = forms.CharField(label='Nutzername', max_length=400)
     first_name = forms.CharField(label='Vorname', max_length=400)
     last_name = forms.CharField(label='Nachname', max_length=400)
@@ -13,21 +12,21 @@ class AddLDAPUserForm(forms.Form):
 
 
 class AddLDAPGroupForm(forms.Form):
-    rdn = forms.ModelChoiceField(queryset=LdapGroupRDN.objects.all())
     name = forms.CharField(label='name', max_length=400)
+    # TODO show only allowed user
     members = forms.ModelMultipleChoiceField(widget=forms.CheckboxSelectMultiple, queryset=LdapUser.objects.all())
 
 
 class RealmAddForm(forms.Form):
     name = forms.CharField(label='Bereichsname', max_length=200)
-    ldap_rdn_org = forms.CharField(label='LDAP OU Pfad',
+    ldap_base_dn = forms.CharField(label='LDAP Base DN',
-                                   help_text='Angabe des Pfads zur Organisation, die die Ordnungseinheiten people und groups enthält. Ohne Routdn. Besipiel: "ou=people, ou=fs_wiai, ou=fachschaften, dc=stuve, dc=de" => ou=fs_wiai, ou=fachschaften, dc=stuve',
+                                   help_text='TODO',
                                    max_length=200)
 
 
 class RealmUpdateForm(forms.Form):
-    ldap_rdn_org = forms.CharField(label='LDAP OU Pfad',
+    ldap_base_dn = forms.CharField(label='LDAP Base DN',
-                                   help_text='Angabe des Pfads zur Organisation, die die Ordnungseinheiten people und groups enthält. Ohne Routdn. Besipiel: "ou=people, ou=fs_wiai, ou=fachschaften, dc=stuve, dc=de" => ou=fs_wiai, ou=fachschaften, dc=stuve',
+                                   help_text='TODO',
                                    max_length=200)
     name = forms.CharField(label='Bereichsname', max_length=200)
     email = forms.EmailField(label='E-Mail', required=False)

account_manager/models.py

@@ -9,13 +9,14 @@ class LdapUser(Model):
     Class for representing an LDAP user entry.
     """
     # LDAP meta-data
+    ROOT_DN = "dc=stuve,dc=de"
     base_dn = "dc=stuve,dc=de"
     object_classes = ['inetOrgPerson']
     last_modified = ldap_fields.DateTimeField(db_column='modifyTimestamp', blank=True)
 
     # inetOrgPerson
     username = ldap_fields.CharField(db_column='uid', primary_key=True)
-    rdn = ''
+    # rdn = ''
     password = ldap_fields.CharField(db_column='userPassword')
     first_name = ldap_fields.CharField(db_column='cn', blank=True)
     last_name = ldap_fields.CharField(db_column='sn', blank=True)
@@ -24,17 +25,17 @@ class LdapUser(Model):
     mobile_phone = ldap_fields.CharField(db_column='mobile', blank=True)
     photo = ldap_fields.ImageField(db_column='jpegPhoto')
 
-    def __init__(self, *args, **kwargs):
+    # def __init__(self, *args, **kwargs):
-        self.rdn = kwargs.get('rdn', None)
+    #     self.rdn = kwargs.get('rdn', None)
-        if self.rdn:
+    #     if self.rdn:
-            del kwargs['rdn']
+    #         del kwargs['rdn']
-        super().__init__(*args, **kwargs)
+    #     super().__init__(*args, **kwargs)
-
+    #
-    def build_dn(self):
+    # def build_dn(self):
-        """
+    #     """
-        Build the Distinguished Name for this entry.
+    #     Build the Distinguished Name for this entry.
-        """
+    #     """
-        return "%s,%s,%s" % (self.build_rdn(), self.rdn, self.base_dn)
+    #     return "%s,%s,%s" % (self.build_rdn(), self.rdn, self.base_dn)
 
     def __str__(self):
         return self.username
@@ -48,25 +49,26 @@ class LdapGroup(Model):
     Class for representing an LDAP group entry.
     """
     # LDAP meta-data
+    ROOT_DN = "dc=stuve,dc=de"
     base_dn = "dc=stuve,dc=de"
     object_classes = ['groupOfNames']
 
     # posixGroup attributes
-    rdn = ''
+    # rdn = ''
     name = ldap_fields.CharField(db_column='cn', max_length=200, primary_key=True)
     members = ldap_fields.ListField(db_column='member')
 
-    def __init__(self, *args, **kwargs):
+    # def __init__(self, *args, **kwargs):
-        self.rdn = kwargs.get('rdn', None)
+    #     self.rdn = kwargs.get('rdn', None)
-        if self.rdn:
+    #     if self.rdn:
-            del kwargs['rdn']
+    #         del kwargs['rdn']
-        super().__init__(*args, **kwargs)
+    #     super().__init__(*args, **kwargs)
-
+    #
-    def build_dn(self):
+    # def build_dn(self):
-        """
+    #     """
-        Build the Distinguished Name for this entry.
+    #     Build the Distinguished Name for this entry.
-        """
+    #     """
-        return "%s,%s,%s" % (self.build_rdn(), self.rdn, self.base_dn)
+    #     return "%s,%s,%s" % (self.build_rdn(), self.rdn, self.base_dn)
 
     def __str__(self):
         return self.name

account_manager/urls.py

@@ -4,10 +4,13 @@ from . import views
 urlpatterns = [
     path('realm/', views.realm, name='realm-home'),
     path('realm/<int:id>/', views.realm_detail, name='realm-detail'),
-    path('realm/<int:id>/user/', views.realm_user, name='realm-user-list'),
+    path('realm/<int:id>/users/', views.realm_user, name='realm-user-list'),
     path('realm/<int:id>/groups/', views.realm_groups, name='realm-group-list'),
     path('realm/<int:id>/update/', views.realm_update, name='realm-update'),
 
+    path('realm/<int:realm_id>/user/', views.user_add, name='realm-user-add'),
+    path('realm/<int:realm_id>/group/', views.group_add, name='realm-group-add'),
+
     path('user/list/', views.userlist, name='user-list'),
     path('user/get/<str:dn>/', views.user_detail, name='user'),
 

account_manager/views.py

@@ -37,14 +37,14 @@ def realm_detail(request, id):
 def realm_update(request, id):
     if request.user.is_superuser:
         realm_obj = Realm.objects.get(id=id)
-        data = {'id': realm_obj.id, 'ldap_rdn_org': realm_obj.ldap_rdn_org, 'name': realm_obj.name,
+        data = {'id': realm_obj.id, 'ldap_base_dn': realm_obj.ldap_base_dn, 'name': realm_obj.name,
                 'email': realm_obj.email,
                 'admin_group': realm_obj.admin_group}
         if request.method == 'POST':
             form = RealmUpdateForm(request.POST)
             if form.is_valid():
                 realm_obj.name = form.cleaned_data['name']
-                realm_obj.ldap_rdn_org = form.cleaned_data['ldap_rdn_org']
+                realm_obj.ldap_base_dn = form.cleaned_data['ldap_base_dn']
                 realm_obj.email = form.cleaned_data['email']
 
                 admin_ldap_group = form.cleaned_data['admin_group']
@@ -61,20 +61,21 @@ def realm_update(request, id):
 
 def realm_user(request, id):
     realm_obj = Realm.objects.get(id=id)
-    dn = f'uid=*,ou=people,{realm_obj.ldap_rdn_org},{LdapUser.base_dn}'
+    LdapUser.base_dn = realm_obj.ldap_base_dn
-    realm_users = LdapUser.objects.filter(dn=dn)
+    realm_users = LdapUser.objects.all()
     return render(request, 'realm/realm_user.jinja2', {'realm': realm_obj, 'realm_user': realm_users})
 
 
 def realm_groups(request, id):
     realm_obj = Realm.objects.get(id=id)
-    dn = f'ou=groups,{realm_obj.ldap_rdn_org},{LdapUser.base_dn}'
+    LdapGroup.base_dn = realm_obj.ldap_base_dn
-    LdapGroup.base_dn = dn
     realm_groups_obj = LdapGroup.objects.all()
     return render(request, 'realm/realm_groups.jinja2', {'realm': realm_obj, 'realm_groups': realm_groups_obj})
 
 
 def userlist(request):
+    LdapUser.base_dn = LdapUser.ROOT_DN
+    LdapGroup.base_dn = LdapGroup.ROOT_DN
     user = LdapUser.objects.all()
     groups = LdapGroup.objects.all()
     context = {'users': user, 'groups': groups}
@@ -88,28 +89,28 @@ def user_detail(request, dn):
     return render(request, 'user/user_detail.jinja2', context)
 
 
-def user_add(request):
+def user_add(request, realm_id):
+    realm_obj = Realm.objects.get(id=realm_id)
     # if this is a POST request we need to process the form data
     if request.method == 'POST':
         # create a form instance and populate it with data from the request:
         form = AddLDAPUserForm(request.POST)
         # check whether it's valid:
         if form.is_valid():
-            rdn = form.cleaned_data['rdn']
             username = form.cleaned_data['username']
             password = form.cleaned_data['password']
             first_name = form.cleaned_data['first_name']
             last_name = form.cleaned_data['last_name']
-            LdapUser.objects.create(rdn=rdn, username=username,
+            LdapUser.base_dn = realm_obj.ldap_base_dn
+            LdapUser.objects.create(username=username,
                                     password=password, first_name=first_name,
                                     last_name=last_name, )
-            return redirect('user-list')
+            return redirect('realm-user-list', realm_id)
 
