跳转到主要内容

一个只读的Zope3 GroupFolder实现,它反映LDAP服务器上的组。需要ldappas

项目描述

这是一个实现只读GroupFolder的AuthenticatorPlugin,它反映了在LDAP服务器上定义的组。它依赖于ldappas插件作为名为ILDAPAuthentation工具的注册。它与ldappas协同工作:ldappas验证用户,而ldapgroups查找他们的组并将用户添加到组中

设置

>>> from ldappas.authentication import LDAPAuthentication
>>> from zope import component
>>> from ldappas.interfaces import ILDAPAuthentication
>>> users = LDAPAuthentication()
>>> component.provideUtility(users, ILDAPAuthentication, 'ldap-users')

LDAPAuthentication需要一个LDAP适配器,注册为名为ILDAPAdapter工具。测试模块中有一个假的适配器。

>>> from ldapgroups.tests.fakeadapter import FakeLDAPAdapter
>>> adapter = FakeLDAPAdapter()
>>> from ldapadapter.interfaces import ILDAPAdapter
>>> component.provideUtility(adapter, ILDAPAdapter, 'ldap-adapter')

让我们配置LDAPAuthentication插件

>>> users.adapterName = u'ldap-adapter'
>>> users.searchBase = u'ou=users,dc=test'
>>> users.searchScope = u'sub'
>>> users.loginAttribute = u'cn'
>>> users.principalIdPrefix = u'ldap.'
>>> users.titleAttribute = u'sn'

在LDAPAuthentication插件上无需填写与组相关的属性,因为LDAPGroups使用它自己的。对于idAttribute,您应使用产生用户唯一名称的属性,因为LDAP使用此属性将用户与组关联

>>> users.idAttribute = u'dn'

(对于ActiveDirectory,这似乎是“distinguishedName”,因此请使用LDAP浏览器进行验证)可能有一种方法可以绕过此限制,但尚未实现。

让我们让我们的LDAP GroupFolder上线并运行

>>> from ldapgroups.groupfolder import LDAPGroups
>>> groups = LDAPGroups(u'ldap-users', u'group.ldap.')
>>> groups.groupsSearchBase = u'ou=groups,dc=test'
>>> groups.groupsSearchScope = u'sub'
>>> groups.groupTitleAttribute = u'cn'
>>> groups.groupIdAttribute = u'dn'
>>> groups.groupDescriptionAttribute = u'description'

进行一些注册测试

>>> groups.getLDAPAuthenticator() == users
True
>>> users.getLDAPAdapter() == adapter
True

组无法进行认证

>>> groups.authenticateCredentials({'login':u'Domain Users','password':u'pwd'}) is None
True

我们可以将组作为主体进行查找

>>> principal = groups.principalInfo(u'group.ldap.cn=Domain Users,ou=groups,dc=test')
>>> principal
LDAPGroupInformation(u'group.ldap.cn=Domain Users,ou=groups,dc=test')
>>> from zope.pluggableauth.interfaces import IPrincipalInfo
>>> IPrincipalInfo.providedBy(principal)
True

它还提供了IReadGroupInformation,可用于获取主体

>>> from ldapgroups.interfaces import IReadGroupInformation
>>> IReadGroupInformation.providedBy(principal)
True
>>> principal.principals
[u'ldap.cn=Andr\xe9 de Chimpansee,ou=users,dc=test', u'ldap.cn=Louis Kolibri,ou=users,dc=test']

容器行为

>>> len(groups)
2
>>> groups.keys()
[u'Administrators', u'Domain Users']
>>> 'Administrators' in groups
True
>>> groups.has_key('Administrators')
True
>>> groups.values()
[LDAPGroupInformation(u'group.ldap.cn=Administrators,ou=groups,dc=test'), LDAPGroupInformation(u'group.ldap.cn=Domain Users,ou=groups,dc=test')]
>>> groups.items() == zip(groups.keys(),  groups.values())
True
>>> group = groups['Domain Users']
>>> group
LDAPGroupInformation(u'group.ldap.cn=Domain Users,ou=groups,dc=test')
>>> group.description
u'Users with a domain account'
>>> group == groups.get('Domain Users')
True
>>> groups.get('grupo sportivo') is None
True
>>> groups['grupo sportivo'] # doctest: +ELLIPSIS
Traceback (most recent call last):
  ...
KeyError

