Commit c9d927d7 authored by Gero Müller's avatar Gero Müller
Browse files

update ldap-export

parent 3a506c66
......@@ -164,8 +164,11 @@ user_base = ou=people,dc=vispa,dc=local
group_base = ou=group,dc=vispa,dc=local
# add the following offset to all user ids
uid_offset = 1000
gid_offset = 1000
uid_offset = 10000
gid_offset = 100000
# create a group with the same name and id as the user
private_group = True
# create all missing users on startup
sync_on_startup = False
......
......@@ -4,6 +4,7 @@ import logging
import vispa
from vispa.models.user import User
from vispa.models.group import Group
from vispa.server import AbstractExtension
from sqlalchemy.orm import scoped_session, sessionmaker
......@@ -14,6 +15,9 @@ from ldap3.core.exceptions import LDAPNoSuchObjectResult
logger = logging.getLogger(__name__)
def _r(val):
return [(ldap3.MODIFY_REPLACE, [val])]
class LDAPExportExtension(AbstractExtension):
def name(self):
......@@ -38,8 +42,9 @@ class LDAPExportExtension(AbstractExtension):
if self.connection:
self.user_base = vispa.config("ldap-export", "user_base")
self.group_base = vispa.config("ldap-export", "group_base")
self.uid_offset = vispa.config("ldap-export", "uid_offset", 1000)
self.gid_offset = vispa.config("ldap-export", "gid_offset", 1000)
self.uid_offset = vispa.config("ldap-export", "uid_offset", 10000)
self.private_group = vispa.config("ldap-export", "private_group", True)
self.gid_offset = vispa.config("ldap-export", "gid_offset", 100000)
vispa.register_callback("user.activate", self.user_add)
vispa.register_callback("user.set_password", self.user_set_password)
......@@ -64,7 +69,7 @@ class LDAPExportExtension(AbstractExtension):
self.connection.search(self.group_base, "(objectClass=posixGroup)", attributes=['cn'])
for ldap_group in self.connection.entries:
if ldap_group.cn not in active_users:
if ldap_group.cn not in active_users or not self.private_group:
logger.info("Deleting unknown ldap group: %s", ldap_group.entry_get_dn())
self.connection.delete(ldap_group.entry_get_dn())
......@@ -82,7 +87,7 @@ class LDAPExportExtension(AbstractExtension):
try:
self.user_add(user)
except:
pass
logger.exception("sync_all_users")
except:
logger.exception("sync_all_users")
finally:
......@@ -98,30 +103,63 @@ class LDAPExportExtension(AbstractExtension):
self.connection.delete(dn)
def user_add(self, user):
username = unicode(user.name)
dn = 'cn=%s,%s' % (unicode(user.name), self.user_base)
classes = ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount', 'shadowAccount']
attributes = {
'uid': unicode(user.name),
'cn': unicode(user.name),
'sn': unicode(user.name),
'uid': username,
'cn': username,
'sn': username,
'userPassword': '{CRYPT}' + unicode(user.password),
'loginShell': '/bin/bash',
'uidNumber': user.id + self.uid_offset,
'gidNumber': user.id + self.gid_offset,
'homeDirectory': '/home/%s/' % unicode(user.name)
'gidNumber': user.id + self.uid_offset,
'homeDirectory': '/home/%s/' % username
}
logger.info("Add user: %s, %s, %s", dn, classes, attributes)
self.connection.add(dn, classes, attributes)
try:
self.connection.add(dn, classes, attributes)
except ldap3.LDAPEntryAlreadyExistsResult:
logger.info(" -> updated")
changes = {
'uid': _r(username),
'cn': _r(username),
'userPassword': _r('{CRYPT}' + unicode(user.password)),
'uidNumber': _r(user.id + self.uid_offset),
'gidNumber': _r(user.id + self.uid_offset),
'homeDirectory': _r('/home/%s/' % username)
}
self.connection.modify(dn, changes)
if self.private_group:
self.group_add(username, user.id + self.uid_offset)
self.group_add_member(username, username)
dn = 'cn=%s,%s' % (unicode(user.name), self.group_base)
def group_add(self, name, id):
dn = 'cn=%s,%s' % (name, self.group_base)
classes = ['top', 'posixGroup']
attributes = {
'cn': unicode(user.name),
'gidNumber': user.id + self.gid_offset,
'cn': name,
'gidNumber': id,
}
logger.info("Add group: %s, %s, %s", dn, classes, attributes)
self.connection.add(dn, classes, attributes)
try:
self.connection.add(dn, classes, attributes)
except ldap3.LDAPEntryAlreadyExistsResult:
logger.info(" -> updated")
changes = {
'cn': _r(name),
'gidNumber': _r(id),
}
self.connection.modify(dn, changes)
def group_add_member(self, groupname, username):
dn = 'cn=%s,%s' % (groupname, self.group_base)
change = {
'memberUid': [(ldap3.MODIFY_ADD, [username])],
}
self.connection.modify(dn, change)
def user_set_password(self, user):
dn = 'cn=%s,%s' % (unicode(user.name), self.user_base)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment