mgoetz/ldap_account_manager
Archived
2
2
Fork 0
Code Issues 9 Pull Requests Releases 2 Wiki Activity

Implement delete command

Browse Source
This commit is contained in:
Götz 2019-05-16 00:56:58 +02:00
parent 815fff4094
commit f453d5745c
5 changed files with 30 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/account_helper/admin.py
View File

@ -1,6 +1,6 @@
from django.contrib import admin from django.contrib import admin
from .models import Realm from .models import Realm, DeletedUser
# Register your models here. # Register your models here.
admin.site.register(Realm) admin.site.register(Realm)
# admin.site.register(DeletedUser) admin.site.register(DeletedUser)

14
src/account_helper/management/commands/deletable.py
View File

@ -23,22 +23,22 @@ class Command(BaseCommand):
) )
def handle(self, *args, **options): def handle(self, *args, **options):
deletables = DeletedUser.objects.filter(deletion_date__lte=timezone.now() + timezone.timedelta(+16)) deletables = DeletedUser.objects.filter(deletion_date__lte=timezone.now())
output = "" output = ""
if options['json']: if options['json']:
django_serialized = serializers.serialize('json', deletables) json_output = {'deletables': []}
output = json.dumps({'deletables': json.loads(django_serialized)}) for deletable in deletables:
json_output['deletables'].append({'ldap_dn': deletable.ldap_dn, 'username': deletable.user.username})
output = json.dumps(json_output)
else: else:
for user in deletables: for user in deletables:
output += f'{user}\n' output += f'{user}\n'
if options['delete']: if options['delete']:
LdapUser.base_dn = LdapUser.ROOT_DN
for user in deletables: for user in deletables:
# LdapGroup.base_dn = LdapGroup.ROOT_DN
# user_groups = LdapGroup.objects.filter(members__contains=user.ldap_dn)
LdapUser.base_dn = LdapUser.ROOT_DN
ldap_user = LdapUser.objects.get(dn=user.ldap_dn) ldap_user = LdapUser.objects.get(dn=user.ldap_dn)
LdapGroup.remove_user_from_groups(ldap_user) LdapGroup.remove_user_from_groups(ldap_user.dn)
ldap_user.delete() ldap_user.delete()
try: try:
user.user.delete() user.user.delete()

13
src/account_helper/models.py
View File

@ -14,3 +14,16 @@ class Realm(models.Model):
def __str__(self): def __str__(self):
return f'{self.name} - {self.ldap_base_dn}' return f'{self.name} - {self.ldap_base_dn}'
def get_deletion_time():
return timezone.now() + timezone.timedelta(+14)
class DeletedUser(models.Model):
deletion_marker_date = models.DateField(auto_now_add=True)
user = models.ForeignKey(User, on_delete=models.CASCADE)
ldap_dn = models.CharField(max_length=512, unique=True)
deletion_date = models.DateField(default=get_deletion_time)
def __str__(self):
return f'{self.user.username} - {self.deletion_marker_date} - {self.deletion_date} - {self.ldap_dn}'

15
src/account_manager/models.py
View File

@ -6,6 +6,7 @@ from datetime import datetime, timedelta
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist from django.core.exceptions import ObjectDoesNotExist
from django.db import OperationalError
from django.db.models import Q from django.db.models import Q
from ldap import NO_SUCH_OBJECT, ALREADY_EXISTS from ldap import NO_SUCH_OBJECT, ALREADY_EXISTS
from ldapdb.models import fields as ldap_fields from ldapdb.models import fields as ldap_fields
@ -16,6 +17,8 @@ from account_manager.utils.mail_utils import send_welcome_mail
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
import ldap
class LdapUser(Model): class LdapUser(Model):
""" """
@ -132,17 +135,13 @@ class LdapGroup(Model):
return LdapGroup.objects.filter(members=user.dn) return LdapGroup.objects.filter(members=user.dn)
@staticmethod @staticmethod
def remove_user_from_groups(ldap_user, user_groups=None): def remove_user_from_groups(ldap_user_dn, user_groups=None):
if not user_groups: if not user_groups:
LdapGroup.base_dn = LdapGroup.ROOT_DN LdapGroup.base_dn = LdapGroup.ROOT_DN
user_groups = LdapGroup.objects.filter(members__contains=ldap_user.dn) user_groups = LdapGroup.objects.filter(members__contains=ldap_user_dn)
for group in user_groups: for group in user_groups:
logger.info(group.members) LdapGroup.base_dn = re.compile('cn=([a-zA-Z0-9_-]*),(ou=[a-zA-Z_]*.*)').match(group.dn).group(2)
logger.info(ldap_user) group.members.remove(ldap_user_dn)
group.members.remove(ldap_user.dn)
logger.info(group)
# logger.info(get_filterstr(group))
# LdapGroup.base_dn = 'cn=uiuiui,ou=groups,ou=wiai,ou=fachschaften,dc=test,dc=de'
group.save() group.save()
def __str__(self): def __str__(self):

2
src/account_manager/views/user_views.py
View File

@ -13,7 +13,7 @@ from django.shortcuts import render, redirect
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from ldap import ALREADY_EXISTS, OBJECT_CLASS_VIOLATION from ldap import ALREADY_EXISTS, OBJECT_CLASS_VIOLATION
from account_helper.models import Realm from account_helper.models import Realm, DeletedUser
from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \ from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \
UserGroupListForm UserGroupListForm
from account_manager.main_views import is_realm_admin from account_manager.main_views import is_realm_admin