Made admin group configurable

diff --git a/etc/check-dnsui-users.ini.default b/etc/check-dnsui-users.ini.default
index c8f965df6d47494421ac89c6fb7f4f5feb05d143..a30b847cb097819eecaa2fd3b7d7e25a31d09467 100644 (file)
--- a/etc/check-dnsui-users.ini.default
+++ b/etc/check-dnsui-users.ini.default
@@ -11,29 +11,31 @@
 
 # The LDAP Server name or address
 # maybe multiple hosts as a comma separated list
-host = ldap.pixelpark.com
+#host = ldap.pixelpark.com
 
 # The (UDP) port on the LDAP server
 # default 389 for ldap:// and 636 for ldaps://
-port = 389
+#port = 389
 
 # Use SSL/TLS for communication with the LDAP server (ldaps://)
 # Boolean value
-ssl = False
+#ssl = False
 
 # Base DN for all subtree searches
-base_dn = o=isp
+#base_dn = o=isp
 
 # The DN to use to authenticate against the LDAP server (binding)
-bind_dn = uid=Solaris_NSS,ou=Unix NSS,ou=Applications,o=pixelpark,o=isp
+#bind_dn = uid=Solaris_NSS,ou=Unix NSS,ou=Applications,o=pixelpark,o=isp
 
 # The password of the latter Bind-DN
 # Note: there is no default value for the password, it HAS to be configured
 #bind_pw = .nss.pro
 
 # Timeout in seconds for all LDAP operations
-timeout = 5
+#timeout = 5
 
+# The LDAP-Group, where all administrators are listed
+#admin_group = cn=Administratoren Pixelpark Berlin
 
 [database]
 ; Connection details to the Postgres database

diff --git a/pp_lib/dnsui_users.py b/pp_lib/dnsui_users.py
index 368202f703daec79f7453ca29785b7662922c3ad..df96f767e51b45137d4565acbe59c53cd507a330 100644 (file)
--- a/pp_lib/dnsui_users.py
+++ b/pp_lib/dnsui_users.py
@@ -13,6 +13,7 @@ import logging
 import logging.config
 import textwrap
 import socket
+import re
 
 # Third party modules
 # from ldap3 import ObjectDef, AttrDef, Reader, Writer
@@ -24,7 +25,7 @@ from .common import pp
 
 from .ldap_app import PpLdapAppError, PpLdapApplication
 
-__version__ = '0.3.2'
+__version__ = '0.3.3'
 LOG = logging.getLogger(__name__)
 
 
@@ -48,6 +49,8 @@ class DnsuiUsersApp(PpLdapApplication):
     default_db_db = 'dnsui'
     default_db_user = 'pdnsadm'
 
+    re_ldap_node = re.compile(r'^\s*[a-z]+[a-z0-9]*\s*=\s*\S+', re.IGNORECASE)
+
     # -------------------------------------------------------------------------
     def __init__(self, appname=None, version=__version__):
 
@@ -95,9 +98,35 @@ class DnsuiUsersApp(PpLdapApplication):
                 LOG.debug("Checking config section {!r} ...".format(section_name))
             section = self.cfg[section_name]
 
+            if section_name.lower() == 'ldap':
+                self.do_admin_group_config(section_name, section)
+
             if section_name.lower() in ('db', 'database'):
                 self.do_db_cfg(section_name, section)
 
+    # -------------------------------------------------------------------------
+    def do_admin_group_config(self, section_name, section):
+
+        if self.verbose > 2:
+            LOG.debug("Evaluating config section {n!r}:\n{s}".format(
+                n=section_name, s=pp(section)))
+
+        if not 'admin_group' in section:
+            return
+
+        admin_group = str(section['admin_group']).strip()
+        if not admin_group:
+            msg = "Empty value {v!r} for admin group in {s}/admin_group given.".format(
+                s=section_name, v=section['admin_group'])
+            raise DnsuiUsersError(msg)
+
+        if not self.re_ldap_node.match(admin_group):
+            msg = "Invalid value {v!r} for admin group in {s}/admin_group given.".format(
+                s=section_name, v=section['admin_group'])
+            raise DnsuiUsersError(msg)
+
+        self.admin_group = admin_group
+
     # -------------------------------------------------------------------------
     def do_db_cfg(self, section_name, section):