mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-27 15:12:25 +00:00
Merge branch 'Fix_117' into 'master'
Fix #117 : Use unix_name instead of name for ldap groups Closes #117 See merge request federez/re2o!145
This commit is contained in:
commit
1f4443d857
4 changed files with 126 additions and 11 deletions
24
CHANGELOG.md
24
CHANGELOG.md
|
@ -1,7 +1,7 @@
|
||||||
## MR 160: Datepicker
|
## MR 160: Datepicker
|
||||||
|
|
||||||
Install libjs-jquery libjs-jquery-ui libjs-jquery-timepicker libjs-bootstrap javascript-common
|
Install libjs-jquery libjs-jquery-ui libjs-jquery-timepicker libjs-bootstrap javascript-common
|
||||||
```
|
```bash
|
||||||
apt-get -y install \
|
apt-get -y install \
|
||||||
libjs-jquery \
|
libjs-jquery \
|
||||||
libjs-jquery-ui \
|
libjs-jquery-ui \
|
||||||
|
@ -10,12 +10,12 @@ apt-get -y install \
|
||||||
javascript-common
|
javascript-common
|
||||||
```
|
```
|
||||||
Enable javascript-common conf
|
Enable javascript-common conf
|
||||||
```
|
```bash
|
||||||
a2enconf javascript-common
|
a2enconf javascript-common
|
||||||
```
|
```
|
||||||
|
|
||||||
Delete old jquery files :
|
Delete old jquery files :
|
||||||
```
|
```bash
|
||||||
rm -r static_files/js/jquery-ui-*
|
rm -r static_files/js/jquery-ui-*
|
||||||
rm static_files/js/jquery-2.2.4.min.js
|
rm static_files/js/jquery-2.2.4.min.js
|
||||||
rm static/css/jquery-ui-timepicker-addon.css
|
rm static/css/jquery-ui-timepicker-addon.css
|
||||||
|
@ -42,6 +42,7 @@ Refactored install_re2o.sh script.
|
||||||
```
|
```
|
||||||
install_re2o.sh help
|
install_re2o.sh help
|
||||||
```
|
```
|
||||||
|
|
||||||
* The installation templates (LDIF files and `re2o/settings_locale.example.py`) have been changed to use `example.net` instead of `example.org` (more neutral and generic)
|
* The installation templates (LDIF files and `re2o/settings_locale.example.py`) have been changed to use `example.net` instead of `example.org` (more neutral and generic)
|
||||||
|
|
||||||
|
|
||||||
|
@ -75,7 +76,6 @@ OPTIONAL_APPS = (
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## MR 177: Add django-debug-toolbar support
|
## MR 177: Add django-debug-toolbar support
|
||||||
|
|
||||||
Add the possibility to enable `django-debug-toolbar` in debug mode. First install the APT package:
|
Add the possibility to enable `django-debug-toolbar` in debug mode. First install the APT package:
|
||||||
|
@ -94,3 +94,19 @@ If you to restrict the IP which can see the debug, use the `INTERNAL_IPS` option
|
||||||
```
|
```
|
||||||
INTERNAL_IPS = ["10.0.0.1", "10.0.0.2"]
|
INTERNAL_IPS = ["10.0.0.1", "10.0.0.2"]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## MR 145: Fix #117 : Use unix_name instead of name for ldap groups
|
||||||
|
|
||||||
|
Fix a mixing between unix_name and name for groups
|
||||||
|
After this modification you need to:
|
||||||
|
* Double-check your defined groups' unix-name only contain small letters
|
||||||
|
* Run the following commands to rebuild your ldap's groups:
|
||||||
|
```shell
|
||||||
|
python3 manage.py ldap_rebuild
|
||||||
|
```
|
||||||
|
|
||||||
|
* You may need to force your nslcd cache to be reloaded on some servers (else you will have to wait for the cache to be refreshed):
|
||||||
|
```bash
|
||||||
|
