crans/lc_ldap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[ldap_locks] Mise en place des locks. Cf commentaires pour les détails.

Browse source 
* Malheureusement lc_ldap._create_entity et objet.create sont un peu
 sales, mais j'ai pas trouvé mieux.
 * L'historique contient désormais les secondes.
This commit is contained in:
Pierre-Elliott Bécue 2013-05-30 15:22:11 +02:00
parent 17efae121c
commit d6efff30de
7 changed files with 123 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

66
objets.py
View file

@ -63,6 +63,12 @@ from gestion.gen_confs.dhcpd_new import dydhcp
#: Champs à ignorer dans l'historique
HIST_IGNORE_FIELDS = ["modifiersName", "entryCSN", "modifyTimestamp", "historique"]
crans_account_attribs = [attributs.uid, attributs.canonicalAlias, attributs.solde,
attributs.contourneGreylist, attributs.derniereConnexion,
attributs.homepageAlias, attributs.loginShell, attributs.gecos,
attributs.uidNumber, attributs.homeDirectory,
attributs.gidNumber, attributs.userPassword,
attributs.mailAlias, attributs.cn]
def new_cransldapobject(conn, dn, mode='ro', uldif=None):
"""Crée un objet :py:class:`CransLdapObject` en utilisant la classe correspondant à
@ -159,7 +165,7 @@ class CransLdapObject(object):
assert isinstance(login, unicode)
assert isinstance(chain, unicode)
new_line = u"%s, %s : %s" % (time.strftime("%d/%m/%Y %H:%M"), login, chain)
new_line = u"%s, %s : %s" % (time.strftime("%d/%m/%Y %H:%M:%S"), login, chain)
# Attention, le __setitem__ est surchargé, mais pas .append sur l'historique
self["historique"] = self.get("historique", []) + [new_line]
@ -193,6 +199,12 @@ class CransLdapObject(object):
modlist = addModlist(self._modifs.to_ldif())
# Requête LDAP de création de l'objet
self.conn.add_s(self.dn, modlist)
# On nettoie les locks
for key, values in self._modifs.to_ldif().iteritems():
for value in values:
self.conn.lockholder.removelock(key, value)
self.conn.lockholder.purge(id(self))
# Services à relancer
services.services_to_restart(self.conn, {}, self._modifs)
self._post_creation()
@ -221,6 +233,7 @@ class CransLdapObject(object):
raise EnvironmentError("Vous n'avez pas le droit de supprimer %s." % self.dn)
self.bury(comm, login)
self.conn.delete_s(self.dn)
self.conn.lockholder.purge(id(self))
self._post_deletion()
services.services_to_restart(self.conn, self.attrs, {})
@ -243,6 +256,9 @@ class CransLdapObject(object):
# On programme le redémarrage des services
services.services_to_restart(self.conn, self.attrs, self._modifs)
# On nettoie les locks
self.conn.lockholder.purge(id(self))
# Vérification des modifications
old_ldif = self.conn.search_s(self.dn, ldap.SCOPE_BASE)[0][1]
old_uldif = lc_ldap.ldif_to_uldif(old_ldif)
@ -330,6 +346,9 @@ class CransLdapObject(object):
if not mixed_attrs[0].is_modifiable(self.conn.droits + self.conn._check_parent(self.dn) + self.conn._check_self(self.dn)):
raise EnvironmentError("Vous ne pouvez pas toucher aux attributs de type %r." % (attr))
self._modifs[attr] = attrs_before_verif
for attribut in attrs_before_verif:
if attribut.unique:
self.conn.lockholder.addlock(attr, str(attribut), id(self))
def search_historique(self, ign_fields=HIST_IGNORE_FIELDS):
u"""Récupère l'historique
@ -617,15 +636,16 @@ class adherent(proprio):
attributs.mail, attributs.mailInvalide, attributs.charteMA,
attributs.derniereConnexion, attributs.gpgFingerprint,
attributs.carteEtudiant, attributs.droits, attributs.etudes,
attributs.postalAddress, attributs.mailExt, attributs.compteWiki]
attributs.postalAddress, attributs.mailExt, attributs.compteWiki,
]
ldap_name = "adherent"
def __init__(self, conn, dn, mode='ro', ldif = None):
super(adherent, self).__init__(conn, dn, mode, ldif)
self.full = False
if u'cransAccount' in [ unicode(o) for o in self['objectClass']]:
self.attribs = self.attribs + [attributs.uid, attributs.canonicalAlias, attributs.solde,
attributs.contourneGreylist, attributs.derniereConnexion,
attributs.homepageAlias, attributs.mailAlias, attributs.loginShell ]
self.attribs = self.attribs + crans_account_attribs
self.full = True
def compte(self, login = None, uidNumber=0, hash_pass = '', shell=config.login_shell):
u"""Renvoie le nom du compte crans. S'il n'existe pas, et que uid
@ -649,18 +669,21 @@ class adherent(proprio):
if os.path.exists("/var/mail/" + login):
raise ValueError('Création du compte impossible : /var/mail/%s existant' % login)
self._modifs['homeDirectory'] = [home]
self._modifs['mail'] = [login]
self._modifs['uid' ] = [login]
if not self.full:
self.attribs = self.attribs + crans_account_attribs
self.full = True
self['homeDirectory'] = [home]
self['mail'] = [login + u"@crans.org"]
self['uid' ] = [login]
calias = crans_utils.strip_spaces(fn) + u'.' + crans_utils.strip_spaces(ln)
if crans_utils.mailexist(calias):
calias = login
self._modifs['canonicalAlias'] = [calias]
self._modifs['objectClass'] = [u'adherent', u'cransAccount', u'posixAccount', u'shadowAccount']
self._modifs['cn'] = [ fn + u' ' + ln ]
self._modifs['loginShell'] = [unicode(shell)]
self._modifs['userPassword'] = [unicode(hash_pass)]
self['canonicalAlias'] = [calias]
self['objectClass'] = [u'adherent', u'cransAccount', u'posixAccount', u'shadowAccount']
self['cn'] = [ fn + u' ' + ln ]
self['loginShell'] = [unicode(shell)]
self['userPassword'] = [unicode(hash_pass)]
if uidNumber:
if self.conn.search('(uidNumber=%s)' % uidNumber):
@ -675,18 +698,11 @@ class adherent(proprio):
if not len(pool_uid):
raise ValueError("Plus d'uid disponibles !")
## try:
## self.lock('uidNumber', str(uidNumber))
## except:
## # Quelqu'un nous a piqué l'uid que l'on venait de choisir !
## return self.compte(login, uidNumber, hash_pass, shell)
self._modifs['uidNumber'] = [unicode(uidNumber)]
self._modifs['gidNumber'] = [unicode(config.gid)]
self._modifs['gecos'] = [self._modifs['cn'][0] + u',,,']
self.save()
self['uidNumber'] = [unicode(uidNumber)]
self['gidNumber'] = [unicode(config.gid)]
self['gecos'] = [self._modifs['cn'][0] + u',,,']
#self.save()
else:
raise EnvironmentError("L'adhérent n'a pas de compte crans")