summaryrefslogtreecommitdiffstats
path: root/pykolab/auth/ldap/__init__.py
diff options
context:
space:
mode:
authorPaul Boddie <paul@boddie.org.uk>2014-08-06 17:48:26 +0200
committerPaul Boddie <paul@boddie.org.uk>2014-08-06 17:48:26 +0200
commitfee17e6f7a5fa995f7d77c7822e3ed1f2f8bffb5 (patch)
treeb401d3b6c748c09895ec4f0a887f3f2f0cdb6e0d /pykolab/auth/ldap/__init__.py
parente0e89b980b8671eabf682cd83efc603775048228 (diff)
parenta8555e3e8789fd02b7d5749ea4fc51b84e57285f (diff)
downloadpykolab-fee17e6f7a5fa995f7d77c7822e3ed1f2f8bffb5.tar.gz
Merge branch 'master' of git://git.kolab.org/git/pykolab into dev/boddiedev/boddie
Conflicts: conf/kolab.conf po/POTFILES.in pykolab/auth/ldap/__init__.py pykolab/auth/ldap/cache.py pykolab/cli/cmd_rename_mailbox.py pykolab/imap/__init__.py pykolab/imap/cyrus.py pykolab/wap_client/__init__.py pykolab/xml/event.py
Diffstat (limited to 'pykolab/auth/ldap/__init__.py')
-rw-r--r--pykolab/auth/ldap/__init__.py113
1 files changed, 77 insertions, 36 deletions
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index d36f7f6..5fd337e 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -416,7 +416,7 @@ class LDAP(pykolab.base.Base):
if entry[folderacl_entry_attribute] is not None:
# Parse it before assigning it
- entry['kolabmailfolderaclentry'] = []
+ entry['kolabfolderaclentry'] = []
if not isinstance(entry[folderacl_entry_attribute], list):
entry[folderacl_entry_attribute] = [ entry[folderacl_entry_attribute] ]
@@ -427,11 +427,15 @@ class LDAP(pykolab.base.Base):
log.debug(_("Found a subject %r with access %r") % (aci_subject, acl_access), level=8)
access_lookup_dict = {
+ 'all': 'lrsedntxakcpiw',
+ 'append': 'wip',
+ 'full': 'lrswipkxtecdn',
'read': 'lrs',
+ 'read-only': 'lrs',
+ 'read-write': 'lrswitedn',
'post': 'p',
- 'append': 'wip',
+ 'semi-full': 'lrswit',
'write': 'lrswite',
- 'all': 'lrsedntxakcpiw'
}
if access_lookup_dict.has_key(acl_access):
@@ -439,9 +443,9 @@ class LDAP(pykolab.base.Base):
log.debug(_("Found a subject %r with access %r") % (aci_subject, acl_access), level=8)
- entry['kolabmailfolderaclentry'].append("(%r, %r, %r)" % (folder_path, aci_subject, acl_access))
+ entry['kolabfolderaclentry'].append("(%r, %r, %r)" % (folder_path, aci_subject, acl_access))
- self.init_entry_attribute(entry, 'kolabmailfolderaclentry')
+ self.init_entry_attribute(entry, 'kolabfolderaclentry')
def get_folder_path(self, entry):
"""
@@ -1187,7 +1191,7 @@ class LDAP(pykolab.base.Base):
"""
pass
- def _change_add_sharedfolder(self, entry, change):
+ def _change_add_sharedfolder(self, entry, change, modify=False):
"""
An entry of type sharedfolder was added.
"""
@@ -1235,11 +1239,15 @@ class LDAP(pykolab.base.Base):
folder_path,
entry['kolabfoldertype']
)
+ elif modify:
+ self.imap.set_acl(folder_path, 'anyone', '')
- if entry.get('kolabmailfolderaclentry'):
+ if entry.get('kolabfolderaclentry'):
self.imap._set_kolab_mailfolder_acls(
- entry['kolabmailfolderaclentry']
+ entry['kolabfolderaclentry']
)
+ else:
+ self.imap.set_acl(folder_path, 'anyone', '')
if entry.get(delivery_address_attribute):
self.imap.set_acl(folder_path, 'anyone', '+p')
@@ -1374,7 +1382,7 @@ class LDAP(pykolab.base.Base):
success = True
for _type in ['user','group','role','sharedfolder']:
try:
- eval("self._change_delete_%s(entry, change)" % (_type))
+ eval("success = self._change_delete_%s(entry, change)" % (_type))
except:
success = False
@@ -1467,8 +1475,8 @@ class LDAP(pykolab.base.Base):
def _change_modify_role(self, entry, change):
pass
- # A shared folder was modified.
