YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

ldap: having to repeat the base dn everytime we call search() is boring and inconsistent with other methods, let's use relative dns instead

Browse source
This commit is contained in:
Alexandre Aubin 2022-01-11 17:10:07 +01:00
parent a118a5a132
commit ea6500ebfd
6 changed files with 17 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/domain.py
View file

@ -69,7 +69,7 @@ def domain_list(exclude_subdomains=False):
result = [ result = [
entry["virtualdomain"][0] entry["virtualdomain"][0]
for entry in ldap.search( for entry in ldap.search(
"ou=domains,dc=yunohost,dc=org", "virtualdomain=*", ["virtualdomain"] "ou=domains", "virtualdomain=*", ["virtualdomain"]
) )
] ]

4
src/permission.py
View file

@ -58,7 +58,7 @@ def user_permission_list(
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
permissions_infos = ldap.search( permissions_infos = ldap.search(
"ou=permission,dc=yunohost,dc=org", "ou=permission",
"(objectclass=permissionYnh)", "(objectclass=permissionYnh)",
[ [
"cn", "cn",
@ -408,7 +408,7 @@ def permission_create(
# Validate uniqueness of permission in LDAP # Validate uniqueness of permission in LDAP
if ldap.get_conflict( if ldap.get_conflict(
{"cn": permission}, base_dn="ou=permission,dc=yunohost,dc=org" {"cn": permission}, base_dn="ou=permission"
): ):
raise YunohostValidationError("permission_already_exist", permission=permission) raise YunohostValidationError("permission_already_exist", permission=permission)

2
src/ssh.py
View file

@ -172,7 +172,7 @@ def _get_user_for_ssh(username, attrs=None):
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
user = ldap.search( user = ldap.search(
"ou=users,dc=yunohost,dc=org", "ou=users",
"(&(objectclass=person)(uid=%s))" % username, "(&(objectclass=person)(uid=%s))" % username,
attrs, attrs,
) )

6
src/tests/test_permission.py
View file

@ -236,17 +236,17 @@ def check_LDAP_db_integrity():
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
user_search = ldap.search( user_search = ldap.search(
"ou=users,dc=yunohost,dc=org", "ou=users",
"(&(objectclass=person)(!(uid=root))(!(uid=nobody)))", "(&(objectclass=person)(!(uid=root))(!(uid=nobody)))",
["uid", "memberOf", "permission"], ["uid", "memberOf", "permission"],
) )
group_search = ldap.search( group_search = ldap.search(
"ou=groups,dc=yunohost,dc=org", "ou=groups",
"(objectclass=groupOfNamesYnh)", "(objectclass=groupOfNamesYnh)",
["cn", "member", "memberUid", "permission"], ["cn", "member", "memberUid", "permission"],
) )
permission_search = ldap.search( permission_search = ldap.search(
"ou=permission,dc=yunohost,dc=org", "ou=permission",
"(objectclass=permissionYnh)", "(objectclass=permissionYnh)",
["cn", "groupPermission", "inheritPermission", "memberUid"], ["cn", "groupPermission", "inheritPermission", "memberUid"],
) )

14
src/user.py
View file

@ -111,7 +111,7 @@ def user_list(fields=None):
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
result = ldap.search( result = ldap.search(
"ou=users,dc=yunohost,dc=org", "ou=users",
"(&(objectclass=person)(!(uid=root))(!(uid=nobody)))", "(&(objectclass=person)(!(uid=root))(!(uid=nobody)))",
attrs, attrs,
) )
@ -233,7 +233,7 @@ def user_create(
} }
# If it is the first user, add some aliases # If it is the first user, add some aliases
if not ldap.search(base="ou=users,dc=yunohost,dc=org", filter="uid=*"): if not ldap.search(base="ou=users", filter="uid=*"):
attr_dict["mail"] = [attr_dict["mail"]] + aliases attr_dict["mail"] = [attr_dict["mail"]] + aliases
try: try:
@ -377,7 +377,7 @@ def user_update(
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
attrs_to_fetch = ["givenName", "sn", "mail", "maildrop"] attrs_to_fetch = ["givenName", "sn", "mail", "maildrop"]
result = ldap.search( result = ldap.search(
base="ou=users,dc=yunohost,dc=org", base="ou=users",
filter="uid=" + username, filter="uid=" + username,
attrs=attrs_to_fetch, attrs=attrs_to_fetch,
) )
@ -538,7 +538,7 @@ def user_info(username):
else: else:
filter = "uid=" + username filter = "uid=" + username
result = ldap.search("ou=users,dc=yunohost,dc=org", filter, user_attrs) result = ldap.search("ou=users", filter, user_attrs)
if result: if result:
user = result[0] user = result[0]
@ -938,7 +938,7 @@ def user_group_list(short=False, full=False, include_primary_groups=True):
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
groups_infos = ldap.search( groups_infos = ldap.search(
"ou=groups,dc=yunohost,dc=org", "ou=groups",
"(objectclass=groupOfNamesYnh)", "(objectclass=groupOfNamesYnh)",
["cn", "member", "permission"], ["cn", "member", "permission"],
) )
@ -989,7 +989,7 @@ def user_group_create(
# Validate uniqueness of groupname in LDAP # Validate uniqueness of groupname in LDAP
conflict = ldap.get_conflict( conflict = ldap.get_conflict(
{"cn": groupname}, base_dn="ou=groups,dc=yunohost,dc=org" {"cn": groupname}, base_dn="ou=groups"
) )
if conflict: if conflict:
raise YunohostValidationError("group_already_exist", group=groupname) raise YunohostValidationError("group_already_exist", group=groupname)
@ -1204,7 +1204,7 @@ def user_group_info(groupname):
# Fetch info for this group # Fetch info for this group
result = ldap.search( result = ldap.search(
"ou=groups,dc=yunohost,dc=org", "ou=groups",
"cn=" + groupname, "cn=" + groupname,
["cn", "member", "permission"], ["cn", "member", "permission"],
) )

4
src/utils/ldap.py
View file

@ -140,6 +140,8 @@ class LDAPInterface:
""" """
if not base: if not base:
base = self.basedn base = self.basedn
else:
base = base + "," + self.basedn
try: try:
result = self.con.search_s(base, ldap.SCOPE_SUBTREE, filter, attrs) result = self.con.search_s(base, ldap.SCOPE_SUBTREE, filter, attrs)
@ -241,7 +243,7 @@ class LDAPInterface:
""" """
dn = rdn + "," + self.basedn dn = rdn + "," + self.basedn
actual_entry = self.search(base=dn, attrs=None) actual_entry = self.search(rdn, attrs=None)
ldif = modlist.modifyModlist(actual_entry[0], attr_dict, ignore_oldexistent=1) ldif = modlist.modifyModlist(actual_entry[0], attr_dict, ignore_oldexistent=1)
if ldif == []: if ldif == []: