Attachment #4534 for bug #23601

(-)a/branches/ucs-3.0/ucs/management/univention-directory-manager-modules/univention-sync-memberuid (-42 / +34 lines)

Lines 1-7	Link Here

#!/usr/bin/python2.6

#!/usr/bin/python2.6

# Univention Admin Modules

# Univention Admin Modules

#  synchronise attributes uniqueMember and memberUID of group objects

"""synchronise attributes uniqueMember to memberUID of group objects.

Update the UIDs in memberUid of all groups to match the uid of the objects

referenced by uniqueMember."""

# Copyright 2007-2012 Univention GmbH

# Copyright 2007-2012 Univention GmbH

Lines 30-37	Link Here

# /usr/share/common-licenses/AGPL-3; if not, see

# /usr/share/common-licenses/AGPL-3; if not, see

# <http://www.gnu.org/licenses/>.

# <http://www.gnu.org/licenses/>.

import ldap

import ldap, string, sys

import sys

from optparse import OptionParser

from optparse import OptionParser

import univention.config_registry

import univention.config_registry

Lines 51-57 parser.add_option( '-c', '--continue', action = 'store_true',	Link Here

( options, arguments ) = parser.parse_args()

( options, arguments ) = parser.parse_args()

ud.init( '/var/log/univention/sync-memberuid.log', 1, 0 )

ud.init('/var/log/univention/sync-memberuid.log', ud.FLUSH, ud.NO_FUNCTION)

ud.set_level( ud.ADMIN, options.debug )

ud.set_level( ud.ADMIN, options.debug )

baseDN = configRegistry[ 'ldap/base' ]

baseDN = configRegistry[ 'ldap/base' ]

Lines 67-125 groups = lo.search_s( baseDN, ldap.SCOPE_SUBTREE, '(&(objectClass=posixGroup)(ob	Link Here

if options.test:

if options.test:

	print 'Test Mode: The following groups have to be modified:'

	print 'Test Mode: The following groups have to be modified:'

for grp in groups:

for grp_dn, grp_attrs in groups:

	dn, attrs = grp

	old = set(grp_attrs.get('memberUid', ()))

	old = []

	new = []

	if attrs.has_key( 'memberUid' ):

		old = attrs[ 'memberUid' ]

	ud.debug( ud.ADMIN, ud.PROCESS, 'Group: %s' % dn )

	ud.debug(ud.ADMIN, ud.PROCESS, 'Group: %s' % grp_dn)

	for uniqueMember in attrs.get( 'uniqueMember', [] ):

	new = set()

	memberDns = grp_attrs.get('uniqueMember', ())

	for uniqueMember in memberDns:

		try:

		try:

			result = lo.search_s( uniqueMember, ldap.SCOPE_BASE, '(objectclass=*)' )

			result = lo.search_s( uniqueMember, ldap.SCOPE_BASE, '(objectclass=*)' )

		except Exception, e:

		except ldap.NO_SUCH_OBJECT, ex:

			ud.debug( ud.ADMIN, ud.ERROR, 'reading uid of %s failed: %s' % (uniqueMember, str(e)) )

			ud.debug(ud.ADMIN, ud.WARN, 'searching %s failed: %s' % (uniqueMember, ex))

			print 'ERROR: cannot read uid of DN %s' % uniqueMember

			print >> sys.stderr, 'WARNING: DN %s not found' % uniqueMember

			continue

			continue

		if not result:

		if not result:

			ud.debug( ud.ADMIN, ud.ERROR, 'empty result for uniqueMember %s' % uniqueMember)

			ud.debug( ud.ADMIN, ud.WARN, 'empty result for uniqueMember %s' % uniqueMember)

			print 'ERROR: empty result for uniqueMember %s' % uniqueMember

			print >> sys.stderr, 'WARNING: empty result for uniqueMember %s' % uniqueMember

			continue

			continue

		uniqueMemberAttrs = result[0][1]

		_, uniqueMemberAttrs = result[0]

		if uniqueMemberAttrs.get('uid'):

		uniqueMemberUid = uniqueMemberAttrs.get('uid')

			new.append( uniqueMemberAttrs['uid'][0] )

		if uniqueMemberUid:

			new.add(uniqueMemberUid[0])

	old.sort()

	new.sort()

	if old != new:

	if old != new:

		ud.debug( ud.ADMIN, ud.INFO, '  members: %s' % attrs.get( 'uniqueMember', [] ) )

		ud.debug(ud.ADMIN, ud.INFO, '  members: %s' % memberDns)

		ud.debug( ud.ADMIN, ud.INFO, '  old memberUid: %s' % old )

		ud.debug(ud.ADMIN, ud.INFO, '  old memberUid: %s' % old)

		ud.debug( ud.ADMIN, ud.INFO, '  new memberUid: %s' % new )

		ud.debug(ud.ADMIN, ud.INFO, '  new memberUid: %s' % new)

100

		if options.test:

		if options.test:

101

			print 'Group:', dn

100

			print 'Group:', grp_dn

102

			continue

101

			continue

103

		add = []

102

		add = list(new - old)

104

		for n in new:

105

			if not n in old:

106

				add.append( n )

107

		if add:

103

		if add:

108

			try:

104

			try:

109

				lo.modify_s( dn, [ ( ldap.MOD_ADD, 'memberUid', add ) ] )

105

				lo.modify_s(grp_dn, [(ldap.MOD_ADD, 'memberUid', add)])

110

			except Exception, e:

106

			except ldap.LDAPError, ex:

111

				ud.debug( ud.ADMIN, ud.ERROR, 'adding memberUid entries failed: %s' % str( e ) )

107

				ud.debug(ud.ADMIN, ud.ERROR, 'adding memberUid entries failed: %s' % ex)

112

				if not options.cont:

108

				if not options.cont:

113

					sys.exit( 1 )

109

					sys.exit( 1 )

114

		remove = []

110

		remove = list(old - new)

115

		for o in old:

116

			if not o in new:

117

				remove.append( o )

118

		if remove:

111

		if remove:

119

			try:

112

			try:

120

				lo.modify_s( dn, [ ( ldap.MOD_DELETE, 'memberUid', remove ) ] )

113

				lo.modify_s(grp_dn, [(ldap.MOD_DELETE, 'memberUid', remove)])

121

			except Exception, e:

114

			except ldap.LDAPError, ex:

122

				ud.debug( ud.ADMIN, ud.ERROR, 'removing memberUid entries failed: %s' % str( e ) )

115

				ud.debug(ud.ADMIN, ud.ERROR, 'removing memberUid entries failed: %s' % ex)

123

				if not options.cont:

116

				if not options.cont:

124

					sys.exit( 1 )

117

					sys.exit( 1 )

125

Return to bug 23601