feat: Add basic function to create ldap account

userausfall/admin.py

@@ -1,6 +1,5 @@
 from django.contrib import admin
-from django.contrib.auth.admin import UserAdmin
 
 from userausfall.models import User
 
-admin.site.register(User, UserAdmin)
+admin.site.register(User)

userausfall/ldap.py

@@ -0,0 +1,21 @@
+from django.conf import settings
+from ldap3 import Server, Connection, SYNC
+
+
+def create_account(username, raw_password):
+    server = Server("localhost")
+    # The SAFE_SYNC client strategy doesn't seem to be present in Buster version of ldap3. We might want to use it as
+    # soon as it is available (multithreading).
+    connection = Connection(
+        server,
+        settings.USERAUSFALL_LDAP["ADMIN_USER_DN"],
+        settings.USERAUSFALL_LDAP["ADMIN_USER_PASSWORD"],
+        client_strategy=SYNC,
+        auto_bind=True,
+    )
+    is_success = connection.add(
+        f"cn={username},dc=local",
+        ["simpleSecurityObject", "organizationalRole"],
+        {"userPassword": raw_password},
+    )
+    return is_success

userausfall/models.py

@@ -6,6 +6,18 @@ from django.db import models
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 
+from userausfall import ldap
+
+
+class MissingUserAttribute(Exception):
+    """The user object is missing a required attribute."""
+    pass
+
+
+class PasswordMismatch(Exception):
+    """The given password does not match the user's password."""
+    pass
+
 
 class UserManager(BaseUserManager):
     use_in_migrations = True
@@ -51,22 +63,12 @@ class User(AbstractBaseUser, PermissionsMixin):
         },
         blank=True,
     )
-    first_name = models.CharField(_('first name'), max_length=30, blank=True)
-    last_name = models.CharField(_('last name'), max_length=150, blank=True)
     email = models.EmailField(_('email address'), unique=True, blank=True)
     is_staff = models.BooleanField(
         _('staff status'),
         default=False,
         help_text=_('Designates whether the user can log into this admin site.'),
     )
-    is_active = models.BooleanField(
-        _('active'),
-        default=True,
-        help_text=_(
-            'Designates whether this user should be treated as active. '
-            'Unselect this instead of deleting accounts.'
-        ),
-    )
     date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
     confidant = models.ForeignKey("User", on_delete=models.SET_NULL, null=True)
 
@@ -87,17 +89,16 @@ class User(AbstractBaseUser, PermissionsMixin):
     def get_confidant_email(self):
         return ""
 
-    def get_full_name(self):
-        """
-        Return the first_name plus the last_name, with a space in between.
-        """
-        full_name = '%s %s' % (self.first_name, self.last_name)
-        return full_name.strip()
-
-    def get_short_name(self):
-        """Return the short name for the user."""
-        return self.first_name
-
     def email_user(self, subject, message, from_email=None, **kwargs):
         """Send an email to this user."""
         send_mail(subject, message, from_email, [self.email], **kwargs)
+
+    def create_ldap_account(self, raw_password):
+        """Create the LDAP account which corresponds to this user."""
+        if not self.username:
+            raise MissingUserAttribute("User is missing a username.")
+        if not self.confidant:
+            raise MissingUserAttribute("User is missing a confirmed confidant.")
+        if not self.check_password(raw_password):
+            raise PasswordMismatch("The given password does not match the user's password.")
+        return ldap.create_account(self.username, raw_password)

userausfall/settings.py

@@ -149,3 +149,8 @@ REST_FRAMEWORK = {
         'rest_framework.authentication.SessionAuthentication',
     ),
 }
+
+USERAUSFALL_LDAP = {
+    'ADMIN_USER_DN': 'cn=admin,dc=local',
+    'ADMIN_USER_PASSWORD': os.environ.get('USERAUSFALL_LDAP_PASSWORD'),
+}