Generic framework for user group per application

- Closes #928 - Adds shell and python APIs adding/removing LDAP groups Signed-off-by: Rahul De <rahul080327@gmail.com> Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
2026-05-20 10:34:30 +00:00 · 2017-09-26 12:09:52 +05:30 · 2017-09-26 12:09:52 +05:30 · a22a01a76f
commit a22a01a76f
parent 7b75e97e96
3 changed files with 32 additions and 2 deletions
--- a/actions/ldap
+++ b/actions/ldap
@ -92,13 +92,29 @@ get_user_groups()
 }


+add_group()
+{
+    groupname="$1"
+
+    ldapsearch -Q -L -L -L -Y EXTERNAL -H ldapi:/// -s base -b "cn=${groupname},dc=thisbox" || ldapaddgroup "${groupname}" > /dev/null 2>&1
+}
+
+
+remove_group()
+{
+    groupname="$1"
+
+    ldapsearch -Q -L -L -L -Y EXTERNAL -H ldapi:/// -s base -b "cn=${groupname},dc=thisbox" && ldapdeletegroup "${groupname}" > /dev/null 2>&1
+}
+
+
 add_user_to_group()
 {
    username="$1"
    groupname="$2"

    # Try to create group and ignore failure if group already exists
-    ldapaddgroup $groupname > /dev/null 2>&1 || true
+    add_group "${groupname}"

    ldapaddusertogroup $username $groupname > /dev/null

@ -149,6 +165,12 @@ case $command in
    remove-user-from-group)
        remove_user_from_group "$@"
    ;;
+    add-group)
+        add_group "$@"
+    ;;
+    remove-group)
+        remove_group "$@"
+    ;;
    *)
        echo "Invalid sub-command"
        exit -1
--- a/plinth/action_utils.py
+++ b/plinth/action_utils.py
@ -18,8 +18,8 @@
 Python action utility functions.
 """

-import os
 import logging
+import os
 import shutil
 import socket
 import subprocess
--- a/plinth/modules/users/init.py
+++ b/plinth/modules/users/init.py
@ -84,3 +84,11 @@ def _diagnose_ldap_entry(search_item):

    return [_('Check LDAP entry "{search_item}"')
            .format(search_item=search_item), result]
+
+
+def add_group(group):
+    actions.superuser_run("ldap", options=["add-group", group])
+
+
+def remove_group(group):
+    actions.superuser_run("ldap", options=["remove-group", group])