一个只读的Zope3 GroupFolder实现,它反映LDAP服务器上的组。需要ldappas
项目描述
这是一个实现只读GroupFolder的AuthenticatorPlugin,它反映了在LDAP服务器上定义的组。它依赖于ldappas插件作为名为ILDAPAuthentation工具的注册。它与ldappas协同工作:ldappas验证用户,而ldapgroups查找他们的组并将用户添加到组中
设置
>>> from ldappas.authentication import LDAPAuthentication >>> from zope import component >>> from ldappas.interfaces import ILDAPAuthentication>>> users = LDAPAuthentication() >>> component.provideUtility(users, ILDAPAuthentication, 'ldap-users')
LDAPAuthentication需要一个LDAP适配器,注册为名为ILDAPAdapter工具。测试模块中有一个假的适配器。
>>> from ldapgroups.tests.fakeadapter import FakeLDAPAdapter >>> adapter = FakeLDAPAdapter() >>> from ldapadapter.interfaces import ILDAPAdapter >>> component.provideUtility(adapter, ILDAPAdapter, 'ldap-adapter')
让我们配置LDAPAuthentication插件
>>> users.adapterName = u'ldap-adapter' >>> users.searchBase = u'ou=users,dc=test' >>> users.searchScope = u'sub' >>> users.loginAttribute = u'cn' >>> users.principalIdPrefix = u'ldap.' >>> users.titleAttribute = u'sn'
在LDAPAuthentication插件上无需填写与组相关的属性,因为LDAPGroups使用它自己的。对于idAttribute,您应使用产生用户唯一名称的属性,因为LDAP使用此属性将用户与组关联
>>> users.idAttribute = u'dn'
(对于ActiveDirectory,这似乎是“distinguishedName”,因此请使用LDAP浏览器进行验证)可能有一种方法可以绕过此限制,但尚未实现。
让我们让我们的LDAP GroupFolder上线并运行
>>> from ldapgroups.groupfolder import LDAPGroups >>> groups = LDAPGroups(u'ldap-users', u'group.ldap.') >>> groups.groupsSearchBase = u'ou=groups,dc=test' >>> groups.groupsSearchScope = u'sub' >>> groups.groupTitleAttribute = u'cn' >>> groups.groupIdAttribute = u'dn' >>> groups.groupDescriptionAttribute = u'description'
进行一些注册测试
>>> groups.getLDAPAuthenticator() == users True >>> users.getLDAPAdapter() == adapter True
组无法进行认证
>>> groups.authenticateCredentials({'login':u'Domain Users','password':u'pwd'}) is None True
我们可以将组作为主体进行查找
>>> principal = groups.principalInfo(u'group.ldap.cn=Domain Users,ou=groups,dc=test') >>> principal LDAPGroupInformation(u'group.ldap.cn=Domain Users,ou=groups,dc=test') >>> from zope.pluggableauth.interfaces import IPrincipalInfo >>> IPrincipalInfo.providedBy(principal) True
它还提供了IReadGroupInformation,可用于获取主体
>>> from ldapgroups.interfaces import IReadGroupInformation >>> IReadGroupInformation.providedBy(principal) True >>> principal.principals [u'ldap.cn=Andr\xe9 de Chimpansee,ou=users,dc=test', u'ldap.cn=Louis Kolibri,ou=users,dc=test']
容器行为
>>> len(groups) 2 >>> groups.keys() [u'Administrators', u'Domain Users'] >>> 'Administrators' in groups True >>> groups.has_key('Administrators') True >>> groups.values() [LDAPGroupInformation(u'group.ldap.cn=Administrators,ou=groups,dc=test'), LDAPGroupInformation(u'group.ldap.cn=Domain Users,ou=groups,dc=test')] >>> groups.items() == zip(groups.keys(), groups.values()) True >>> group = groups['Domain Users'] >>> group LDAPGroupInformation(u'group.ldap.cn=Domain Users,ou=groups,dc=test') >>> group.description u'Users with a domain account' >>> group == groups.get('Domain Users') True >>> groups.get('grupo sportivo') is None True >>> groups['grupo sportivo'] # doctest: +ELLIPSIS Traceback (most recent call last): ... KeyError
搜索
>>> groups.search({'cn':'Domain Users'}) [u'group.ldap.cn=Domain Users,ou=groups,dc=test'] >>> groups.search({'cn':'Users'}) []
PAU集成