sudo nslcd -i groups
|
||||||
|
```
|
||||||
|
|
|
@ -501,7 +501,7 @@ class ShellForm(FormRevMixin, ModelForm):
|
||||||
|
|
||||||
class ListRightForm(FormRevMixin, ModelForm):
|
class ListRightForm(FormRevMixin, ModelForm):
|
||||||
"""Edition, d'un groupe , équivalent à un droit
|
"""Edition, d'un groupe , équivalent à un droit
|
||||||
Ne peremet pas d'editer le gid, car il sert de primary key"""
|
Ne permet pas d'editer le gid, car il sert de primary key"""
|
||||||
permissions = forms.ModelMultipleChoiceField(
|
permissions = forms.ModelMultipleChoiceField(
|
||||||
Permission.objects.all().select_related('content_type'),
|
Permission.objects.all().select_related('content_type'),
|
||||||
widget=forms.CheckboxSelectMultiple,
|
widget=forms.CheckboxSelectMultiple,
|
||||||
|
@ -510,23 +510,24 @@ class ListRightForm(FormRevMixin, ModelForm):
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = ListRight
|
model = ListRight
|
||||||
fields = ['name', 'unix_name', 'critical', 'permissions', 'details']
|
fields = ('name', 'unix_name', 'critical', 'permissions', 'details')
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
|
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
|
||||||
super(ListRightForm, self).__init__(*args, prefix=prefix, **kwargs)
|
super(ListRightForm, self).__init__(*args, prefix=prefix, **kwargs)
|
||||||
self.fields['unix_name'].label = 'Nom du droit/groupe'
|
self.fields['unix_name'].label = 'Nom UNIX du groupe'
|
||||||
|
|
||||||
|
|
||||||
class NewListRightForm(ListRightForm):
|
class NewListRightForm(ListRightForm):
|
||||||
"""Ajout d'un groupe/list de droit """
|
"""Ajout d'un groupe/list de droit """
|
||||||
class Meta(ListRightForm.Meta):
|
class Meta(ListRightForm.Meta):
|
||||||
fields = '__all__'
|
fields = ('name', 'unix_name', 'gid', 'critical', 'permissions',
|
||||||
|
'details')
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
super(NewListRightForm, self).__init__(*args, **kwargs)
|
super(NewListRightForm, self).__init__(*args, **kwargs)
|
||||||
self.fields['gid'].label = 'Gid, attention, cet attribut ne doit\
|
self.fields['gid'].label = ("Gid, attention, cet attribut ne doit "
|
||||||
pas être modifié après création'
|
"pas être modifié après création")
|
||||||
|
|
||||||
|
|
||||||
class DelListRightForm(Form):
|
class DelListRightForm(Form):
|
||||||
|
|
98
users/management/commands/ldap_rebuild.py
Normal file
98
users/management/commands/ldap_rebuild.py
Normal file
|
@ -0,0 +1,98 @@
|
||||||
|
# Copyright © 2018 Maël Kervella
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License along
|
||||||
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
#
|
||||||
|
import subprocess
|
||||||
|
from base64 import decodebytes
|
||||||
|
|
||||||
|
from django.core.management.base import BaseCommand, CommandError
|
||||||
|
from django.conf import settings
|
||||||
|
|
||||||
|
from users.models import User, ListRight
|
||||||
|
|
||||||
|
|
||||||
|
def flush_ldap(binddn, bindpass, server, usersdn, groupsdn):
|
||||||
|
"""
|
||||||
|
Perform the python (and more understandable) equivalent of the following commands:
|
||||||
|
|
||||||
|
ldapsearch -A -s one -D $binddn -w $bindpass -H $server -b $usersdn dn \
|
||||||
|
| grep "dn: " | sed -e 's/dn: //g' \
|
||||||
|
| ldapdelete -v -D $binddn -w $bindpass -H $server --
|
||||||
|
ldapsearch -A -s one -D $binddn -w $bindpass -H $server -b $usersdn dn \
|
||||||
|
| grep "dn:: " | sed -e 's/dn:: //g' \
|
||||||
|
| while read x; do echo "$x" | base64 -d; echo ""; done \
|
||||||
|
| ldapdelete -v -D $binddn -w $bindpass -H $server --
|
||||||
|
ldapsearch -A -s one -D $binddn -w $bindpass -H $server -b $groupsdn dn \
|
||||||
|
| grep "dn: " | sed -e 's/dn: //g' \
|
||||||
|
| ldapdelete -v -D $binddn -w $bindpass -H $server --
|
||||||
|
ldapsearch -A -s one -D $binddn -w $bindpass -H $server -b $groupsdn dn \
|
||||||
|
| grep "dn:: " | sed -e 's/dn:: //g' \
|
||||||
|
| while read x; do echo "$x" | base64 -d; echo ""; done \
|
||||||
|
| ldapdelete -v -D $binddn -w $bindpass -H $server --
|
||||||
|
"""
|
||||||
|
|
||||||
|
to_remove = []
|
||||||
|
|
||||||
|
for lookup in (usersdn, groupsdn):
|
||||||
|
search_cmd = [
|
||||||
|
'ldapsearch',
|
||||||
|
'-A',
|
||||||
|
'-s', 'one',
|
||||||
|
'-D', binddn,
|
||||||
|
'-w', bindpass,
|
||||||
|
'-H', server,
|
||||||
|
'-b', lookup,
|
||||||
|
'dn'
|
||||||
|
]
|
||||||
|
for line in subprocess.check_output(search_cmd).split(b'\n'):
|
||||||
|
if line.startswith(b'dn: '):
|
||||||
|
to_remove.append(line[len(b'dn: '):])
|
||||||
|
elif line.startswith(b'dn:: '):
|
||||||
|
# Non ASCII value ares are base64-encoded
|
||||||
|
to_remove.append(decodebytes(line[len(b'dn:: '):]))
|
||||||
|
|
||||||
|
delete_cmd = [
|
||||||
|
'ldapdelete',
|
||||||
|
'-D', binddn,
|
||||||
|
'-w', bindpass,
|
||||||
|
'-H', server
|
||||||
|
] + to_remove
|
||||||
|
subprocess.check_call(delete_cmd)
|
||||||
|
|
||||||
|
|
||||||
|
def sync_ldap():
|
||||||
|
"""Syncrhonize the whole LDAP with the DB."""
|
||||||
|
for u in User.objects.all():
|
||||||
|
u.ldap_sync()
|
||||||
|
for lr in ListRight.objects.all():
|
||||||
|
lr.ldap_sync()
|
||||||
|
|
||||||
|
|
||||||
|
class Command(BaseCommand):
|
||||||
|
help = ('Destroy the current LDAP data and rebuild it from the DB data. '
|
||||||
|
'Use with caution.')
|
||||||
|
|
||||||
|
def handle(self, *args, **options):
|
||||||
|
|
||||||
|
usersdn = settings.LDAP['base_user_dn']
|
||||||
|
groupsdn = settings.LDAP['base_usergroup_dn']
|
||||||
|
binddn = settings.DATABASES['ldap']['USER']
|
||||||
|
bindpass = settings.DATABASES['ldap']['PASSWORD']
|
||||||
|
server = settings.DATABASES['ldap']['NAME']
|
||||||
|
|
||||||
|
flush_ldap(binddn, bindpass, server, usersdn, groupsdn)
|
||||||
|
self.stdout.write("LDAP emptied")
|
||||||
|
sync_ldap()
|
||||||
|
self.stdout.write("LDAP rebuilt")
|
|
@ -1175,7 +1175,7 @@ class ListRight(RevMixin, AclMixin, Group):
|
||||||
group_ldap = LdapUserGroup.objects.get(gid=self.gid)
|
group_ldap = LdapUserGroup.objects.get(gid=self.gid)
|
||||||
except LdapUserGroup.DoesNotExist:
|
except LdapUserGroup.DoesNotExist:
|
||||||
group_ldap = LdapUserGroup(gid=self.gid)
|
group_ldap = LdapUserGroup(gid=self.gid)
|
||||||
group_ldap.name = self.listright
|
group_ldap.name = self.unix_name
|
||||||
group_ldap.members = [user.pseudo for user
|
group_ldap.members = [user.pseudo for user
|
||||||
in self.user_set.all()]
|
in self.user_set.all()]
|
||||||
group_ldap.save()
|
group_ldap.save()
|
||||||
|
|
Loading…
Reference in a new issue