Improvements on signup system

It now initializes the LDAP server with O and OU if they don't exist yet Also, move LDAP specific variables added to the configs
author: Theo Chatzimichos <tampakrap@gentoo.org> 2011-06-14 05:29:01 +0300
committer: Theo Chatzimichos <tampakrap@gentoo.org> 2011-06-14 05:29:01 +0300
commit: 7ad86fd32d53236cd19579f68a491649e7dfc4e2 (patch)
tree: 813105abdb41537ed0ef9b0d9e768e09383274d4
parent: Move some gentoo specific fields to the GentooProfile (diff)
download: identity.gentoo.org-7ad86fd32d53236cd19579f68a491649e7dfc4e2.tar.gz
identity.gentoo.org-7ad86fd32d53236cd19579f68a491649e7dfc4e2.tar.bz2
identity.gentoo.org-7ad86fd32d53236cd19579f68a491649e7dfc4e2.zip
5 files changed, 155 insertions, 65 deletions
diff --git a/settings/90-development.sample b/settings/90-development.sample
index f0ee0aa..efbfeea 100644
--- a/settings/90-development.sample
+++ b/settings/90-development.sample
@@ -78,11 +78,38 @@ LOGGING = {
     }
 }
 
+# Choose the appropriate User Profile Class
+# Options are:
+#  - accounts.UserProfile (the generic one)
+#  - accounts.GentooProfile (Gentoo specific)
+#  - accounts.KDEProfile (KDE specific)
+AUTH_PROFILE_MODULE = 'accounts.UserProfile'
+
+
 # LDAP specific variables
 
 # The URI of the LDAP server
 LDAP_SERVER_URI = 'ldap://ldap.example.com'
 
+# Name of the Organization, and its objectClasses
+# This will be used for LDAP initialization
+LDAP_O_NAME = {
+    'dc=example,dc=com': ['organization', 'dcObject'],
+}
+
+# List of OU's, and their objectClasses. These will
+# be used in LDAP initialization and also in LDAP
+# queries, eg to search for a user
+# The first one is also the BASE_DN for new users
+LDAP_OU_LIST = {
+    'ou=users,dc=example,dc=com': ['organizationalUnit'],
+    'ou=developers,dc=example,dc=com': ['organizationalUnit'],
+}
+
+# For ease of use, create a list of the objectclasses based
+# on the above
+LDAP_BASE_DN = LDAP_OU_LIST.keys()
+
 # The system needs either an anon (minimal-privileged) user
 # to perform basic searches, in case anon queries are not
 # applicable.
@@ -93,14 +120,12 @@ LDAP_ANON_USER_PW = 'password'
 LDAP_ADMIN_USER_DN = 'cn=Manager,dc=example,dc=com'
 LDAP_ADMIN_USER_PW = 'password'
 
-# Multiple OU's are supported
-LDAP_BASE_DN = ['ou=users,dc=example,dc=com', 'ou=developers,dc=example,dc=com']
-
 # The prefix of the attrs, such as cn or uid
 LDAP_BASE_ATTR = 'uid'
 
 # The basic LDAP data, also required by the Django DB
 LDAP_USER_ATTR_MAP = {
+    'username': 'uid',
     'first_name': 'givenName',
     'last_name': 'sn',
     'email': 'mail',
@@ -108,5 +133,38 @@ LDAP_USER_ATTR_MAP = {
 
 # Additional data, that can be mapped by the Django
 # user profile
-#LDAP_PROFILE_ATTR_MAP = {
-#}
-\ No newline at end of file
+LDAP_PROFILE_ATTR_MAP = {
+    'cn': 'cn',
+    'all_mails': 'mail',
+    'gecos': 'gecos',
+    'ssh_public_key': 'sshPublicKey',
+#    Gentoo specific variables
+#    'gentoo_roles': 'gentooRoles',
+#    'gentoo_access': 'gentooAccess',
+#    'gentoo_location': 'gentooLocation',
+#    'gentoo_status': 'gentooStatus',
+#    'lat': 'lat',
+#    'lon': 'lon',
+#    'gpg_fingerprint': 'gpgfingerprint',
+#    'gpg_key': 'gpgkey',
+#     KDE specific variables
+#
+#
+}
+
+# The attribute which has the groups that the user is part of
+LDAP_ACL_ATTR = 'groupAccess'
+
+# Various groups and the equivalent booleans in UserProfile
+LDAP_ACL_GROUPS = {
+    'infra-ldapadmin.group': 'is_infra',
+    'devrel.group': 'is_devrel',
+    'recruiters.group': 'is_recruiter',
+    'trustees.group': 'is_trustee',
+    'docs.group': 'is_docs',
+    'security.group': 'is_security',
+    'pr.group': 'is_pr',
+}
+
+# List of objectClasses, used in user creation
+LDAP_NEW_USER_OBJECTCLASS = ['person', 'top', 'posixAccount']
+\ No newline at end of file
diff --git a/settings/90-production.sample b/settings/90-production.sample
index f8590ec..0fcba2b 100644
--- a/settings/90-production.sample
+++ b/settings/90-production.sample
@@ -85,11 +85,31 @@ LOGGING = {
 #  - accounts.KDEProfile (KDE specific)
 AUTH_PROFILE_MODULE = 'accounts.UserProfile'
 
+
 # LDAP specific variables
 
 # The URI of the LDAP server
 LDAP_SERVER_URI = 'ldap://ldap.example.com'
 
+# Name of the Organization, and its objectClasses
+# This will be used for LDAP initialization
+LDAP_O_NAME = {
+    'dc=example,dc=com': ['organization', 'dcObject'],
+}
+
+# List of OU's, and their objectClasses. These will
+# be used in LDAP initialization and also in LDAP
+# queries, eg to search for a user
+# The first one is also the BASE_DN for new users
+LDAP_OU_LIST = {
+    'ou=users,dc=example,dc=com': ['organizationalUnit'],
+    'ou=developers,dc=example,dc=com': ['organizationalUnit'],
+}
+
+# For ease of use, create a list of the objectclasses based
+# on the above
+LDAP_BASE_DN = LDAP_OU_LIST.keys()
+
 # The system needs either an anon (minimal-privileged) user
 # to perform basic searches, in case anon queries are not
 # applicable.
@@ -100,9 +120,6 @@ LDAP_ANON_USER_PW = 'password'
 LDAP_ADMIN_USER_DN = 'cn=Manager,dc=example,dc=com'
 LDAP_ADMIN_USER_PW = 'password'
 
-# Multiple OU's are supported
-LDAP_BASE_DN = ['ou=users,dc=example,dc=com', 'ou=developers,dc=example,dc=com']
-
 # The prefix of the attrs, such as cn or uid
 LDAP_BASE_ATTR = 'uid'
 
@@ -121,16 +138,18 @@ LDAP_PROFILE_ATTR_MAP = {
     'all_mails': 'mail',
     'gecos': 'gecos',
     'ssh_public_key': 'sshPublicKey',
-    'gpg_fingerprint': 'gpgfingerprint',
-    'gpg_key': 'gpgkey',
-    'lat': 'lat',
-    'lon': 'lon',
-#     Gentoo specific variables
-#     'gentoo_roles': 'gentooRoles',
-#     'gentoo_access': 'gentooAccess',
-#     'gentoo_location': 'gentooLocation',
-#     'gentoo_status': 'gentooStatus',
+#    Gentoo specific variables
+#    'gentoo_roles': 'gentooRoles',
+#    'gentoo_access': 'gentooAccess',
+#    'gentoo_location': 'gentooLocation',
+#    'gentoo_status': 'gentooStatus',
+#    'lat': 'lat',
+#    'lon': 'lon',
+#    'gpg_fingerprint': 'gpgfingerprint',
+#    'gpg_key': 'gpgkey',
 #     KDE specific variables
+#
+#
 }
 
 # The attribute which has the groups that the user is part of
@@ -145,4 +164,7 @@ LDAP_ACL_GROUPS = {
     'docs.group': 'is_docs',
     'security.group': 'is_security',
     'pr.group': 'is_pr',
-}
-\ No newline at end of file
+}
+
+# List of objectClasses, used in user creation
+LDAP_NEW_USER_OBJECTCLASS = ['person', 'top', 'posixAccount']
+\ No newline at end of file
diff --git a/signup/forms.py b/signup/forms.py
index c2e310d..cec486a 100644
--- a/signup/forms.py
+++ b/signup/forms.py
@@ -6,4 +6,6 @@ class SignupForm(forms.Form):
     email = forms.EmailField(max_length = 100, label = 'Email: ')
     username = forms.CharField(max_length = 100, label = 'Username:')
     password1 = forms.CharField(max_length = 100, widget = forms.PasswordInput(), label = 'Password:')
-    password2 = forms.CharField(max_length = 100, widget = forms.PasswordInput(), label = 'Verify Password:')
-\ No newline at end of file
+    password2 = forms.CharField(max_length = 100, widget = forms.PasswordInput(), label = 'Verify Password:')
+
+
diff --git a/signup/views.py b/signup/views.py
index 138829d..af30c0c 100644
--- a/signup/views.py
+++ b/signup/views.py
@@ -2,7 +2,9 @@ from django.conf import settings
 from djago.template import RequestContext
 from django.shortcuts import render_to_response
 from okupy.libraries.encryption import sha1Password
+from okupy.libraries.ldap_q import *
 from okupy.signup.forms import SignupForm
+import ldap.modlist as modlist
 
 '''
 Global dictionary to initialize
@@ -32,56 +34,56 @@ def checkDuplicates(request):
     Check if the username or email already exist
     in the LDAP server
     '''
-    l = ldap.initialize(settings.LDAP_SERVER_URI)
-    '''
-    The following is run in case a TLS connection
-    is requested
-    '''
-    try:
-        if settings.LDAP_TLS:
-            l.set_option(ldap.OPT_X_TLS_DEMAND, True)
-            l.start_tls_s()
-    except:
-        pass
-    '''
-    Perform LDAP query to check for duplicates
-    '''
-    try:
-        if settings.LDAP_ANON_USER_DN:
-            l.simple_bind_s(
-                settings.LDAP_ANON_USER_DN,
-                settings.LDAP_ANON_USER_PW,
-            )
-    except ImportError, AttributeError:
-        pass
-    except ldap.INVALID_CREDENTIALS:
-        # log 'anon account is invalid'
-        return False
-
-    for ldap_base_dn in settings.LDAP_BASE_DN:
-        for attribute in username, email:
-            results = l.search_s(ldap_base_dn,
-                                ldap.SCOPE_SUBTREE,
-                                '(%s=%s)' % (settings.LDAP_BASE_ATTR, attribute),
-                                ['*'])
-        '''
-        Since there is ability to search in multiple OU's
-        (eg ou=developers and ou=users), if there is a result
-        available, the for loop should break
-        '''
-        try:
-            if results:
-                break
-        except AttributeError:
-            pass
-    l.unbind_s()
+    attributes = ['username', 'email']
+    results = ldap_search(attributes)
     if not results:
         return True
     else:
         return False
 
-#def addDataToLDAP(request):
-#    todo
+def addDataToLDAP(request):
+    global credentials
+    attrs = {
+        'objectclass': settings.LDAP_NEW_USER_OBJECTCLASS,
+        'uid': [credentials['username']],
+        'sn': [credentials['last_name']],
+        'givenName': [credentials['last_name']],
+        'email': [credentials['email']],
+    }
+    l = ldap_bind(settings.LDAP_ADMIN_USER_DN, settings.LDAP_ADMIN_USER_PW)
+    try:
+        if l:
+            ldif = modlist.addModlist(attrs)
+            try:
+                l.add_s('uid=%s,%s' % (credentials['username'], settings.LDAP_BASE_DN[0]), ldif)
+            except:
+                init_attrs_o = {
+                    'objectClass': settings.LDAP_O_NAME.values()[0],
+                    'dn': settings.LDAP_O_NAME.keys(),
+                    'dc': [settings.LDAP_O_NAME.keys()[0].split('=')[1].split(',')[0]],
+                    'o': [''.join(settings.LDAP_O_NAME.keys()[0].split('dc=')).replace(',', '.')],
+                }
+                ldif1 = modlist.addModlist(init_attrs_o)
+                try:
+                    l.add_s(init_attrs_o['o'][0], ldif1)
+                except:
+                    pass
+                
+                for key, value in settings.LDAP_OU_LIST.iteritems():
+                    init_attrs_ou = {
+                        'dn': [key],
+                        'objectClass': [value],
+                        'ou': [key.split('=')[1].split(',')[0]],
+                    }
+                    ldif2 = modlist.addModlist(init_attrs_ou)
+                    try:
+                        l.add_s(init_attrs_ou['ou'][0], ldif2)
+                    except:
+                        pass
+            l.unbind_s()
+    except AttributeError:
+        # log invalid root credentials
+        pass
 
 def signup(request):
     global credentials
@@ -100,7 +102,7 @@ def signup(request):
                 credentials['email'] = request.POST.get('email')
             else:
                 msg = 'User already exists'
-            # addDataToLDAP
+            addDataToLDAP
     else:
          form = SignupForm()
     return render_to_response(
diff --git a/templates/signup.html b/templates/signup.html
new file mode 100644
index 0000000..4408cba
--- /dev/null
+++ b/templates/signup.html
@@ -0,0 +1,6 @@
+<form action="." method="post">{% csrf_token %}
+    {% for field in form %}
+        {{ field.label_tag }}{{ field }}
+    {% endfor %}
+    <input class="button" type="submit" value="signup">
+</form>
+\ No newline at end of file
author	Theo Chatzimichos <tampakrap@gentoo.org>	2011-06-14 05:29:01 +0300
committer	Theo Chatzimichos <tampakrap@gentoo.org>	2011-06-14 05:29:01 +0300
commit	7ad86fd32d53236cd19579f68a491649e7dfc4e2 (patch)
tree	813105abdb41537ed0ef9b0d9e768e09383274d4
parent	Move some gentoo specific fields to the GentooProfile (diff)
download	identity.gentoo.org-7ad86fd32d53236cd19579f68a491649e7dfc4e2.tar.gz identity.gentoo.org-7ad86fd32d53236cd19579f68a491649e7dfc4e2.tar.bz2 identity.gentoo.org-7ad86fd32d53236cd19579f68a491649e7dfc4e2.zip