in source/soca/cluster_web_ui/api/v1/ldap/activedirectory/group.py [0:0]
def post(self):
"""
Create a new LDAP group
---
tags:
- Group Management
parameters:
- in: body
name: body
schema:
required:
- group
optional:
- gid
- users
properties:
group:
type: string
description: Name of the group
gid:
type: integer
description: Linux GID to be associated to the group
users:
type: list
description: List of user(s) to add to the group
responses:
200:
description: Group created
203:
description: Group already exist
204:
description: User does not exist and can't be added to the group
400:
description: Malformed client input
500:
description: Backend issue
"""
parser = reqparse.RequestParser()
parser.add_argument('group', type=str, location='form')
parser.add_argument('gid', type=int, location='form')
parser.add_argument('members', type=str, location='form') # comma separated list of users
args = parser.parse_args()
gid = args["gid"]
group = args["group"]
if args["members"] is None:
members = []
else:
members = args["members"].split(",")
get_gid = get(config.Config.FLASK_ENDPOINT + '/api/ldap/ids',
headers={"X-SOCA-TOKEN": config.Config.API_ROOT_KEY},
verify=False) # nosec
if get_gid.status_code == 200:
current_ldap_gids = get_gid.json()
else:
return errors.all_errors("UNABLE_RETRIEVE_IDS", str(get_gid.text))
if gid is None:
group_id = current_ldap_gids["message"]["proposed_gid"]
else:
if gid in current_ldap_gids["message"]["gid_in_use"]:
return errors.all_errors("GID_ALREADY_IN_USE")
group_id = gid
if group is None:
return errors.all_errors("CLIENT_MISSING_PARAMETER", "group (str) parameter is required")
else:
if group.endswith(config.Config.GROUP_NAME_SUFFIX):
pass
else:
group = f"{group}{config.Config.GROUP_NAME_SUFFIX}"
try:
logger.info(f"About to create new group {group} with members {members}")
conn = ldap.initialize(f"ldap://{config.Config.DOMAIN_NAME}")
conn.simple_bind_s(f"{config.Config.ROOT_USER}@{config.Config.DOMAIN_NAME}", config.Config.ROOT_PW)
conn.protocol_version = 3
conn.set_option(ldap.OPT_REFERRALS, 0)
group_members = []
group_dn = f"cn={group},ou=Users,ou={config.Config.NETBIOS},{config.Config.LDAP_BASE}"
if members is not None:
if not isinstance(members, list):
return {"success": False,
"message": "users must be a valid list"}, 400
if len(members) > 0:
get_all_users = get(config.Config.FLASK_ENDPOINT + "/api/ldap/users",
headers={"X-SOCA-TOKEN": config.Config.API_ROOT_KEY},
verify=False) # nosec
if get_all_users.status_code == 200:
all_users = get_all_users.json()["message"]
all_users = dict((k.lower(), v) for k, v in all_users.items()) # force lowercase
else:
return {"success": False, "message": "Unable to retrieve the list of SOCA users " + str(
get_all_users.json())}, 212
for member in members:
#if "ou=users" in member.lower():
# dn_user = member
#else:
# dn_user = f"cn={member},ou=Users,ou={config.Config.NETBIOS},{config.Config.LDAP_BASE}"
logger.info(f"Checking if {member} exist in {all_users}")
if member.lower() not in all_users.keys():
return {"success": False,
"message": "Unable to create group because user (" + member +") does not exist."}, 211
else:
group_members.append(member)
attrs = [
('objectClass', ['top'.encode('utf-8'),
'group'.encode('utf-8')]),
('gidNumber', [str(group_id).encode('utf-8')]),
('sAMAccountName', [f"{group}".encode('utf-8')])]
conn.add_s(group_dn, attrs)
users_not_added = []
for member in group_members:
add_member_to_group = put(config.Config.FLASK_ENDPOINT + "/api/ldap/group",
headers={"X-SOCA-TOKEN": config.Config.API_ROOT_KEY},
data={"group": group,
"user": member,
"action": "add"},
verify=False) # nosec
if add_member_to_group.status_code != 200:
users_not_added.append(member)
if users_not_added.__len__() == 0:
return {"success": True, "message": "Group created successfully"}, 200
else:
return {"success": True, "message": "Group created successfully but unable to add some users: " + str(users_not_added)}, 214
except Exception as err:
return errors.all_errors(type(err).__name__, err)