搜索

>>> groups.search({'cn':'Domain Users'})
[u'group.ldap.cn=Domain Users,ou=groups,dc=test']
>>> groups.search({'cn':'Users'})
[]

PAU集成

将它们全部注册到PAU

>>> from zope.pluggableauth.interfaces import IAuthenticatorPlugin
>>> component.provideUtility(users, provides=IAuthenticatorPlugin, name='ldap-users')
>>> component.provideUtility(groups, provides=IAuthenticatorPlugin, name='ldap-groups')

我们还需要一个从请求中提取凭证的凭证插件

>>> import zope.interface
>>> from zope.pluggableauth.interfaces import ICredentialsPlugin
>>> class MyCredentialsPlugin:
...
...     zope.interface.implements(ICredentialsPlugin)
...
...     def extractCredentials(self, request):
...         return request.get('credentials')
...
...     def challenge(self, request):
...         pass # challenge is a no-op for this plugin
...
...     def logout(request):
...         pass # logout is a no-op for this plugin
>>> creds = MyCredentialsPlugin()
>>> component.provideUtility(creds, name='simple-creds')

注册principalFactory

>>> import zope.component.event
>>> from zope.pluggableauth import factories
>>> component.provideAdapter(factories.AuthenticatedPrincipalFactory)
>>> component.provideAdapter(factories.FoundPrincipalFactory)

我们最终准备创建一个可插入的认证工具,并使用它注册两个插件

>>> from zope.pluggableauth import PluggableAuthentication
>>> pau = PluggableAuthentication()
>>> pau['ldap-users'] = users
>>> pau['ldap-groups'] = groups
>>> pau['simple-creds'] = creds
>>> pau.credentialsPlugins = ('simple-creds', )
>>> pau.authenticatorPlugins = ('ldap-users', 'ldap-groups')

让我们验证一些用户

>>> from zope.publisher.browser import TestRequest
>>> request = TestRequest(credentials={'login': 'Louis Kolibri', 'password': 'louis2000'})
>>> louis = pau.authenticate(request)
>>> louis
Principal(u'ldap.cn=Louis Kolibri,ou=users,dc=test')

组由setGroupsForPrincipal事件订阅者设置

>>> louis.groups
[]
>>> class PrincipalCreatedEvent:
...     def __init__(self, authentication, principal):
...         self.authentication = authentication
...         self.principal = principal
>>> from ldapgroups.groupfolder import setGroupsForPrincipal
>>> setGroupsForPrincipal(PrincipalCreatedEvent(pau, louis))
>>> louis.groups
[u'group.ldap.cn=Domain Users,ou=groups,dc=test']
>>> component.provideHandler(setGroupsForPrincipal)
>>> request = TestRequest(credentials={'login': u'Andr\xe9 de Chimpansee', 'password': 'dreten'})
>>> andre = pau.authenticate(request)
>>> andre
Principal(u'ldap.cn=Andr\xe9 de Chimpansee,ou=users,dc=test')
>>> andre.groups
[u'group.ldap.cn=Administrators,ou=groups,dc=test', u'group.ldap.cn=Domain Users,ou=groups,dc=test']

浏览器视图

对于zmi视图,有一个可用的ISized适配器。

>>> from ldapgroups.groupfolder import LDAPGroupSize
>>> from zope.size.interfaces import ISized
>>> component.provideAdapter(LDAPGroupSize)
>>> ISized(group).sizeForSorting()
('item', 2)

视图的iteminfos函数收集了groupfolder中所有关于组的详细信息

>>> from ldapgroups.browser.contents import LDAPGroupFolderContents
>>> view = LDAPGroupFolderContents(groups, request)
>>> view.iteminfos()
[{'url': 'Administrators', 'name': u'Administrators', 'size': u'${items} items'}, {'url': 'Domain%20Users', 'name': u'Domain Users', 'size': u'${items} items'}]

下载

项目详情


下载文件

下载适合您平台的文件。如果您不确定选择哪个,请了解有关安装包的更多信息。

源分发

ldapgroups-0.2.zip (18.7 kB 查看哈希值)

上传时间

由以下支持

AWSAWS云计算和安全赞助商DatadogDatadog监控FastlyFastlyCDNGoogleGoogle下载分析MicrosoftMicrosoftPSF赞助商PingdomPingdom监控SentrySentry错误记录StatusPageStatusPage状态页面