diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index 7b9bf044e..a3b6bc8cd 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -39,8 +39,6 @@ import apt import apt.progress from moulinette import msettings, msignals, m18n -from moulinette.core import init_authenticator -from yunohost.utils.error import YunohostError from moulinette.utils.log import getActionLogger from moulinette.utils.process import check_output, call_async_output from moulinette.utils.filesystem import read_json, write_to_json @@ -53,6 +51,7 @@ from yunohost.regenconf import regen_conf from yunohost.monitor import monitor_disk, monitor_system from yunohost.utils.packages import ynh_packages_version from yunohost.utils.network import get_public_ip +from yunohost.utils.error import YunohostError from yunohost.log import is_unit_operation, OperationLogger # FIXME this is a duplicate from apps.py @@ -69,25 +68,21 @@ def tools_ldapinit(): """ - # Instantiate LDAP Authenticator - AUTH_IDENTIFIER = ('ldap', 'as-root') - AUTH_PARAMETERS = {'uri': 'ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi', - 'base_dn': 'dc=yunohost,dc=org', - 'user_rdn': 'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'} - auth = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS) - with open('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml') as f: ldap_map = yaml.load(f) + from yunohost.utils.ldap import _get_ldap_interface + ldap = _get_ldap_interface() + for rdn, attr_dict in ldap_map['parents'].items(): try: - auth.add(rdn, attr_dict) + ldap.add(rdn, attr_dict) except Exception as e: logger.warn("Error when trying to inject '%s' -> '%s' into ldap: %s" % (rdn, attr_dict, e)) for rdn, attr_dict in ldap_map['children'].items(): try: - auth.add(rdn, attr_dict) + ldap.add(rdn, attr_dict) except Exception as e: logger.warn("Error when trying to inject '%s' -> '%s' into ldap: %s" % (rdn, attr_dict, e)) @@ -103,7 +98,7 @@ def tools_ldapinit(): 'userPassword': 'yunohost' } - auth.update('cn=admin', admin_dict) + ldap.update('cn=admin', admin_dict) # Force nscd to refresh cache to take admin creation into account subprocess.call(['nscd', '-i', 'passwd']) diff --git a/src/yunohost/utils/ldap.py b/src/yunohost/utils/ldap.py new file mode 100644 index 000000000..f4a5f355c --- /dev/null +++ b/src/yunohost/utils/ldap.py @@ -0,0 +1,40 @@ +# -*- coding: utf-8 -*- + +""" License + + Copyright (C) 2019 YunoHost + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program; if not, see http://www.gnu.org/licenses + +""" + +from moulinette.core import init_authenticator + +# We use a global variable to do some caching +# to avoid re-authenticating in case we call _get_ldap_authenticator multiple times +_ldap_interface = None + +def _get_ldap_interface(): + + global _ldap_interface + + if _ldap_interface is None: + # Instantiate LDAP Authenticator + AUTH_IDENTIFIER = ('ldap', 'as-root') + AUTH_PARAMETERS = {'uri': 'ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi', + 'base_dn': 'dc=yunohost,dc=org', + 'user_rdn': 'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'} + _ldap_interface = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS) + + return _ldap_interface