This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

cone.ugm

Plugin for cone.app providing user and group management with LDAP as backend.

Features

  • Create, edit and delete users and groups
  • Manage membership of users in groups
  • Roles support
  • Local Manager Support
  • User and group form configuration
  • POSIX support
  • Samba support

Prerequirements

lxml, python-ldap and openldap get compiled, the required dev headers must be installed on the system.

On debian based systems install:

$ apt-get install libxml2-dev libxslt1-dev
$ apt-get install libsasl2-dev libssl-dev libdb-dev

On ubuntu oneiric, you might need Berkeley v4.7 Database Libraries to make it work:

$  apt-get install libdb4.7-dev

Installation

cone.ugm contains a buildout configuration. Download and extract package ZIP file, enter extraction location and run:

cone.ugm$ python2.7 bootstrap.py
cone.ugm$ ./bin/buildout

Start Test LDAP server with appropriate LDIF layer:

cone.ugm$ ./bin/testldap start groupOfNames_10_10

Start the application:

cone.ugm$ ./bin/paster serve ugm_groupOfNames_10_10.ini

and browse http://localhost:8081/. Default admin user password is admin.

The “roles” behavior in the principal form is only displayed if roles configuration is sane. The LDIF imported for test layer does not provide the roles container by default. Browse “Settings -> LDAP Roles” and perform “create roles container” action if you want to enable roles in the demo.

Note: If python_ldap fails, don’t use buildout offline mode!

Customization

For customizing the plugin, make an integration package and include it in buildout.

LDAP configuration

To define the LDAP configuration location add cone.ugm.ldap_config property to application ini file, i.e.:

cone.ugm.ldap_config = %(here)s/etc/ldap.xml

Roles

cone.ugm internally uses 3 roles in order to permit user actions.

editor is permitted to manage membership, admin additionally is permitted to add, edit and delete users and groups, and manager is a superuser. If UGM is the only plugin used, you can reduce the available roles to this three:

>>> cone.app.security.DEFAULT_ROLES = [
...     ('editor', 'Editor'),
...     ('admin', 'Admin'),
...     ('manager', 'Manager'),
... ]

Default value callbacks

Depending on the LDAP object classes used for users and groups, more or less attributes are required for the entries. Maybe not all of these attributes should be visible to the user of cone.ugm. Some might even require to be computed. Therefore the plugin supports default value callbacks. These callbacks get the principal node and id as attributes:

>>> from cone.ugm import model

>>> def some_field_callback(node, id):
...     return 'some computed value'

and are set to factory defaults for users and groups respectively:

>>> model.factory_defaults.user['someField'] = some_field_callback

The factory defaults can also be static values:

>>> model.factory_defaults.user['someField'] = '12345'

Form widgets

The widgets used for attributes can also be customized. It expects a yafowil factory chain, props and custom dicts which are passed to yafowil factory. required flags field as required, and protected defines whether this field is not editable (like user id and group id):

>>> from cone.ugm.browser import form_field_definitions
>>> user = form_field_definitions.user
>>> user['someField'] = dict()
>>> user['someField']['chain'] = 'field:label:error:text'
>>> user['someField']['props'] = dict()
>>> user['someField']['required'] = True
>>> user['someField']['protected'] = False

Samba support

Example configuration:

>>> from node.ext.ldap.ugm import (
...     posix,
...     shadow,
...     samba,
... )

>>> samba.SAMBA_LOCAL_SID = 'S-1-5-21-1234567890-1234567890-1234567890'
>>> samba.SAMBA_DEFAULT_DOMAIN = 'yourdomain'
>>> samba.SAMBA_PRIMARY_GROUP_SID = 'S-1-5-21-1234567890-1234567890-1234567890-123'

>>> from cone.ugm import model

>>> user = model.factory_defaults.user
>>> user['gidNumber'] = posix.memberGid
>>> user['loginShell'] = posix.loginShell
>>> user['shadowFlag'] = shadow.shadowFlag
>>> user['shadowMin'] = shadow.shadowMin
>>> user['shadowMax'] = shadow.shadowMax
>>> user['shadowWarning'] = shadow.shadowWarning
>>> user['shadowInactive'] = shadow.shadowInactive
>>> user['shadowLastChange'] = shadow.shadowLastChange
>>> user['shadowExpire'] = shadow.shadowExpire
>>> user['sambaSID'] = samba.sambaUserSID
>>> user['sambaDomainName'] = samba.sambaDomainName
>>> user['sambaPrimaryGroupSID'] = samba.sambaPrimaryGroupSID
>>> user['sambaAcctFlags'] = samba.sambaAcctFlags
>>> user['sambaPwdLastSet'] = samba.sambaPwdLastSet

>>> group = model.factory_defaults.group
>>> model.factory_defaults.group['memberUid'] = posix.memberUid

Contributors

  • Robert Niederreiter <rnix [at] squarewave [dot] at>
  • Florian Friesdorf <flo [at] chaoflow [dot] net>
  • Jens Klein <jens [at] bluedynamics [dot] com>

History

0.9.7

  • Directly depend on lxml in setup.py [rnix, 2014-05-13]

0.9.6

  • Adopt dependencies. [rnix, 2013-01-10]

0.9.5

  • Portrait CSS fix. [rnix, 2012-10-30]
  • Python 2.7 Support. [rnix, 2012-10-16]
  • adopt to cone.app 0.9.4 [rnix, 2012-07-29]
  • adopt to node 0.9.8 [rnix, 2012-07-29]
  • adopt to plumber 1.2 [rnix, 2012-07-29]
  • Simplify cone.ugm.browser.actions. [rnix, 2012-07-26]
  • Add local manager functionality. [rnix, 2012-07-25]

0.9.4

  • Get rid of BBB classes usage from cone.app. [rnix, 2012-05-18]
  • Fix invalidation after settings form save. [rnix, 2012-04-23]
  • Portrait Image support. [rnix, 2012-04-21]
  • Configuration for attributes exposed to attribute map. [rnix, 2012-04-19]
  • Invalidate after creating principal or roles container. [rnix, 2012-04-19]
  • Adopt expires blueprint to yafowil.widget.datetime 1.3. [rnix, 2012-04-19]

0.9.3

  • Add Autoincrement Feature for user ids. [rnix, 2012-03-30]

0.9.2

  • Account expiration widget improvements. [rnix, 2012-03-20]

0.9.1

  • Add account expiration functionality. [rnix, 2011-03-06]
  • Make display field of In-Out widget configurable. [rnix, 2011-01-31]
  • Dynamic width CSS. [rnix, 2011-12-18]
  • Get rid of global cone.ugm.backend. cone.app.cfg.auth is returend by cone.ugm.model.utils.ugm_backend. [rnix, 2011-11-22]
  • Explicit names for settings forms. [rnix, 2011-11-18]
  • Add node properties for users and groups to get displayed in navtree if displayed. [rnix, 2011-11-16]

0.9

  • Initial release.
Release History

Release History

0.9.7

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.9.6

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.9.5

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.9.4

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.9.3

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.9.2

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.9.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.9

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
cone.ugm-0.9.7.tar.gz (99.6 kB) Copy SHA256 Checksum SHA256 Source May 13, 2014

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting