Commit 1f4443d8 authored by klafyvel's avatar klafyvel

Merge branch 'Fix_117' into 'master'

Fix #117 : Use unix_name instead of name for ldap groups

Closes #117

See merge request federez/re2o!145
parents 40247e32 4cbb05d2
## MR 160: Datepicker
Install libjs-jquery libjs-jquery-ui libjs-jquery-timepicker libjs-bootstrap javascript-common
apt-get -y install \
libjs-jquery \
libjs-jquery-ui \
......@@ -10,12 +10,12 @@ apt-get -y install \
Enable javascript-common conf
a2enconf javascript-common
Delete old jquery files :
rm -r static_files/js/jquery-ui-*
rm static_files/js/jquery-2.2.4.min.js
rm static/css/jquery-ui-timepicker-addon.css
......@@ -42,6 +42,7 @@ Refactored script.
``` help
* The installation templates (LDIF files and `re2o/`) have been changed to use `` instead of `` (more neutral and generic)
......@@ -75,7 +76,6 @@ OPTIONAL_APPS = (
## MR 177: Add django-debug-toolbar support
Add the possibility to enable `django-debug-toolbar` in debug mode. First install the APT package:
......@@ -94,3 +94,19 @@ If you to restrict the IP which can see the debug, use the `INTERNAL_IPS` option
INTERNAL_IPS = ["", ""]
## MR 145: Fix #117 : Use unix_name instead of name for ldap groups
Fix a mixing between unix_name and name for groups
After this modification you need to:
* Double-check your defined groups' unix-name only contain small letters
* Run the following commands to rebuild your ldap's groups:
python3 ldap_rebuild
* You may need to force your nslcd cache to be reloaded on some servers (else you will have to wait for the cache to be refreshed):
sudo nslcd -i groups
......@@ -501,7 +501,7 @@ class ShellForm(FormRevMixin, ModelForm):
class ListRightForm(FormRevMixin, ModelForm):
"""Edition, d'un groupe , équivalent à un droit
Ne peremet pas d'editer le gid, car il sert de primary key"""
Ne permet pas d'editer le gid, car il sert de primary key"""
permissions = forms.ModelMultipleChoiceField(
......@@ -510,23 +510,24 @@ class ListRightForm(FormRevMixin, ModelForm):
class Meta:
model = ListRight
fields = ['name', 'unix_name', 'critical', 'permissions', 'details']
fields = ('name', 'unix_name', 'critical', 'permissions', 'details')
def __init__(self, *args, **kwargs):
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
super(ListRightForm, self).__init__(*args, prefix=prefix, **kwargs)
self.fields['unix_name'].label = 'Nom du droit/groupe'
self.fields['unix_name'].label = 'Nom UNIX du groupe'
class NewListRightForm(ListRightForm):
"""Ajout d'un groupe/list de droit """
class Meta(ListRightForm.Meta):
fields = '__all__'
fields = ('name', 'unix_name', 'gid', 'critical', 'permissions',
def __init__(self, *args, **kwargs):
super(NewListRightForm, self).__init__(*args, **kwargs)
self.fields['gid'].label = 'Gid, attention, cet attribut ne doit\
pas être modifié après création'
self.fields['gid'].label = ("Gid, attention, cet attribut ne doit "
"pas être modifié après création")
class DelListRightForm(Form):
# Copyright © 2018 Maël Kervella
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
import subprocess
from base64 import decodebytes
from import BaseCommand, CommandError
from django.conf import settings
from users.models import User, ListRight
def flush_ldap(binddn, bindpass, server, usersdn, groupsdn):
Perform the python (and more understandable) equivalent of the following commands:
ldapsearch -A -s one -D $binddn -w $bindpass -H $server -b $usersdn dn \
| grep "dn: " | sed -e 's/dn: //g' \
| ldapdelete -v -D $binddn -w $bindpass -H $server --
ldapsearch -A -s one -D $binddn -w $bindpass -H $server -b $usersdn dn \
| grep "dn:: " | sed -e 's/dn:: //g' \
| while read x; do echo "$x" | base64 -d; echo ""; done \
| ldapdelete -v -D $binddn -w $bindpass -H $server --
ldapsearch -A -s one -D $binddn -w $bindpass -H $server -b $groupsdn dn \
| grep "dn: " | sed -e 's/dn: //g' \
| ldapdelete -v -D $binddn -w $bindpass -H $server --
ldapsearch -A -s one -D $binddn -w $bindpass -H $server -b $groupsdn dn \
| grep "dn:: " | sed -e 's/dn:: //g' \
| while read x; do echo "$x" | base64 -d; echo ""; done \
| ldapdelete -v -D $binddn -w $bindpass -H $server --
to_remove = []
for lookup in (usersdn, groupsdn):
search_cmd = [
'-s', 'one',
'-D', binddn,
'-w', bindpass,
'-H', server,
'-b', lookup,
for line in subprocess.check_output(search_cmd).split(b'\n'):
if line.startswith(b'dn: '):
to_remove.append(line[len(b'dn: '):])
elif line.startswith(b'dn:: '):
# Non ASCII value ares are base64-encoded
to_remove.append(decodebytes(line[len(b'dn:: '):]))
delete_cmd = [
'-D', binddn,
'-w', bindpass,
'-H', server
] + to_remove
def sync_ldap():
"""Syncrhonize the whole LDAP with the DB."""
for u in User.objects.all():
for lr in ListRight.objects.all():
class Command(BaseCommand):
help = ('Destroy the current LDAP data and rebuild it from the DB data. '
'Use with caution.')
def handle(self, *args, **options):
usersdn = settings.LDAP['base_user_dn']
groupsdn = settings.LDAP['base_usergroup_dn']
binddn = settings.DATABASES['ldap']['USER']
bindpass = settings.DATABASES['ldap']['PASSWORD']
server = settings.DATABASES['ldap']['NAME']
flush_ldap(binddn, bindpass, server, usersdn, groupsdn)
self.stdout.write("LDAP emptied")
self.stdout.write("LDAP rebuilt")
......@@ -1175,7 +1175,7 @@ class ListRight(RevMixin, AclMixin, Group):
group_ldap = LdapUserGroup.objects.get(gid=self.gid)
except LdapUserGroup.DoesNotExist:
group_ldap = LdapUserGroup(gid=self.gid) = self.listright = self.unix_name
group_ldap.members = [user.pseudo for user
in self.user_set.all()]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment