Commit 57566e77 authored by Gero Müller's avatar Gero Müller
Browse files

improve ldap_export extension, install script

parent 4fab7bba
......@@ -25,7 +25,8 @@ parser.add_argument('-d', '--data-dir', dest='vardir',
'data and cache files (default: %s)'
% os.path.join(default_base, "var"))
parser.add_argument('--delete',
default=False,
default=False, action='store_const',
const=True,
help='Delete unknown users and groups')
args = parser.parse_args()
......@@ -40,3 +41,4 @@ if ldapexport.connect():
if args.delete:
ldapexport.delete_unknown(session)
ldapexport.sync_all_users(session)
ldapexport.sync_all_groups(session)
......@@ -41,7 +41,7 @@ setup(
license="GNU GPL v2",
packages=packages,
package_data={"vispa": files},
scripts=[os.path.join(srcdir, 'bin', 'vispa'), os.path.join(srcdir, 'bin', 'vispad')],
scripts=[os.path.join(srcdir, 'bin', 'vispa'), os.path.join(srcdir, 'bin', 'vispad'), os.path.join(srcdir, 'bin', 'vispa-ldap-export')],
install_requires=["sqlalchemy >= 0.9.0", "mako", "cherrypy",
"paramiko", "rpyc",
"alembic >= 0.7.3", # for Operations.batch_alter_table
......
......@@ -44,7 +44,8 @@ class LDAPExport(object):
def delete_unknown(self, db):
try:
active_users = db.query(User, User.name).filter_by(status=User.ACTIVE).all()
active_users = [unicode(u.name) for u in db.query(User, User.name).filter_by(status=User.ACTIVE)]
groups = [unicode(g.name) for g in db.query(Group, Group.name)]
self.connection.search(self.user_base, "(objectClass=posixAccount)", attributes=['uid'])
for ldap_user in self.connection.entries:
......@@ -54,7 +55,9 @@ class LDAPExport(object):
self.connection.search(self.group_base, "(objectClass=posixGroup)", attributes=['cn'])
for ldap_group in self.connection.entries:
if ldap_group.cn not in active_users or not self.private_group:
private_group = self.private_group and ldap_group.cn in active_users
public_group = ldap_group.cn in groups
if not private_group and not public_group:
logger.info("Deleting unknown ldap group: %s", ldap_group.entry_get_dn())
self.connection.delete(ldap_group.entry_get_dn())
......@@ -68,7 +71,7 @@ class LDAPExport(object):
users = db.query(User).filter_by(status=User.ACTIVE)
for user in users:
try:
self.user_add(user)
self.user_add(unicode(user.name), user.id, user.password)
except:
logger.exception("sync_all_users")
except:
......@@ -76,27 +79,42 @@ class LDAPExport(object):
finally:
db.remove()
def user_delete(self, user):
dn = 'cn=%s,%s' % (unicode(user.name), self.user_base)
def sync_all_groups(self, db):
try:
groups = db.query(Group)
for group in groups:
try:
self.group_add(unicode(group.name), group.id + self.gid_offset)
for member in group.users:
self.group_add_member(unicode(group.name), unicode(member.name))
except:
logger.exception("sync_all_groups")
except:
logger.exception("sync_all_groups")
finally:
db.remove()
def user_delete(self, name):
dn = 'cn=%s,%s' % (name, self.user_base)
logger.info("Delete user: %s", dn)
self.connection.delete(dn)
dn = 'cn=%s,%s' % (unicode(user.name), self.group_base)
dn = 'cn=%s,%s' % (name, self.group_base)
logger.info("Delete group: %s", dn)
self.connection.delete(dn)
def user_add(self, user):
username = unicode(user.name)
dn = 'cn=%s,%s' % (unicode(user.name), self.user_base)
def user_add(self, name, uid, password):
username = name
dn = 'cn=%s,%s' % (name, self.user_base)
classes = ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount', 'shadowAccount']
attributes = {
'uid': username,
'cn': username,
'sn': username,
'userPassword': '{CRYPT}' + unicode(user.password),
'userPassword': '{CRYPT}' + password,
'loginShell': '/bin/bash',
'uidNumber': user.id + self.uid_offset,
'gidNumber': user.id + self.uid_offset,
'uidNumber': uid + self.uid_offset,
'gidNumber': uid + self.uid_offset,
'homeDirectory': '/home/%s/' % username
}
logger.info("Add user: %s, %s, %s", dn, classes, attributes)
......@@ -107,15 +125,15 @@ class LDAPExport(object):
changes = {
'uid': _r(username),
'cn': _r(username),
'userPassword': _r('{CRYPT}' + unicode(user.password)),
'uidNumber': _r(user.id + self.uid_offset),
'gidNumber': _r(user.id + self.uid_offset),
'userPassword': _r('{CRYPT}' + password),
'uidNumber': _r(uid + self.uid_offset),
'gidNumber': _r(uid + self.uid_offset),
'homeDirectory': _r('/home/%s/' % username)
}
self.connection.modify(dn, changes)
if self.private_group:
self.group_add(username, user.id + self.uid_offset)
self.group_add(username, uid + self.uid_offset)
self.group_add_member(username, username)
......@@ -147,10 +165,10 @@ class LDAPExport(object):
except ldap3.LDAPAttributeOrValueExistsResult:
pass
def user_set_password(self, user):
dn = 'cn=%s,%s' % (unicode(user.name), self.user_base)
def user_set_password(self, name, password):
dn = 'cn=%s,%s' % (name, self.user_base)
changes = {
'userPassword': (2, '{CRYPT}' + unicode(user.password))
'userPassword': (2, '{CRYPT}' + password)
}
logger.info("Change password: %s, %s", dn, changes)
self.connection.modify(dn, changes)
......@@ -175,8 +193,13 @@ class LDAPExportExtension(AbstractExtension):
if vispa.config("ldap-export", "delete_unknown", False):
self.delete_unknown(session)
self.sync_all_users(session)
self.sync_all_groups(session)
vispa.register_callback("user.activate", self.ldapexport.user_add)
vispa.register_callback("user.set_password", self.ldapexport.user_set_password)
vispa.register_callback("user.activate", self.on_activate)
vispa.register_callback("user.set_password", self.on_set_password)
def on_activate(self, user):
self.ldapexport.user_add(unicode(user.name), user.id, user.password)
\ No newline at end of file
def on_set_password(self, user):
self.ldapexport.user_set_password(unicode(user.name), user.password)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment