From eae089bfadb738feb60395164fea3806842dadad Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Tue, 6 Sep 2022 17:51:58 +0200 Subject: [PATCH] Starting with connecting to LDAP servers --- bin/remove-ldap-user | 2 +- lib/pp_admintools/app/ldap.py | 102 +++++++++++++++++++++- lib/pp_admintools/app/remove_ldap_user.py | 7 +- requirements.txt | 1 + 4 files changed, 109 insertions(+), 3 deletions(-) diff --git a/bin/remove-ldap-user b/bin/remove-ldap-user index b85ae36..c8dd509 100755 --- a/bin/remove-ldap-user +++ b/bin/remove-ldap-user @@ -58,7 +58,7 @@ app.initialized = True if app.verbose > 2: print("{c}-Object:\n{a}".format(c=app.__class__.__name__, a=app)) -# app() +app() sys.exit(0) diff --git a/lib/pp_admintools/app/ldap.py b/lib/pp_admintools/app/ldap.py index 5f20b71..615032c 100644 --- a/lib/pp_admintools/app/ldap.py +++ b/lib/pp_admintools/app/ldap.py @@ -18,6 +18,14 @@ except ImportError: from pathlib2 import Path # Third party modules +from ldap3 import Server, Connection, DSA, IP_V4_PREFERRED, SAFE_SYNC +# from ldap3 import ALL +# from ldap3 import BASE, LEVEL, SUBTREE, DEREF_NEVER, DEREF_SEARCH, DEREF_BASE, DEREF_ALWAYS +# from ldap3 import ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES +# from ldap3 import MODIFY_ADD, MODIFY_DELETE, MODIFY_REPLACE +# from ldap3.core.exceptions import LDAPInvalidDnError, LDAPInvalidValueError +# from ldap3.core.exceptions import LDAPException, LDAPBindError + from fb_tools.common import pp, to_bool from fb_tools.cfg_app import FbConfigApplication from fb_tools.errors import FbAppError @@ -36,7 +44,7 @@ from ..config.ldap import LdapConnectionInfo, LdapConfiguration # rom ..config.ldap import DEFAULT_PORT_LDAP, DEFAULT_PORT_LDAPS from ..config.ldap import DEFAULT_TIMEOUT, MAX_TIMEOUT -__version__ = '0.2.2' +__version__ = '0.3.1' LOG = logging.getLogger(__name__) _ = XLATOR.gettext @@ -159,6 +167,8 @@ class BaseLdapApplication(FbConfigApplication): self._password_file = None self.ldap_instances = [] self._yes = False + self.ldap_server = {} + self.ldap_connection = {} super(BaseLdapApplication, self).__init__( appname=appname, verbose=verbose, version=version, base_dir=base_dir, @@ -498,6 +508,96 @@ class BaseLdapApplication(FbConfigApplication): if v: default_connection.bind_pw = v + # ------------------------------------------------------------------------- + def __del__(self): + + self.disconnect_all() + + # ------------------------------------------------------------------------- + def pre_run(self): + + LOG.debug(_("Preparations ...")) + super(BaseLdapApplication, self).pre_run() + + LOG.debug(_("Open all necessary LDAP connections ...")) + + for inst in self.ldap_instances: + self.connect_instance(inst) + + # ------------------------------------------------------------------------- + def connect_instance(self, inst): + + connect_info = self.cfg.ldap_connection[inst] + + if self.verbose > 1: + LOG.debug(_("Connecting to LDAP server {} ...").format(connect_info.url)) + + server_opts = {} + if connect_info.use_ldaps: + server_opts['use_ssl'] = True + if connect_info.port != 636: + server_opts['port'] = connect_info.port + else: + server_opts['use_ssl'] = False + if connect_info.port != 389: + server_opts['port'] = connect_info.port + server_opts['get_info'] = DSA + server_opts['mode'] = IP_V4_PREFERRED + server_opts['connect_timeout'] = self.cfg.ldap_timeout + if self.verbose > 1: + msg = _("Connect options to server {!r}:").format(connect_info.url) + msg += ' ' + pp(server_opts) + LOG.debug(msg) + + ldap_server = Server(connect_info.host, **server_opts) + self.ldap_server[inst] = ldap_server + + if self.verbose > 2: + LOG.debug(_("LDAP server {s}: {re}").format(s=ldap_server, re=repr(ldap_server))) + + ldap_connection = Connection( + ldap_server, connect_info.bind_dn, connect_info.bind_pw, + client_strategy=SAFE_SYNC, auto_bind=True) + self.ldap_connection[inst] = ldap_connection + + if self.verbose > 2: + msg = _("Info about LDAP server {}:").format(connect_info.url) + msg += ' ' + repr(ldap_connection) + LOG.debug(msg) + + # ------------------------------------------------------------------------- + def post_run(self): + + LOG.debug(_("Finishing ...")) + super(BaseLdapApplication, self).post_run() + + self.disconnect_all() + + # ------------------------------------------------------------------------- + def disconnect_all(self): + + if len(self.ldap_connection) or len(self.ldap_server): + LOG.debug(_("Disconnecting all remaining LDAP instances ...")) + + for inst in self.ldap_instances: + self.disconnect_instance(inst) + + # ------------------------------------------------------------------------- + def disconnect_instance(self, inst): + + connect_info = self.cfg.ldap_connection[inst] + + if inst in self.ldap_connection: + ldap_connection = self.ldap_connection[inst] + LOG.debug(_("Unbinding from LDAP server {!r} ...").format(connect_info.url)) + ldap_connection.unbind() + ldap_connection = None + del self.ldap_connection[inst] + + if inst in self.ldap_server: + LOG.debug(_("Disconnecting from LDAP server {!r} ...").format(connect_info.url)) + del self.ldap_server[inst] + # ============================================================================= if __name__ == "__main__": diff --git a/lib/pp_admintools/app/remove_ldap_user.py b/lib/pp_admintools/app/remove_ldap_user.py index 3e0257a..5c9677c 100644 --- a/lib/pp_admintools/app/remove_ldap_user.py +++ b/lib/pp_admintools/app/remove_ldap_user.py @@ -20,7 +20,7 @@ from ..xlate import XLATOR from ..app.ldap import LdapAppError from ..app.ldap import BaseLdapApplication -__version__ = '0.2.1' +__version__ = '0.2.2' LOG = logging.getLogger(__name__) _ = XLATOR.gettext @@ -139,6 +139,11 @@ class RemoveLdapUserApplication(BaseLdapApplication): LOG.error(_("No users to remove given.")) self.exit(1) + # ------------------------------------------------------------------------- + def _run(self): + + LOG.info("Jetzt geht es los, mit ganz grossen Schritten ...") + # ============================================================================= if __name__ == "__main__": diff --git a/requirements.txt b/requirements.txt index 6016009..eac245f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,6 +11,7 @@ psutil setuptools hjson toml +ldap3 fb_logging fb_tools fb_pdnstools -- 2.39.5