feat: Add basic function to create ldap account

This commit is contained in:
aldrin 2021-05-19 12:38:17 +02:00
parent 7bf70c933b
commit d75ae86409
4 changed files with 49 additions and 23 deletions

View file

@ -1,6 +1,5 @@
from django.contrib import admin from django.contrib import admin
from django.contrib.auth.admin import UserAdmin
from userausfall.models import User from userausfall.models import User
admin.site.register(User, UserAdmin) admin.site.register(User)

21
userausfall/ldap.py Normal file
View file

@ -0,0 +1,21 @@
from django.conf import settings
from ldap3 import Server, Connection, SYNC
def create_account(username, raw_password):
server = Server("localhost")
# The SAFE_SYNC client strategy doesn't seem to be present in Buster version of ldap3. We might want to use it as
# soon as it is available (multithreading).
connection = Connection(
server,
settings.USERAUSFALL_LDAP["ADMIN_USER_DN"],
settings.USERAUSFALL_LDAP["ADMIN_USER_PASSWORD"],
client_strategy=SYNC,
auto_bind=True,
)
is_success = connection.add(
f"cn={username},dc=local",
["simpleSecurityObject", "organizationalRole"],
{"userPassword": raw_password},
)
return is_success

View file

@ -6,6 +6,18 @@ from django.db import models
from django.utils import timezone from django.utils import timezone
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from userausfall import ldap
class MissingUserAttribute(Exception):
"""The user object is missing a required attribute."""
pass
class PasswordMismatch(Exception):
"""The given password does not match the user's password."""
pass
class UserManager(BaseUserManager): class UserManager(BaseUserManager):
use_in_migrations = True use_in_migrations = True
@ -51,22 +63,12 @@ class User(AbstractBaseUser, PermissionsMixin):
}, },
blank=True, blank=True,
) )
first_name = models.CharField(_('first name'), max_length=30, blank=True)
last_name = models.CharField(_('last name'), max_length=150, blank=True)
email = models.EmailField(_('email address'), unique=True, blank=True) email = models.EmailField(_('email address'), unique=True, blank=True)
is_staff = models.BooleanField( is_staff = models.BooleanField(
_('staff status'), _('staff status'),
default=False, default=False,
help_text=_('Designates whether the user can log into this admin site.'), help_text=_('Designates whether the user can log into this admin site.'),
) )
is_active = models.BooleanField(
_('active'),
default=True,
help_text=_(
'Designates whether this user should be treated as active. '
'Unselect this instead of deleting accounts.'
),
)
date_joined = models.DateTimeField(_('date joined'), default=timezone.now) date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
confidant = models.ForeignKey("User", on_delete=models.SET_NULL, null=True) confidant = models.ForeignKey("User", on_delete=models.SET_NULL, null=True)
@ -87,17 +89,16 @@ class User(AbstractBaseUser, PermissionsMixin):
def get_confidant_email(self): def get_confidant_email(self):
return "" return ""
def get_full_name(self):
"""
Return the first_name plus the last_name, with a space in between.
"""
full_name = '%s %s' % (self.first_name, self.last_name)
return full_name.strip()
def get_short_name(self):
"""Return the short name for the user."""
return self.first_name
def email_user(self, subject, message, from_email=None, **kwargs): def email_user(self, subject, message, from_email=None, **kwargs):
"""Send an email to this user.""" """Send an email to this user."""
send_mail(subject, message, from_email, [self.email], **kwargs) send_mail(subject, message, from_email, [self.email], **kwargs)
def create_ldap_account(self, raw_password):
"""Create the LDAP account which corresponds to this user."""
if not self.username:
raise MissingUserAttribute("User is missing a username.")
if not self.confidant:
raise MissingUserAttribute("User is missing a confirmed confidant.")
if not self.check_password(raw_password):
raise PasswordMismatch("The given password does not match the user's password.")
return ldap.create_account(self.username, raw_password)

View file

@ -149,3 +149,8 @@ REST_FRAMEWORK = {
'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.SessionAuthentication',
), ),
} }
USERAUSFALL_LDAP = {
'ADMIN_USER_DN': 'cn=admin,dc=local',
'ADMIN_USER_PASSWORD': os.environ.get('USERAUSFALL_LDAP_PASSWORD'),
}