Checkmk git commits

checkmk-commits@lists.checkmk.com

1 participants
64373 discussions

Check_MK Git: check_mk: ldap: Moved attribute plugin specific options to own valuespecs

by git＠mathias-kettner.de

Module: check_mk Branch: master Commit: 46ed08106fc43519e84813e992b7a20a611e0644 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=46ed08106fc435… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Nov 19 11:23:47 2012 +0100 ldap: Moved attribute plugin specific options to own valuespecs --- web/htdocs/userdb.py | 1 + web/htdocs/valuespec.py | 34 +++++--- web/htdocs/wato.py | 5 +- web/plugins/userdb/ldap.py | 112 ++++++++++++++++++---------- web/plugins/wato/check_mk_configuration.py | 30 +------- 5 files changed, 101 insertions(+), 81 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=46ed08106f…

11 years, 10 months

Check_MK Git: check_mk: LDAP attributes are always shown now;

by git＠mathias-kettner.de

Password is set via password field User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Module: check_mk Branch: master Commit: def9203b65cf3e02a0a2629bf35686be36cc9fee URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=def9203b65cf3e… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Nov 16 14:54:00 2012 +0100 LDAP attributes are always shown now; Password is set via password field --- web/htdocs/valuespec.py | 32 +- web/plugins/wato/check_mk_configuration.py | 414 ++++++++++++++-------------- 2 files changed, 223 insertions(+), 223 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=def9203b65…

11 years, 10 months

Check_MK Git: check_mk: ldap: removed invalid default value

by git＠mathias-kettner.de

Module: check_mk Branch: master Commit: 2fc1da1610e5af767c225dfdbaca89925123a45f URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2fc1da1610e5af… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Nov 20 15:24:30 2012 +0100 ldap: removed invalid default value --- web/plugins/wato/check_mk_configuration.py | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/web/plugins/wato/check_mk_configuration.py b/web/plugins/wato/check_mk_configuration.py index eb4fa59..a9daf3d 100644 --- a/web/plugins/wato/check_mk_configuration.py +++ b/web/plugins/wato/check_mk_configuration.py @@ -458,7 +458,6 @@ register_configvar(group, 'or disabled. When enabling a plugin, it is used upon the next synchonisation of ' 'user accounts for gathering their attributes. The user options which get imported ' 'into Check_MK from LDAP will be locked in WATO.'), - default_value = [ 'email', 'cn_to_alias', 'auth_expire' ], elements = userdb.ldap_attribute_plugins_elements, ), domain = "multisite",

11 years, 10 months

Check_MK Git: check_mk: ldap: fixed default active plugins

by git＠mathias-kettner.de

Module: check_mk Branch: master Commit: 87fc1a8d8b75c26bb39444ed9939ecae18b2d302 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=87fc1a8d8b75c2… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Nov 19 16:18:09 2012 +0100 ldap: fixed default active plugins --- web/htdocs/config.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/web/htdocs/config.py b/web/htdocs/config.py index e6635d3..a9fc912 100644 --- a/web/htdocs/config.py +++ b/web/htdocs/config.py @@ -599,7 +599,7 @@ def load_default_values(into): into["ldap_attr_map"] = {} into["ldap_userspec"] = {} into["ldap_groupspec"] = {} - into["ldap_active_plugins"] = {'email', 'cn_to_alias', 'auth_expire'} + into["ldap_active_plugins"] = {'email', 'alias', 'auth_expire'} into["ldap_cache_livetime"] = 300 into["default_user_profile"] = { 'roles': ['user'],

11 years, 10 months

Check_MK Git: check_mk: ldap: Improved ldap configuration a bit

by git＠mathias-kettner.de

Module: check_mk Branch: master Commit: a478d4c3dea327cc7415c89f3ddf2f9bc9772245 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a478d4c3dea327… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Nov 21 12:09:16 2012 +0100 ldap: Improved ldap configuration a bit --- web/plugins/userdb/ldap.py | 24 +++++++++++++++++------- web/plugins/wato/check_mk_configuration.py | 9 ++++----- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index 5f40e38..fce0856 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -294,14 +294,19 @@ def ldap_attribute_plugins_elements(): for key, plugin in items: if 'parameters' not in plugin: param = [] + elements.append((key, FixedValue( + title = plugin['title'], + help = plugin['help'], + value = None, + totext = 'no_param_txt' in plugin and plugin['no_param_txt'] \ + or _('This synchronization plugin has no parameters.'), + ))) else: - param = plugin['parameters'] - - elements.append((key, Dictionary( - title = plugin['title'], - help = plugin['help'], - elements = param, - ))) + elements.append((key, Dictionary( + title = plugin['title'], + help = plugin['help'], + elements = plugin['parameters'], + ))) return elements # Returns a list of all needed LDAP attributes of all enabled plugins @@ -335,6 +340,7 @@ ldap_attribute_plugins['email'] = { 'convert': ldap_convert_mail, # User-Attributes to be written by this plugin and will be locked in WATO 'lock_attributes': [ 'email' ], + 'no_param_txt': _('Synchronize the "mail" attribute of LDAP users into Check_MK.'), } ldap_attribute_plugins['alias'] = { @@ -443,6 +449,7 @@ ldap_attribute_plugins['groups_to_contactgroups'] = { 'contactgroup must match the common name of the LDAP group.'), 'convert': ldap_convert_groups_to_contactgroups, 'lock_attributes': ['contactgroups'], + 'no_param_txt': _('Add user to all contactgroups where the common name matches the group name.'), } def ldap_convert_groups_to_roles(params, user_id, ldap_user, user): @@ -592,8 +599,11 @@ def ldap_page(): last_sync_time = 0 if last_sync_time + config.ldap_cache_livetime > time.time(): + html.log('no sync needed (%d > %d)' % (last_sync_time + config.ldap_cache_livetime, time.time())) return # No action needed, cache is recent enough + html.log('sync needed (%d <= %d)' % (last_sync_time + config.ldap_cache_livetime, time.time())) + # ok, cache is too old. Act! ldap_sync(False, None) diff --git a/web/plugins/wato/check_mk_configuration.py b/web/plugins/wato/check_mk_configuration.py index a9daf3d..9e070c6 100644 --- a/web/plugins/wato/check_mk_configuration.py +++ b/web/plugins/wato/check_mk_configuration.py @@ -318,12 +318,11 @@ register_configvar(group, value = True, totext = _("Encrypt the network connection using SSL."), )), - ("version", Integer( + ("version", DropdownChoice( title = _("LDAP Version"), help = _("Select the LDAP version the LDAP server is serving. Most modern " "servers use LDAP version 3."), - minvalue = 1, - maxvalue = 3, + choices = [ (2, "2"), (3, "3") ], default_value = 3, )), ("type", DropdownChoice( @@ -398,11 +397,11 @@ register_configvar(group, default_value = lambda: userdb.ldap_filter('users', False), )), ("user_id", TextAscii( - title = _("User-ID"), + title = _("User-ID Attrubute"), help = _("The attribute used to identify the individual users. It must have " "unique values to make an user identifyable by the value of this " "attribute."), - default_value = lambda: userdb.ldap_attr('user_id', False), + default_value = lambda: userdb.ldap_attr('user_id'), )), ], optional_keys = ['scope', 'filter', 'user_id'],

11 years, 10 months

Check_MK Git: check_mk: ldap: Sorting attribute plugins; removed old option

by git＠mathias-kettner.de

Module: check_mk Branch: master Commit: 9b120c7e5a950d07d25cb310362966052413d0c4 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9b120c7e5a950d… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Nov 20 16:08:31 2012 +0100 ldap: Sorting attribute plugins; removed old option --- web/htdocs/config.py | 1 - web/plugins/userdb/ldap.py | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/web/htdocs/config.py b/web/htdocs/config.py index a9fc912..2d9e568 100644 --- a/web/htdocs/config.py +++ b/web/htdocs/config.py @@ -596,7 +596,6 @@ def load_default_values(into): into["user_connectors"] = ['htpasswd'] into["ldap_connection"] = {} - into["ldap_attr_map"] = {} into["ldap_userspec"] = {} into["ldap_groupspec"] = {} into["ldap_active_plugins"] = {'email', 'alias', 'auth_expire'} diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index 9a31d96..5f40e38 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -290,7 +290,8 @@ def ldap_list_attribute_plugins(): # Returns a list of pairs (key, parameters) of all available attribute plugins def ldap_attribute_plugins_elements(): elements = [] - for key, plugin in ldap_attribute_plugins.items(): + items = sorted(ldap_attribute_plugins.items(), key = lambda x: x[1]['title']) + for key, plugin in items: if 'parameters' not in plugin: param = [] else:

