Add to groups

openldap/init.ldif

@@ -38,3 +38,9 @@ sn: Mascetti
 mail: rmascetti@autistici.org
 uid: conte_mascetti
 userPassword: {SHA}oLY7P6V+DWaMJhix7vbMYGIfA+E=
+
+dn: cn=WikiUsers,ou=Groups,dc=unit,dc=macaomilano,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: WikiUsers
+member: uid=conte_mascetti,ou=Hackers,dc=unit,dc=macaomilano,dc=org

src/phi/ldap/entry.py

@@ -1,4 +1,4 @@
-from ldap3 import ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES
+from ldap3 import ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, MODIFY_ADD
 
 from phi.logging import get_logger
 
@@ -61,6 +61,31 @@ def get_entries_by_ou(client, ou):
     return response
 
 
+def get_group_by_cn(client, cn):
+    log.info("Searching groups with common name: {}".format(cn))
+
+    dn = 'cn={},ou=Groups,{}'.format(cn, client.base_dn)
+    log.debug("Search dn: {}".format(dn))
+
+    response_id = client.connection.search(
+        dn, '(objectclass=groupOfNames)',
+        search_scope='SUBTREE',
+        attributes=[ALL_ATTRIBUTES]
+    )
+
+    response = get_response(client, response_id)
+
+    if not response:
+        return None
+
+    if len(response) > 1:
+        log.error("Looking for exactly one result but server gave {}. "
+                  "Taking the first and ignoring the rest."
+                  .format(len(response)))
+
+    return response[0]
+
+
 def add_entry(client, dn, attributes):
     log.info('Adding entry with distinguiscet name: {}'
              'and attributes {}'.format(dn, attributes))
@@ -74,3 +99,26 @@ def delete_entry(client, dn):
     response_id = client.connection.delete(dn)
     response = get_response(client, response_id)
     return response
+
+
+def get_group_members(client, group_cn):
+    group = get_group_by_cn(client, group_cn)
+    members = group['attributes']['member']
+
+    # log.debug('Found members: {}'.format(members))
+    return members
+
+
+def add_group_member(client, group_cn, member_uid):
+    member_dn = 'uid={},ou=Hackers,dc=unit,dc=macaomilano,dc=org'.format(
+                    member_uid)
+    group_dn = 'cn={},ou=Groups,dc=unit,dc=macaomilano,dc=org'.format(
+                group_cn)
+
+    # log.debug('Found adding {} to {}'.format(member_uid, group_cn))
+    response_id = client.connection.modify(
+        group_dn,
+        {'member': [(MODIFY_ADD, [member_dn])]}
+    )
+
+    return get_response(client, response_id)

test/test_ldap.py

@@ -1,6 +1,8 @@
 from phi.ldap.user import get_user_by_uid, get_users_by_ou, \
                           add_user, delete_user
 
+from phi.ldap.entry import add_group_member, get_group_members
+
 
 def test_connection(ldap_client):
     assert ldap_client.connection.closed is False
@@ -56,3 +58,25 @@ def test_failing_delete_user(ldap_client):
         pass
     else:
         assert False
+
+
+def test_add_to_group(ldap_client):
+    client = ldap_client
+
+    group_cn = 'WikiUsers'
+    member_uid = 'rosa_rossi'
+    add_user(client, member_uid, '.', '.', '.')
+
+    group_members = get_group_members(client, 'WikiUsers')
+    assert len(group_members) == 1
+    # print(group_members)
+
+    add_group_member(client, group_cn, member_uid)
+
+    group_members = get_group_members(client, 'WikiUsers')
+    assert len(group_members) == 2
+    assert 'uid=rosa_rossi,ou=Hackers,dc=unit,dc=macaomilano,dc=org' \
+            in group_members
+    # print(group_members)
+
+    delete_user(client, member_uid)