1
2 """
3 User administration plugin (LDAP extension)
4
5 Copyright 2011 Glencoe Software, Inc. All rights reserved.
6 Use is subject to license terms supplied in LICENSE.txt
7
8 """
9
10 import os
11 import sys
12
13 from omero.cli import BaseControl, CLI, ExceptionHandler
14 from omero.rtypes import unwrap as _
15
16 HELP = """Administrative support for managing users' LDAP settings.
17
18 Most of these commands should be run as an OMERO administrator such
19 as root.
20
21 Examples:
22
23 bin/omero login root
24 bin/omero ldap active
25 bin/omero ldap active || echo "Not active!"
26 bin/omero ldap list
27 bin/omero ldap getdn jack
28 bin/omero ldap getdn beth || echo "No DN"
29 bin/omero ldap setdn jack uid=me,ou=example,o=com
30 bin/omero ldap setdn jack "" # Disables LDAP login.
31 bin/omero ldap discover --commands # Requires "ldap" module
32
33 """
34
35
37
65
67 try:
68 import ldap
69 except:
70 self.ctx.die(155, """Python "ldap" module is not installed""")
71 return ldap
72
74 c = self.ctx.conn(args)
75 ildap= c.sf.getLdapService()
76
77 import omero
78 try:
79 if ildap.getSetting():
80 self.ctx.out("Yes")
81 else:
82 self.ctx.die(1, "No")
83 except omero.SecurityViolation, sv:
84 self.ctx.die(111, "SecurityViolation: Admins only!")
85
86 - def list(self, args):
87 c = self.ctx.conn(args)
88 iadmin = c.sf.getAdminService()
89
90 import omero
91 from omero.rtypes import unwrap
92 from omero.util.text import TableBuilder
93 try:
94
95 list_of_dn_user_maps = unwrap(iadmin.lookupLdapAuthExperimenters())
96 if list_of_dn_user_maps is None:
97 return
98
99 count = 0
100 tb = TableBuilder("#")
101 tb.cols(["Id", "OmeName", "DN"])
102 for map in list_of_dn_user_maps:
103 for dn, id in map.items():
104 try:
105 exp = iadmin.getExperimenter(id)
106 except:
107 self.ctx.err("Bad experimenter: %s" % id)
108
109 tb.row(count, *(id, exp.omeName.val, dn))
110 count += 1
111 self.ctx.out(str(tb.build()))
112
113 except omero.SecurityViolation, sv:
114 self.ctx.die(131, "SecurityViolation: Must be an admin to lists DNs")
115
117 c = self.ctx.conn(args)
118 iadmin = c.sf.getAdminService()
119
120 try:
121 exp = iadmin.lookupExperimenter(args.username)
122 except:
123 self.ctx.die(134, "Unknown user: %s" % args.username)
124
125 dn = iadmin.lookupLdapAuthExperimenter(exp.id.val)
126 if dn is not None and dn.strip():
127 self.ctx.out(dn)
128 else:
129 self.ctx.die(1, dn, newline=False)
130
132 c = self.ctx.conn(args)
133 ildap = c.sf.getLdapService()
134 iadmin = c.sf.getAdminService()
135
136 try:
137 exp = iadmin.lookupExperimenter(args.username)
138 except:
139 self.ctx.die(134, "Unknown user: %s" % args.username)
140
141 import omero
142 try:
143 ildap.setDN(exp.id, args.dn)
144 except omero.SecurityViolation, sv:
145 self.ctx.die(135, "SecurityViolation: Admins only!")
146
148
149 import omero
150 ldap = self.__import_ldap__()
151
152 c = self.ctx.conn(args)
153 iconfig = c.sf.getConfigService()
154 iadmin = c.sf.getAdminService()
155 ildap = c.sf.getLdapService()
156
157 LDAP_PROPERTIES = """
158 omero.ldap.urls
159 omero.ldap.username
160 omero.ldap.password
161 omero.ldap.base
162 omero.ldap.user_filter
163 omero.ldap.user_mapping
164 omero.ldap.group_filter
165 omero.ldap.group_mapping
166 omero.ldap.new_user_group
167 """.split()
168
169 cfg = dict()
170 for key in LDAP_PROPERTIES:
171 cfg[key.split(".")[-1]] = iconfig.getConfigValue(key)
172
173
174 urls = args.urls and args.urls or cfg["urls"]
175 basedn = args.base and args.base or cfg["base"]
176
177 for url in urls.split(","):
178
179 self.ctx.err("Connecting to %s..." % url)
180
181 ld = ldap.initialize(url)
182 ld.simple_bind_s()
183
184 user_filter = cfg["user_filter"]
185 user_mapping = cfg["user_mapping"]
186 user_mapping = user_mapping.split(",")
187 omeName_mapping = None
188 for um in user_mapping:
189 parts = um.split("=")
190 if parts[0] == "omeName":
191 omeName_mapping = parts[1]
192 results = ld.search_s(basedn, ldap.SCOPE_SUBTREE, user_filter)
193 for dn, entry in results:
194 omeName = entry[omeName_mapping]
195 if isinstance(omeName, (list, tuple)):
196 if len(omeName) == 1:
197 omeName = omeName[0]
198 else:
199 self.ctx.err("Failed to unwrap omeName: %s" % omeName)
200 continue
201 try:
202 exp = iadmin.lookupExperimenter(omeName)
203 olddn = iadmin.lookupLdapAuthExperimenter(exp.id.val)
204 except omero.ApiUsageException:
205 continue
206
207 if olddn:
208 if olddn != dn:
209 self.ctx.err("Found different DN for %s: %s" % (omeName, olddn))
210 else:
211 self.ctx.dbg("DN already set for %s: %s" % (omeName, olddn))
212 else:
213 if args.commands:
214 self.ctx.out("%s ldap setdn %s %s" % (sys.argv[0], omeName, dn))
215 else:
216 self.ctx.out("Experimenter:%s\tomeName=%s\t%s" % (exp.id.val, omeName, dn))
217
218
219 try:
220 register("ldap", LdapControl, HELP)
221 except NameError:
222 if __name__ == "__main__":
223 cli = CLI()
224 cli.register("ldap", LdapControl, HELP)
225 cli.invoke(sys.argv[1:])
226