11 years, 10 months

Check_MK Git: check_mk: ldap: Added short titles to connectors

by git＠mathias-kettner.de

Module: check_mk Branch: master Commit: fab2f6952f257c910e7216627a5cd359a70c378e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=fab2f6952f257c… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Nov 16 15:22:29 2012 +0100 ldap: Added short titles to connectors --- web/htdocs/valuespec.py | 6 ++++++ web/htdocs/wato.py | 2 +- web/plugins/userdb/htpasswd.py | 5 +++-- web/plugins/userdb/ldap.py | 5 +++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/web/htdocs/valuespec.py b/web/htdocs/valuespec.py index 2f5a680..7d886a9 100644 --- a/web/htdocs/valuespec.py +++ b/web/htdocs/valuespec.py @@ -2144,3 +2144,9 @@ class Password(TextAscii): html.write(self._label) html.write(" ") html.password_input(varprefix, str(value), size = self._size) + + def value_to_text(self, value): + if value == None: + return _("none") + else: + return '******' diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index 1bcd017..876d349 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -7823,7 +7823,7 @@ def mode_users(phase): # Connector if connector: - html.write("<td>%s</td>" % connector['title']) + html.write("<td>%s</td>" % connector['short_title']) locked_attributes = userdb.locked_attributes(user.get('connector')) else: html.write("<td class=error>%s (disabled)</td>" % userdb.get_connector_id(user.get('connector'))) diff --git a/web/plugins/userdb/htpasswd.py b/web/plugins/userdb/htpasswd.py index 1044e88..95e5a88 100644 --- a/web/plugins/userdb/htpasswd.py +++ b/web/plugins/userdb/htpasswd.py @@ -111,8 +111,9 @@ def htpasswd_save(users): out.write("%s:%s%s\n" % (id, locksym, user["password"])) multisite_user_connectors.append({ - 'id': 'htpasswd', - 'title': _('htpasswd'), + 'id': 'htpasswd', + 'title': _('Apache Local Password File (htpasswd)'), + 'short_title': _('htpasswd'), # Register hook functions 'login': htpasswd_login, diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index 6488a7f..a771ccb 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -515,8 +515,9 @@ def ldap_page(): ldap_sync(False, None) multisite_user_connectors.append({ - 'id': 'ldap', - 'title': _('LDAP (AD, OpenLDAP)'), + 'id': 'ldap', + 'title': _('LDAP (Active Directory, OpenLDAP)'), + 'short_title': _('LDAP'), 'login': ldap_login, 'sync': ldap_sync,

11 years, 10 months

Check_MK Git: check_mk: userdb: Moved authentication serials to single file in global configuration dir

by git＠mathias-kettner.de

Module: check_mk Branch: master Commit: fdb39fea3a4c690e3e069de83bab2859dfa20507 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=fdb39fea3a4c69… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Nov 19 08:35:28 2012 +0100 userdb: Moved authentication serials to single file in global configuration dir --- web/htdocs/userdb.py | 13 +++++++++++-- web/htdocs/wato.py | 28 +++++++++++++++++++++------- 2 files changed, 32 insertions(+), 9 deletions(-) diff --git a/web/htdocs/userdb.py b/web/htdocs/userdb.py index 2ebd0e0..2d8dec9 100644 --- a/web/htdocs/userdb.py +++ b/web/htdocs/userdb.py @@ -178,7 +178,7 @@ def hook_sync(connector_id = None, add_to_changelog = False, only_username = Non if handler: try: handler(add_to_changelog, only_username) - except: + except MKLDAPException, e: if config.debug: import traceback html.show_error( @@ -186,7 +186,16 @@ def hook_sync(connector_id = None, add_to_changelog = False, only_username = Non "<pre>%s</pre>" % (traceback.format_exc()) ) else: - raise + html.show_error( + "<h3>" + _("Error executing sync hook") + "</h3>" + "<pre>%s</pre>" % (e) + ) + except: + import traceback + html.show_error( + "<h3>" + _("Error executing sync hook") + "</h3>" + "<pre>%s</pre>" % (traceback.format_exc()) + ) # Hook function can be registered here to be executed during saving of the # new user construct diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index 876d349..6012de8 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -133,7 +133,8 @@ replication_paths = [ ( "dir", "check_mk", root_dir ), ( "dir", "multisite", multisite_dir ), ( "file", "htpasswd", defaults.htpasswd_file ), - ( "file", "auth.secret", '%s/auth.secret' % os.path.dirname(defaults.htpasswd_file) ), + ( "file", "auth.secret", '%s/auth.secret' % os.path.dirname(defaults.htpasswd_file) ), + ( "file", "auth.serials", '%s/auth.serials' % os.path.dirname(defaults.htpasswd_file) ), # Also replicate the user-settings of Multisite? While the replication # as such works pretty well, the count of pending changes will not # know. @@ -8396,6 +8397,17 @@ def load_users(): result[id] = new_user # Other unknown entries will silently be dropped. Sorry... + # Now read the serials, only process for existing users + serials_file = '%s/auth.serials' % os.path.dirname(defaults.htpasswd_file) + if os.path.exists(serials_file): + for line in file(serials_file): + line = line.strip() + if ':' in line: + html.write(line) + user_id, serial = line.split(':')[:2] + if user_id in result: + result[user_id]['serial'] = saveint(serial) + # Now read the user specific files dir = defaults.var_dir + "/web/" for d in os.listdir(dir): @@ -8415,12 +8427,6 @@ def load_users(): "automation_secret" : secret, } - # read the users serials, only process for existing users - if id in result: - serial_file = dir + d + '/serial.mk' - if os.path.exists(serial_file): - result[id]['serial'] = saveint(file(serial_file).read().strip()) - return result def split_dict(d, keylist, positive): @@ -8478,6 +8484,14 @@ def save_users(profiles): # Execute user connector save hooks userdb.hook_save(profiles) + # Write out the users serials + serials_file = '%s/auth.serials' % os.path.dirname(defaults.htpasswd_file) + out = create_user_file(serials_file, "w") + out.write('# Writtem by WATO\n') + for user_id, user in profiles.items(): + out.write('%s:%d\n' % (user_id, user.get('serial', 0))) + out.close() + # Write user specific files for id, user in profiles.items(): user_dir = defaults.var_dir + "/web/" + id