     # if a GET (or any other method) we'll create a blank form
     else:
         form = AddLDAPUserForm()
-
+    return render(request, 'user/user_add.jinja2', {'form': form, 'realm': realm_obj})
-    return render(request, 'user/user_add.jinja2', {'form': form})
 
 
 def group_detail(request, dn):
@@ -118,22 +119,23 @@ def group_detail(request, dn):
     return render(request, 'user/group_detail.jinja2', context)
 
 
-def group_add(request):
+def group_add(request, realm_id):
+    realm_obj = Realm.objects.get(id=realm_id)
     # if this is a POST request we need to process the form data
     if request.method == 'POST':
         # create a form instance and populate it with data from the request:
         form = AddLDAPGroupForm(request.POST)
         # check whether it's valid:
         if form.is_valid():
-            rdn = form.cleaned_data['rdn']
             name = form.cleaned_data['name']
             members = form.cleaned_data['members']
             members = [member.dn for member in members]
-            LdapGroup.objects.create(rdn=rdn, name=name, members=members)
+            LdapGroup.base_dn = realm_obj.ldap_base_dn
-            return redirect('user-list')
+            LdapGroup.objects.create(name=name, members=members)
+            return redirect('realm-group-list', realm_id)
 
     # if a GET (or any other method) we'll create a blank form
     else:
         form = AddLDAPGroupForm()
 
-    return render(request, 'group/group_add.jinja2', {'form': form})
+    return render(request, 'group/group_add.jinja2', {'form': form, 'realm': realm_obj})

templates/group/group_add.jinja2

@@ -1,4 +1,4 @@
-<form action="{{ url('group-add') }}" method="post">
+<form action="{{ url('realm-group-add', args=[realm.id]) }}" method="post">
     <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
     {{ form.as_p() }}
     <input type="submit" value="Submit">

templates/realm/realm_detailed.jinja2

@@ -3,7 +3,7 @@
     <a href="{{ url('user-add') }}">Nutzer anlegen</a> | <a href="{{ url('group-add') }}">Gruppe anlegen</a>
     <h1>Bereich {{ realm.name }}</h1>
     <h2>Bereich Info</h2>
-    <p>LDAP OU: {{ realm.ldap_rdn_org }}</p>
+    <p>LDAP OU: {{ realm.ldap_base_dn }}</p>
     <p>Email: {{ realm.email }}</p>
     <p>Admin Gruppe: {{ realm.admin_group }}</p>
 
@@ -11,11 +11,11 @@
         <h2><a href="{{ url('realm-update', args=[realm.id]) }}">Bereichsinformationen anpassen</a></h2>
     {% endblock %}
 
-
+    <h2><a href="{{ url('realm-user-add', args=[realm.id]) }}">Nutzer hinzufügen</a></h2>
     {% block user_content %}
         <h2><a href="{{ url('realm-user-list', args=[realm.id]) }}">Nutzer</a></h2>
     {% endblock %}
-
+    <h2><a href="{{ url('realm-group-add', args=[realm.id]) }}">Gruppen hinzufügen</a></h2>
     {% block groups_content %}
         <h2><a href="{{ url('realm-group-list', args=[realm.id]) }}">Gruppen</a></h2>
     {% endblock %}

templates/realm/realm_groups.jinja2

@@ -5,11 +5,11 @@
     {% for group in realm_groups %}
         <h3>{{ group.name }}</h3>
         <p>DN: {{ group.dn }}</p>
-        <p>Nutzername: {{ group.name }}</p>
+{#        <p>Nutzername: {{ group.name }}</p>#}
-        <h2>Mitglieder</h2>
+{#        <h2>Mitglieder</h2>#}
-        {% for user in group.members %}
+{#        {% for user in group.members %}#}
-            <p>{{ user }}</p>
+{#            <p>{{ user }}</p>#}
-        {% endfor %}
+{#        {% endfor %}#}
         <hr>
     {% endfor %}
 {% endblock %}

templates/user/user_add.jinja2

@@ -1,4 +1,4 @@
-<form action="{{ url('user-add') }}" method="post">
+<form action="{{ url('realm-user-add', args=[realm.id]) }}" method="post">
     <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
     {{ form.as_p() }}
     <input type="submit" value="Submit">