|
1 |
#!/usr/bin/python2.6 |
1 |
#!/usr/bin/python2.6 |
2 |
# |
2 |
# |
3 |
# Univention Admin Modules |
3 |
# Univention Admin Modules |
4 |
# synchronise attributes uniqueMember and memberUID of group objects |
4 |
"""synchronise attributes uniqueMember to memberUID of group objects. |
|
|
5 |
|
6 |
Update the UIDs in memberUid of all groups to match the uid of the objects |
7 |
referenced by uniqueMember.""" |
5 |
# |
8 |
# |
6 |
# Copyright 2007-2012 Univention GmbH |
9 |
# Copyright 2007-2012 Univention GmbH |
7 |
# |
10 |
# |
|
30 |
# /usr/share/common-licenses/AGPL-3; if not, see |
33 |
# /usr/share/common-licenses/AGPL-3; if not, see |
31 |
# <http://www.gnu.org/licenses/>. |
34 |
# <http://www.gnu.org/licenses/>. |
32 |
|
35 |
|
33 |
|
36 |
import ldap |
34 |
import ldap, string, sys |
37 |
import sys |
35 |
from optparse import OptionParser |
38 |
from optparse import OptionParser |
36 |
|
39 |
|
37 |
import univention.config_registry |
40 |
import univention.config_registry |
Lines 51-57
parser.add_option( '-c', '--continue', action = 'store_true',
|
Link Here
|
---|
|
51 |
|
54 |
|
52 |
( options, arguments ) = parser.parse_args() |
55 |
( options, arguments ) = parser.parse_args() |
53 |
|
56 |
|
54 |
ud.init( '/var/log/univention/sync-memberuid.log', 1, 0 ) |
57 |
ud.init('/var/log/univention/sync-memberuid.log', ud.FLUSH, ud.NO_FUNCTION) |
55 |
ud.set_level( ud.ADMIN, options.debug ) |
58 |
ud.set_level( ud.ADMIN, options.debug ) |
56 |
|
59 |
|
57 |
baseDN = configRegistry[ 'ldap/base' ] |
60 |
baseDN = configRegistry[ 'ldap/base' ] |
Lines 67-125
groups = lo.search_s( baseDN, ldap.SCOPE_SUBTREE, '(&(objectClass=posixGroup)(ob
|
Link Here
|
---|
|
67 |
|
70 |
|
68 |
if options.test: |
71 |
if options.test: |
69 |
print 'Test Mode: The following groups have to be modified:' |
72 |
print 'Test Mode: The following groups have to be modified:' |
70 |
for grp in groups: |
73 |
for grp_dn, grp_attrs in groups: |
71 |
dn, attrs = grp |
74 |
old = set(grp_attrs.get('memberUid', ())) |
72 |
old = [] |
|
|
73 |
new = [] |
74 |
if attrs.has_key( 'memberUid' ): |
75 |
old = attrs[ 'memberUid' ] |
76 |
|
75 |
|
77 |
ud.debug( ud.ADMIN, ud.PROCESS, 'Group: %s' % dn ) |
76 |
ud.debug(ud.ADMIN, ud.PROCESS, 'Group: %s' % grp_dn) |
78 |
for uniqueMember in attrs.get( 'uniqueMember', [] ): |
77 |
new = set() |
|
|
78 |
memberDns = grp_attrs.get('uniqueMember', ()) |
79 |
for uniqueMember in memberDns: |
79 |
try: |
80 |
try: |
80 |
result = lo.search_s( uniqueMember, ldap.SCOPE_BASE, '(objectclass=*)' ) |
81 |
result = lo.search_s( uniqueMember, ldap.SCOPE_BASE, '(objectclass=*)' ) |
81 |
except Exception, e: |
82 |
except ldap.NO_SUCH_OBJECT, ex: |
82 |
ud.debug( ud.ADMIN, ud.ERROR, 'reading uid of %s failed: %s' % (uniqueMember, str(e)) ) |
83 |
ud.debug(ud.ADMIN, ud.WARN, 'searching %s failed: %s' % (uniqueMember, ex)) |
83 |
print 'ERROR: cannot read uid of DN %s' % uniqueMember |
84 |
print >> sys.stderr, 'WARNING: DN %s not found' % uniqueMember |
84 |
continue |
85 |
continue |
85 |
if not result: |
86 |
if not result: |
86 |
ud.debug( ud.ADMIN, ud.ERROR, 'empty result for uniqueMember %s' % uniqueMember) |
87 |
ud.debug( ud.ADMIN, ud.WARN, 'empty result for uniqueMember %s' % uniqueMember) |
87 |
print 'ERROR: empty result for uniqueMember %s' % uniqueMember |
88 |
print >> sys.stderr, 'WARNING: empty result for uniqueMember %s' % uniqueMember |
88 |
continue |
89 |
continue |
89 |
uniqueMemberAttrs = result[0][1] |
90 |
_, uniqueMemberAttrs = result[0] |
90 |
if uniqueMemberAttrs.get('uid'): |
91 |
uniqueMemberUid = uniqueMemberAttrs.get('uid') |
91 |
new.append( uniqueMemberAttrs['uid'][0] ) |
92 |
if uniqueMemberUid: |
92 |
|
93 |
new.add(uniqueMemberUid[0]) |
93 |
old.sort() |
|
|
94 |
new.sort() |
95 |
|
94 |
|
96 |
if old != new: |
95 |
if old != new: |
97 |
ud.debug( ud.ADMIN, ud.INFO, ' members: %s' % attrs.get( 'uniqueMember', [] ) ) |
96 |
ud.debug(ud.ADMIN, ud.INFO, ' members: %s' % memberDns) |
98 |
ud.debug( ud.ADMIN, ud.INFO, ' old memberUid: %s' % old ) |
97 |
ud.debug(ud.ADMIN, ud.INFO, ' old memberUid: %s' % old) |
99 |
ud.debug( ud.ADMIN, ud.INFO, ' new memberUid: %s' % new ) |
98 |
ud.debug(ud.ADMIN, ud.INFO, ' new memberUid: %s' % new) |
100 |
if options.test: |
99 |
if options.test: |
101 |
print 'Group:', dn |
100 |
print 'Group:', grp_dn |
102 |
continue |
101 |
continue |
103 |
add = [] |
102 |
add = list(new - old) |
104 |
for n in new: |
|
|
105 |
if not n in old: |
106 |
add.append( n ) |
107 |
if add: |
103 |
if add: |
108 |
try: |
104 |
try: |
109 |
lo.modify_s( dn, [ ( ldap.MOD_ADD, 'memberUid', add ) ] ) |
105 |
lo.modify_s(grp_dn, [(ldap.MOD_ADD, 'memberUid', add)]) |
110 |
except Exception, e: |
106 |
except ldap.LDAPError, ex: |
111 |
ud.debug( ud.ADMIN, ud.ERROR, 'adding memberUid entries failed: %s' % str( e ) ) |
107 |
ud.debug(ud.ADMIN, ud.ERROR, 'adding memberUid entries failed: %s' % ex) |
112 |
if not options.cont: |
108 |
if not options.cont: |
113 |
sys.exit( 1 ) |
109 |
sys.exit( 1 ) |
114 |
remove = [] |
110 |
remove = list(old - new) |
115 |
for o in old: |
|
|
116 |
if not o in new: |
117 |
remove.append( o ) |
118 |
if remove: |
111 |
if remove: |
119 |
try: |
112 |
try: |
120 |
lo.modify_s( dn, [ ( ldap.MOD_DELETE, 'memberUid', remove ) ] ) |
113 |
lo.modify_s(grp_dn, [(ldap.MOD_DELETE, 'memberUid', remove)]) |
121 |
except Exception, e: |
114 |
except ldap.LDAPError, ex: |
122 |
ud.debug( ud.ADMIN, ud.ERROR, 'removing memberUid entries failed: %s' % str( e ) ) |
115 |
ud.debug(ud.ADMIN, ud.ERROR, 'removing memberUid entries failed: %s' % ex) |
123 |
if not options.cont: |
116 |
if not options.cont: |
124 |
sys.exit( 1 ) |
117 |
sys.exit( 1 ) |
125 |
|
|
|