添加用户完成

14da0f18 · ibuler · bc5b32bc · 14da0f18 · 14da0f18
Commit 14da0f18 authored Jan 13, 2015 by ibuler
Hide whitespace changes
Inline Side-by-side

Showing with 60 additions and 25 deletions

jumpserver.conf jumpserver.conf +1 -0

views.py juser/views.py +59 -25

No files found.
--- a/jumpserver.conf
+++ b/jumpserver.conf
@@ -8,6 +8,7 @@ password = mysql234
 database = jumpserver

 [ldap]
+ldap_enable = 1
 host_url = ldap://127.0.0.1:389
 base_dn = dc=jumpserver,dc=org
 root_dn = cn=admin,dc=jumpserver,dc=org

--- a/juser/views.py
+++ b/juser/views.py
@@ -13,6 +13,7 @@ from Crypto.PublicKey import RSA
 import crypt

 from django.shortcuts import render_to_response
+from django.core.exceptions import ObjectDoesNotExist

 from juser.models import UserGroup, User
 from connect import PyCrypt, KEY
@@ -20,11 +21,13 @@ from connect import BASE_DIR
 from connect import CONF


-cryptor = PyCrypt(KEY)
-ldap_host_url = CONF.get('ldap', 'host_url')
-ldap_base_dn = CONF.get('ldap', 'base_dn')
-ldap_root_dn = CONF.get('ldap', 'root_dn')
-ldap_root_pwd = CONF.get('ldap', 'root_pw')
+CRYPTOR = PyCrypt(KEY)
+LDAP_ENABLE = CONF.get('ldap', 'ldap_enable')
+if LDAP_ENABLE:
+    LDAP_HOST_URL = CONF.get('ldap', 'host_url')
+    LDAP_BASE_DN = CONF.get('ldap', 'base_dn')
+    LDAP_ROOT_DN = CONF.get('ldap', 'root_dn')
+    LDAP_ROOT_PW = CONF.get('ldap', 'root_pw')


 def md5_crypt(string):
@@ -58,10 +61,10 @@ class AddError(Exception):

 class LDAPMgmt():
    def __init__(self,
-                 host_url=ldap_host_url,
-                 base_dn=ldap_base_dn,
-                 root_cn=ldap_root_dn,
-                 root_pw=ldap_root_pwd):
+                 host_url=LDAP_HOST_URL,
+                 base_dn=LDAP_BASE_DN,
+                 root_cn=LDAP_ROOT_DN,
+                 root_pw=LDAP_ROOT_PW):
        self.ldap_host = host_url
        self.ldap_base_dn = base_dn
        self.conn = ldap.initialize(host_url)
@@ -163,6 +166,14 @@ def db_add_user(**kwargs):
    user.user_group = group_select


+def db_del_user(username):
+    try:
+        user = User.objects.get(username=username)
+        user.delete()
+    except ObjectDoesNotExist:
+        pass
+
+
 def gen_ssh_key(username, password=None, length=2048):
    private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
    private_key_file = os.path.join(private_key_dir, username)
@@ -188,8 +199,12 @@ def server_add_user(username, password, ssh_key_pwd1):
    gen_ssh_key(username, ssh_key_pwd1)


+def server_del_user(username):
+    bash('userdel -r %s' % username)
+
+
 def ldap_add_user(username, ldap_pwd):
-    user_dn = "uid=%s,ou=People,%s" % (username, ldap_base_dn)
+    user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
    password_sha512 = gen_sha512(gen_rand_pwd(6), ldap_pwd)
    user = User.objects.get(username=username)

@@ -206,13 +221,13 @@ def ldap_add_user(username, ldap_pwd):
                 'gidNumber': [str(user.id)],
                 'homeDirectory': [str('/home/%s' % username)]}

-    group_dn = "cn=%s,ou=Group,%s" % (username, ldap_base_dn)
+    group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
    group_attr = {'objectClass': ['posixGroup', 'top'],
                  'cn': [str(username)],
                  'userPassword': ['{crypt}x'],
                  'gidNumber': [str(user.id)]}

-    sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, ldap_base_dn)
+    sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
    sudo_attr = {'objectClass': ['top', 'sudoRole'],
                 'cn': ['%s' % str(username)],
                 'sudoCommand': ['/bin/pwd'],
@@ -228,9 +243,15 @@ def ldap_add_user(username, ldap_pwd):
    ldap_conn.add(sudo_dn, sudo_attr)


-def db_del_user(username):
-    user = User.objects.get(username=username)
-    user.delete()
+def ldap_del_user(username):
+    user_dn = "uid=%s,ou=People,%s" % (username, LDAP_BASE_DN)
+    group_dn = "cn=%s,ou=Group,%s" % (username, LDAP_BASE_DN)
+    sudo_dn = 'cn=%s,ou=Sudoers,%s' % (username, LDAP_BASE_DN)
+
+    ldap_conn = LDAPMgmt()
+    ldap_conn.delete(user_dn)
+    ldap_conn.delete(group_dn)
+    ldap_conn.delete(sudo_dn)


 def user_add(request):
@@ -265,16 +286,29 @@ def user_add(request):
            pass
        else:
            time_now = time.time()
-            db_add_user(username=username,
-                        password=md5_crypt(password),
-                        name=name, email=email,
-                        groups=groups, role=role_post,
-                        ssh_pwd=cryptor.encrypt(ssh_pwd),
-                        ssh_key_pwd1=cryptor.encrypt(ssh_key_pwd1),
-                        ldap_pwd=cryptor.encrypt(ldap_pwd),
-                        is_active=is_active,
-                        date_joined=time_now)
-            msg = u'添加用户成功'
+            try:
+                db_add_user(username=username,
+                            password=md5_crypt(password),
+                            name=name, email=email,
+                            groups=groups, role=role_post,
+                            ssh_pwd=CRYPTOR.encrypt(ssh_pwd),
+                            ssh_key_pwd1=CRYPTOR.encrypt(ssh_key_pwd1),
+                            ldap_pwd=CRYPTOR.encrypt(ldap_pwd),
+                            is_active=is_active,
+                            date_joined=time_now)
+
+                server_add_user(username, password, ssh_key_pwd1)
+                if LDAP_ENABLE:
+                    ldap_add_user(username, ldap_pwd)
+                msg = '添加用户%s成功！'
+
+            except Exception, e:
+                error = '添加用户%s失败 %s' % e
+                db_del_user(username)
+                server_del_user(username)
+                if LDAP_ENABLE:
+                    ldap_del_user(username)
+
    return render_to_response('juser/user_add.html', locals())