GeorchestraLdapClient API¶

georchestra_ldap.client.GeorchestraLdapClient ¶

Thin wrapper around the historical scripts in ldap_actions with a simple, importable API. Each method delegates to the matching legacy script while reapplying :class:LdapSettings to the legacy config.py.

Common usage example :¶

from georchestra_ldap import GeorchestraLdapClient, LdapSettings

client = GeorchestraLdapClient(LdapSettings.from_env())

client.create_role("FOO")

client.create_user("alice", "alice@example.org", "Alice", "Example", "pwd")

client.moderate_user("alice@example.org")

client.add_user_role("alice@example.org", "FOO")

client.read_user_roles("alice@example.org")

client.delete_user("alice@example.org")

_run ¶

_run(action_name, func, *args, **kwargs)

Apply settings, log the action, call the legacy function.

Parameters:

Name	Type	Description	Default
`action_name`	`str`	Friendly action name used for logging.	required
`func`	`callable`	Legacy function to execute.	required
`*args`		Positional arguments forwarded to the underlying function.	`()`
`**kwargs`		Keyword arguments forwarded to the underlying function.	`{}`

add_user_org ¶

add_user_org(email, org_cn)

Add a user (by email) to an organization, removing them from other orgs first.

Parameters:

Name	Type	Description	Default
`email`	`str`	User email.	required
`org_cn`	`str`	Organization common name.	required

add_user_role ¶

add_user_role(email, role_cn)

Add an existing role to the user identified by email.

create_org ¶

create_org(org_cn, org_name=None)

Create an organization if it does not exist.

Parameters:

Name	Type	Description	Default
`org_cn`	`str`	Common name of the organization.	required
`org_name`	`str \| None`	Optional display name (defaults to `org_cn`).	`None`

create_role ¶

create_role(role_cn, description='Role created via script', members=None)

Create a role if missing (idempotent); optionally seed members.

create_user ¶

create_user(uid, email, given_name, sn, password)

Create a pending user with geOrchestra objectClasses, USER role, C2C org.

Parameters:

Name	Type	Description	Default
`uid`	`str`	LDAP uid.	required
`email`	`str`	User email.	required
`given_name`	`str`	Given name.	required
`sn`	`str`	Surname.	required
`password`	`str`	Plain password, hashed before being stored.	required

delete_role ¶

delete_role(role_cn)

Delete a role after removing its members.

delete_user ¶

delete_user(email)

Remove a user from all roles/orgs then delete the entry.

get_connection ¶

get_connection()

Return an auto-bound ldap3 Connection configured from current settings.

get_org_users ¶

get_org_users(org_cn)

Return and print the members (DNs) of an organization.

Parameters:

Name	Type	Description	Default
`org_cn`	`str`	Common name of the organization.	required

get_role_infos ¶

get_role_infos(role_cn)

Return and print role information (DN, cn, description, members).

Parameters:

Name	Type	Description	Default
`role_cn`	`str`	Common name of the role.	required

get_role_users ¶

get_role_users(role_cn)

Return and print the members (DNs) of a role.

Parameters:

Name	Type	Description	Default
`role_cn`	`str`	Common name of the role.	required

get_user_infos ¶

get_user_infos(email)

Return and print user information (DN, uid, cn, mail, memberOf).

Parameters:

Name	Type	Description	Default
`email`	`str`	User email.	required

get_user_org ¶

get_user_org(email)

Return and print the organization CN for a given user email.

Parameters:

Name	Type	Description	Default
`email`	`str`	User email.	required

get_user_roles ¶

get_user_roles(email)

Return and print the list of role CNs for a given user email.

Parameters:

Name	Type	Description	Default
`email`	`str`	User email.	required

moderate_user ¶

moderate_user(email)

Move a user from pending to users if present in pending.

org_exists ¶

org_exists(org_cn)

Return True if an organization exists under the configured orgs DN.

Parameters:

Name	Type	Description	Default
`org_cn`	`str`	Common name of the organization to check.	required

read_orgs ¶

read_orgs(org_cn=None)

Return and print organizations with their attributes.

Parameters:

Name	Type	Description	Default
`org_cn`	`str \| None`	Optional organization common name to filter.	`None`

read_user_infos ¶

read_user_infos(email)

Print full user info (DN, uid, cn, mail, memberOf).

read_user_roles ¶

read_user_roles(email)

Print roles (groups under roles DN) for a user email.

reload_settings ¶

reload_settings(settings=None)

Update the underlying config.py values, optionally replacing the current :class:LdapSettings instance.

Parameters:

Name	Type	Description	Default
`settings`	`LdapSettings \| None`	New settings to apply; if None, reapply the existing instance.	`None`

remove_user_role ¶

remove_user_role(email, role_cn)

Remove a role from the user identified by email.

role_exists ¶

role_exists(role_cn)

Return True if a role exists under the configured roles DN.

Parameters:

Name	Type	Description	Default
`role_cn`	`str`	Common name of the role to check.	required

update_lastname ¶

update_lastname(user_dn, new_lastname)

Replace the sn attribute of a user DN.

update_user_org ¶

update_user_org(user_dn, org_cn)

Add a user DN to the given organization group.

user_is_pending ¶

user_is_pending(email)

Return True if the user (by email) is in pending users.

Parameters:

Name	Type	Description	Default
`email`	`str`	User email.	required