From: Frank Brehm Date: Fri, 12 Jan 2018 09:59:56 +0000 (+0100) Subject: Made admin group configurable X-Git-Tag: 0.1.2~52 X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=fa677e08c3e1654b7ef4c6a0ff1ed6b5d0753c40;p=pixelpark%2Fadmin-tools.git Made admin group configurable --- diff --git a/etc/check-dnsui-users.ini.default b/etc/check-dnsui-users.ini.default index c8f965d..a30b847 100644 --- a/etc/check-dnsui-users.ini.default +++ b/etc/check-dnsui-users.ini.default @@ -11,29 +11,31 @@ # The LDAP Server name or address # maybe multiple hosts as a comma separated list -host = ldap.pixelpark.com +#host = ldap.pixelpark.com # The (UDP) port on the LDAP server # default 389 for ldap:// and 636 for ldaps:// -port = 389 +#port = 389 # Use SSL/TLS for communication with the LDAP server (ldaps://) # Boolean value -ssl = False +#ssl = False # Base DN for all subtree searches -base_dn = o=isp +#base_dn = o=isp # The DN to use to authenticate against the LDAP server (binding) -bind_dn = uid=Solaris_NSS,ou=Unix NSS,ou=Applications,o=pixelpark,o=isp +#bind_dn = uid=Solaris_NSS,ou=Unix NSS,ou=Applications,o=pixelpark,o=isp # The password of the latter Bind-DN # Note: there is no default value for the password, it HAS to be configured #bind_pw = .nss.pro # Timeout in seconds for all LDAP operations -timeout = 5 +#timeout = 5 +# The LDAP-Group, where all administrators are listed +#admin_group = cn=Administratoren Pixelpark Berlin [database] ; Connection details to the Postgres database diff --git a/pp_lib/dnsui_users.py b/pp_lib/dnsui_users.py index 368202f..df96f76 100644 --- a/pp_lib/dnsui_users.py +++ b/pp_lib/dnsui_users.py @@ -13,6 +13,7 @@ import logging import logging.config import textwrap import socket +import re # Third party modules # from ldap3 import ObjectDef, AttrDef, Reader, Writer @@ -24,7 +25,7 @@ from .common import pp from .ldap_app import PpLdapAppError, PpLdapApplication -__version__ = '0.3.2' +__version__ = '0.3.3' LOG = logging.getLogger(__name__) @@ -48,6 +49,8 @@ class DnsuiUsersApp(PpLdapApplication): default_db_db = 'dnsui' default_db_user = 'pdnsadm' + re_ldap_node = re.compile(r'^\s*[a-z]+[a-z0-9]*\s*=\s*\S+', re.IGNORECASE) + # ------------------------------------------------------------------------- def __init__(self, appname=None, version=__version__): @@ -95,9 +98,35 @@ class DnsuiUsersApp(PpLdapApplication): LOG.debug("Checking config section {!r} ...".format(section_name)) section = self.cfg[section_name] + if section_name.lower() == 'ldap': + self.do_admin_group_config(section_name, section) + if section_name.lower() in ('db', 'database'): self.do_db_cfg(section_name, section) + # ------------------------------------------------------------------------- + def do_admin_group_config(self, section_name, section): + + if self.verbose > 2: + LOG.debug("Evaluating config section {n!r}:\n{s}".format( + n=section_name, s=pp(section))) + + if not 'admin_group' in section: + return + + admin_group = str(section['admin_group']).strip() + if not admin_group: + msg = "Empty value {v!r} for admin group in {s}/admin_group given.".format( + s=section_name, v=section['admin_group']) + raise DnsuiUsersError(msg) + + if not self.re_ldap_node.match(admin_group): + msg = "Invalid value {v!r} for admin group in {s}/admin_group given.".format( + s=section_name, v=section['admin_group']) + raise DnsuiUsersError(msg) + + self.admin_group = admin_group + # ------------------------------------------------------------------------- def do_db_cfg(self, section_name, section):