将它们全部注册到PAU
>>> from zope.pluggableauth.interfaces import IAuthenticatorPlugin >>> component.provideUtility(users, provides=IAuthenticatorPlugin, name='ldap-users') >>> component.provideUtility(groups, provides=IAuthenticatorPlugin, name='ldap-groups')
我们还需要一个从请求中提取凭证的凭证插件
>>> import zope.interface >>> from zope.pluggableauth.interfaces import ICredentialsPlugin>>> class MyCredentialsPlugin: ... ... zope.interface.implements(ICredentialsPlugin) ... ... def extractCredentials(self, request): ... return request.get('credentials') ... ... def challenge(self, request): ... pass # challenge is a no-op for this plugin ... ... def logout(request): ... pass # logout is a no-op for this plugin>>> creds = MyCredentialsPlugin() >>> component.provideUtility(creds, name='simple-creds')
注册principalFactory
>>> import zope.component.event >>> from zope.pluggableauth import factories >>> component.provideAdapter(factories.AuthenticatedPrincipalFactory) >>> component.provideAdapter(factories.FoundPrincipalFactory)
我们最终准备创建一个可插入的认证工具,并使用它注册两个插件
>>> from zope.pluggableauth import PluggableAuthentication >>> pau = PluggableAuthentication() >>> pau['ldap-users'] = users >>> pau['ldap-groups'] = groups >>> pau['simple-creds'] = creds >>> pau.credentialsPlugins = ('simple-creds', ) >>> pau.authenticatorPlugins = ('ldap-users', 'ldap-groups')
让我们验证一些用户
>>> from zope.publisher.browser import TestRequest >>> request = TestRequest(credentials={'login': 'Louis Kolibri', 'password': 'louis2000'}) >>> louis = pau.authenticate(request) >>> louis Principal(u'ldap.cn=Louis Kolibri,ou=users,dc=test')
组由setGroupsForPrincipal事件订阅者设置
>>> louis.groups [] >>> class PrincipalCreatedEvent: ... def __init__(self, authentication, principal): ... self.authentication = authentication ... self.principal = principal >>> from ldapgroups.groupfolder import setGroupsForPrincipal >>> setGroupsForPrincipal(PrincipalCreatedEvent(pau, louis)) >>> louis.groups [u'group.ldap.cn=Domain Users,ou=groups,dc=test'] >>> component.provideHandler(setGroupsForPrincipal) >>> request = TestRequest(credentials={'login': u'Andr\xe9 de Chimpansee', 'password': 'dreten'}) >>> andre = pau.authenticate(request) >>> andre Principal(u'ldap.cn=Andr\xe9 de Chimpansee,ou=users,dc=test') >>> andre.groups [u'group.ldap.cn=Administrators,ou=groups,dc=test', u'group.ldap.cn=Domain Users,ou=groups,dc=test']
浏览器视图
对于zmi视图,有一个可用的ISized适配器。
>>> from ldapgroups.groupfolder import LDAPGroupSize >>> from zope.size.interfaces import ISized >>> component.provideAdapter(LDAPGroupSize) >>> ISized(group).sizeForSorting() ('item', 2)
视图的iteminfos函数收集了groupfolder中所有关于组的详细信息
>>> from ldapgroups.browser.contents import LDAPGroupFolderContents >>> view = LDAPGroupFolderContents(groups, request) >>> view.iteminfos() [{'url': 'Administrators', 'name': u'Administrators', 'size': u'${items} items'}, {'url': 'Domain%20Users', 'name': u'Domain Users', 'size': u'${items} items'}]
下载
项目详情
关闭
ldapgroups-0.2.zip的哈希值
算法 | 哈希摘要 | |
---|---|---|
SHA256 | 81983d847804278bc420e1550e8a4a5dfd864e6f92ed10a0e884cba2df91b868 |
|
MD5 | 8985a1f14b8e17e37276a474ccc45537 |
|
BLAKE2b-256 | 0a40e020c46657de941366dce9d583b10047257b2529b7d50c4853ef25871d65 |