- _change_modify_sharedfolder = _change_add_sharedfolder
+ def _change_modify_sharedfolder(self, entry, change):
+ self._change_add_sharedfolder(entry, change, modify=True)
def _change_modify_user(self, entry, change):
"""
@@ -1575,7 +1583,18 @@ class LDAP(pykolab.base.Base):
self.init_entry_attribute(entry, 'kolabfoldertype')
- #self.init_entry_attribute(entry, 'kolabmailfolderaclentry')
+ folderacl_entry_attribute = conf.get('ldap', 'folderacl_entry_attribute')
+ if folderacl_entry_attribute is None:
+ folderacl_entry_attribute = 'acl'
+
+ if not entry.has_key(folderacl_entry_attribute):
+ entry['kolabfolderaclentry'] = self.get_entry_attribute(
+ entry['id'],
+ folderacl_entry_attribute
+ )
+ else:
+ entry['kolabfolderaclentry'] = entry[folderacl_entry_attribute]
+ del entry[folderacl_entry_attribute]
folder_path = self.get_folder_path(entry)
@@ -1588,11 +1607,33 @@ class LDAP(pykolab.base.Base):
entry['kolabfoldertype']
)
- if entry.get('kolabmailfolderaclentry'):
+ if entry.get('kolabfolderaclentry'):
+
+ if isinstance(entry['kolabfolderaclentry'], basestring):
+ entry['kolabfolderaclentry'] = [ entry['kolabfolderaclentry'] ]
+
+ import copy
+ _acls = copy.deepcopy(entry['kolabfolderaclentry'])
+ entry['kolabfolderaclentry'] = []
+
+ for _entry in _acls:
+ if _entry[0] == "(":
+ entry['kolabfolderaclentry'].append(_entry)
+ continue
+
+ s,r = [x.strip() for x in _entry.split(',')]
+
+ entry['kolabfolderaclentry'].append("('%s', '%s', '%s')" % (folder_path, s, r))
+
self.imap._set_kolab_mailfolder_acls(
- entry['kolabmailfolderaclentry']
+ entry['kolabfolderaclentry']
)
+ elif entry['kolabfolderaclentry'] in [None,[]]:
+ for ace in self.imap.list_acls(folder_path):
+ aci_subject = ace.split()[0]
+ self.imap.set_acl(folder_path, aci_subject, '')
+
delivery_address_attribute = self.config_get('sharedfolder_delivery_address_attribute')
if entry.get(delivery_address_attribute):
self.imap.set_acl(folder_path, 'anyone', '+p')
@@ -1766,16 +1807,17 @@ class LDAP(pykolab.base.Base):
else:
return _type
- def _find_user_dn(self, login, realm):
+ def _find_user_dn(self, login, kolabuser=False):
"""
- Find the distinguished name (DN) for an entry in LDAP.
+ Find the distinguished name (DN) for a (Kolab) user entry in LDAP.
"""
+ conf_prefix = 'kolab_' if kolabuser else ''
domain_root_dn = self._kolab_domain_root_dn(self.domain)
- base_dn = self.config_get('user_base_dn')
- if base_dn is None:
- base_dn = self.config_get('base_dn')
+ user_base_dn = self.config_get(conf_prefix + 'user_base_dn')
+ if user_base_dn is None:
+ user_base_dn = self.config_get('base_dn')
auth_attrs = self.config_get_list('auth_attributes')
@@ -1783,18 +1825,21 @@ class LDAP(pykolab.base.Base):
for auth_attr in auth_attrs:
auth_search_filter.append('(%s=%s)' % (auth_attr,login))
- auth_search_filter.append(
- '(%s=%s@%s)' % (
- auth_attr,
- login,
- self.domain
- )
- )
+ if not '@' in login:
+ auth_search_filter.append(
+ '(%s=%s@%s)' % (
+ auth_attr,
+ login,
+ self.domain
+ )
+ )
auth_search_filter.append(')')
auth_search_filter = ''.join(auth_search_filter)
+ user_filter = self.config_get(conf_prefix + 'user_filter')
+
search_filter = "(&%s%s)" % (
auth_search_filter,
user_filter
@@ -2018,7 +2063,7 @@ class LDAP(pykolab.base.Base):
try:
entry['type'] = self._entry_type(entry)
except:
- entry['type'] = "unknown"
+ entry['type'] = None
log.debug(_("Entry type: %s") % (entry['type']), level=8)
@@ -2092,14 +2137,6 @@ class LDAP(pykolab.base.Base):
#
# server = self.imap.user_mailbox_server(folder)
- log.debug(
- _("Done with _synchronize_callback() for entry %r") % (
- entry['id']
- ),
- level=9
- )
-
-
def _unbind(self):
"""
Discard the current set of bind credentials.
@@ -2468,9 +2505,13 @@ class LDAP(pykolab.base.Base):
except Exception, errmsg:
log.error(_("An error occured using %s: %r") % (supported_control, errmsg))
+ import traceback
+
if conf.debuglevel > 8:
- import traceback
traceback.print_exc()
+
+ log.error(_("%s") % (traceback.format_exc()))
+
continue
return _results