11 years, 10 months

Check_MK Git: check_mk: User/Fehler-Handling verbessert

by git＠mathias-kettner.de

Module: check_mk Branch: master Commit: 12a6d36e7affd99bc31527811fde44b142f3cf30 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=12a6d36e7affd9… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Nov 16 12:37:29 2012 +0100 User/Fehler-Handling verbessert --- web/htdocs/userdb.py | 9 +++++++-- web/htdocs/valuespec.py | 5 +++++ web/htdocs/wato.css | 4 ++++ web/htdocs/wato.py | 25 +++++++++++++++++-------- web/plugins/wato/check_mk_configuration.py | 3 ++- 5 files changed, 35 insertions(+), 11 deletions(-) diff --git a/web/htdocs/userdb.py b/web/htdocs/userdb.py index a216ec0..2ebd0e0 100644 --- a/web/htdocs/userdb.py +++ b/web/htdocs/userdb.py @@ -61,13 +61,18 @@ def enabled_connectors(): connectors.append(connector) return connectors -# Returns the connector dictionary of the given id -def get_connector(connector_id): +def get_connector_id(connector_id): if connector_id is None: connector_id = 'htpasswd' + return connector_id + +# Returns the connector dictionary of the given id +def get_connector(connector_id): + connector_id = get_connector_id(connector_id) for connector in enabled_connectors(): if connector['id'] == connector_id: return connector + return {} # Returns a list of locked attributes def locked_attributes(connector_id): diff --git a/web/htdocs/valuespec.py b/web/htdocs/valuespec.py index d9c8231..a1437c5 100644 --- a/web/htdocs/valuespec.py +++ b/web/htdocs/valuespec.py @@ -1063,6 +1063,7 @@ class ListChoice(ValueSpec): ValueSpec.__init__(self, **kwargs) self._choices = kwargs.get("choices") self._columns = kwargs.get("columns", 1) + self._allow_empty = kwargs.get("allow_empty", True) self._loaded_at = None self._render_function = kwargs.get("render_function", lambda id, val: val) @@ -1119,6 +1120,10 @@ class ListChoice(ValueSpec): if v not in d: raise MKUserError(varprefix, _("%s is not an allowed value") % v) + def validate_value(self, value, varprefix): + if not self._allow_empty and not value: + raise MKUserError(varprefix, _('You have not selected any connector. You have to select at least one.')) + # A alternative way of editing list choices class MultiSelect(ListChoice): diff --git a/web/htdocs/wato.css b/web/htdocs/wato.css index fb19dd9..6a5e7cc 100644 --- a/web/htdocs/wato.css +++ b/web/htdocs/wato.css @@ -173,6 +173,10 @@ Boston, MA 02110-1301 USA. color: #f00; } +.wato td.error { + color: #f00; +} + .wato td.takeall { /* width: 100%; */ } diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index c5858a9..1bcd017 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -7802,23 +7802,32 @@ def mode_users(phase): odd = odd == "odd" and "even" or "odd" html.write('<tr class="data %s0">' % odd) + connector = userdb.get_connector(user.get('connector')) + # Buttons - edit_url = make_link([("mode", "edit_user"), ("edit", id)]) - delete_url = html.makeactionuri([("_delete", id)]) - clone_url = make_link([("mode", "edit_user"), ("clone", id)]) html.write("<td class=buttons>") - html.icon_button(edit_url, _("Properties"), "edit") - html.icon_button(clone_url, _("Create a copy of this user"), "clone") + if connector: # only show edit buttons when the connector is available and enabled + edit_url = make_link([("mode", "edit_user"), ("edit", id)]) + html.icon_button(edit_url, _("Properties"), "edit") + + clone_url = make_link([("mode", "edit_user"), ("clone", id)]) + html.icon_button(clone_url, _("Create a copy of this user"), "clone") + + delete_url = html.makeactionuri([("_delete", id)]) html.icon_button(delete_url, _("Delete"), "delete") + html.write("</td>") # ID html.write("<td>%s</td>" % id) # Connector - html.write("<td>%s</td>" % userdb.get_connector(user.get('connector'))['title']) - - locked_attributes = userdb.locked_attributes(user.get('connector')) + if connector: + html.write("<td>%s</td>" % connector['title']) + locked_attributes = userdb.locked_attributes(user.get('connector')) + else: + html.write("<td class=error>%s (disabled)</td>" % userdb.get_connector_id(user.get('connector'))) + locked_attributes = [] # Authentication if "automation_secret" in user: diff --git a/web/plugins/wato/check_mk_configuration.py b/web/plugins/wato/check_mk_configuration.py index 4f806a7..6b21477 100644 --- a/web/plugins/wato/check_mk_configuration.py +++ b/web/plugins/wato/check_mk_configuration.py @@ -285,7 +285,8 @@ register_configvar(group, 'to extend or replace the default authentication mechanism (htpasswd) e.g. ' 'with ldap based mechanism.'), default_value = [ 'htpasswd' ], - choices = userdb.list_user_connectors, + choices = userdb.list_user_connectors, + allow_empty = False, ), domain = "multisite", )

11 years, 10 months

Check_MK Git: check_mk: Updated changelog

by git＠mathias-kettner.de

Module: check_mk Branch: master Commit: 59424f2de521fd34511f374328a6e975110d3e1b URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=59424f2de521fd… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Nov 21 14:34:49 2012 +0100 Updated changelog --- ChangeLog | 19 +++++++++---------- 1 files changed, 9 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index f04e693..07a633f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,13 @@ 1.2.1i4: + Multisite: + * Implemented LDAP integration of Multisite. You can now authenticate your + users using the form based authentication with LDAP. It is also possible + to synchronize some attributes like mail addresses, names and roles from + LDAP into multisite. + * Modularized the authentication and user management code in WATO + * Restructured cookie auth cookies (all auth cookies will be invalid + after update -> all users have to login again) + * Modularized login and cookie validation 1.2.1i3: Core: @@ -21,16 +30,6 @@ * logwatch: Fixed confusion with ignore/ok states of log messages * AIX Agent: now possible to specify -d flag. Please test :) - Multisite: - * Implemented LDAP integration of Multisite. You can now authenticate your - users using the form based authentication with LDAP. It is also possible - to synchronize some attributes like mail addresses, names and roles from - LDAP into multisite. - * Modularized the authentication and user management code in WATO - * Restructured cookie auth cookies (all auth cookies will be invalid - after update -> all users have to login again) - * Modularized login and cookie validation - 1.2.1i2: Core: * Improved validation of inventory data reported by checks

11 years, 10 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits