Univention Bugzilla – Attachment 5465 Details for
Bug 32581
Hook support for ldap-group-to-file.py
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ldap-group-to-file.py
ldap-group-to-file.py (text/plain), 4.83 KB, created by
Philipp Hahn
on 2013-09-24 11:58 CEST
(
hide
)
Description:
ldap-group-to-file.py
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2013-09-24 11:58 CEST
Size:
4.83 KB
patch
obsolete
>#!/usr/bin/python2.6 ># -*- coding: utf-8 -*- ># ># Univention PAM ># Dump all ldap groups with members to a single file ># ># Copyright 2011-2013 Univention GmbH ># ># http://www.univention.de/ ># ># All rights reserved. ># ># The source code of this program is made available ># under the terms of the GNU Affero General Public License version 3 ># (GNU AGPL V3) as published by the Free Software Foundation. ># ># Binary versions of this program provided by Univention to you as ># well as other copyrighted, protected or trademarked materials like ># Logos, graphics, fonts, specific documentations and configurations, ># cryptographic keys etc. are subject to a license agreement between ># you and Univention and not subject to the GNU AGPL V3. ># ># In the case you use this program under the terms of the GNU AGPL V3, ># the program is provided in the hope that it will be useful, ># but WITHOUT ANY WARRANTY; without even the implied warranty of ># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ># GNU Affero General Public License for more details. ># ># You should have received a copy of the GNU Affero General Public ># License with the Debian GNU/Linux or Univention distribution in file ># /usr/share/common-licenses/AGPL-3; if not, see ># <http://www.gnu.org/licenses/>. > >import univention.uldap >import optparse >import ldap >import shutil >import sys >import os >import tempfile >import subprocess > > >def _get_members(lo, group, recursion_set, check_member=False): > group_dn, group_attr = group > > if group_dn in recursion_set: > return set() > recursion_set.add(group_dn) > > result = set() > for member in group_attr.get('uniqueMember', []): > if member.startswith('uid='): > result |= _get_member_user(lo, member, check_member) > elif member.startswith('cn='): > result |= _get_member_group_or_host(lo, member, recursion_set, check_member) > > return result > > >def _get_member_user(lo, member_dn, check_member=False): > if check_member: > try: > res = lo.search( > base=member_dn, > scope=ldap.SCOPE_BASE, > filter='uid=*', > attr=['uid'], > ) > if not res: > return set() > except ldap.NO_SUCH_OBJECT: > return set() > > mrdn = ldap.explode_rdn(member_dn) > _, value = mrdn[0].split('=', 1) > > return set((value,)) > > >def _get_member_group_or_host(lo, member_dn, recursion_set, check_member=False): > try: > res = lo.search( > base=member_dn, > scope=ldap.SCOPE_BASE, > filter='objectClass=*', > attr=['uniqueMember', 'gidNumber', 'objectClass', 'cn'], > ) > if not res: > return set() > except ldap.NO_SUCH_OBJECT: > return set() > assert len(res) == 1 > member = res[0] > assert member[0] == member_dn > > if 'univentionGroup' in member[1].get('objectClass', []): > return _get_members(lo, member, recursion_set, check_member) > else: > host = member[1].get('cn')[0] + '$' > return set((host,)) > > >def parse_commandline(): > parser = optparse.OptionParser( ) > parser.add_option("--file", dest="file", default='/var/lib/extrausers/group', action="store", > help="write result to the given file, default is /var/lib/extrausers/group") > parser.add_option("--verbose", dest="verbose", default=False, action="store_true", > help="verbose output") > parser.add_option("--check_member", dest="check_member", default=False, action="store_true", > help="checks if the member exists") > (options, _args) = parser.parse_args() > > return options > > >def main(): > options = parse_commandline() > > try: > lo = univention.uldap.getMachineConnection( ldap_master=False ) > except ldap.SERVER_DOWN: > print >> sys.stderr, "Abort: Can't contact LDAP server." > sys.exit(1) > > groups = lo.search('objectClass=univentionGroup', attr=['uniqueMember', 'cn', 'gidNumber']) > if options.verbose: > print >> sys.stderr, 'Found %d LDAP groups' % (len(groups),) > > if not groups: > print >> sys.stderr, 'Abort: Did not found any LDAP group.' > sys.exit(1) > > # Write to a temporary file > (fdtemp, fdname) = tempfile.mkstemp() > fd = os.fdopen(fdtemp, 'w') > > for group in groups: > group_dn, group_attr = group > rdn = ldap.explode_rdn(group_dn) > _, groupname = rdn[0].split('=', 1) > members = _get_members(lo, group, set(), options.check_member) > fd.write('%s:*:%s:%s\n' % ( > groupname, > group_attr.get('gidNumber', [''])[0], > ','.join(members) > )) > fd.close() > > os.chmod(fdname, 0644) > > # Move the file > shutil.move(fdname, options.file) > if options.verbose: > print >> sys.stderr, 'The file %s was created.' % (options.file,) > > run_hooks(options.verbose) > > sys.exit(0) > > >HOOK_DIR = '/var/lib/ldap-group-to-file-hooks.d' >def run_hooks(verbose=False): > if os.path.exists(HOOK_DIR): > cmd = ('/bin/run-parts', '--verbose', HOOK_DIR) > with open(os.path.devnull, 'w+') as null: > if verbose: > proc = subprocess.Popen(cmd, stdin=null) > else: > proc = subprocess.Popen(cmd, stdin=null, stdout=null, stderr=null) > _stdout, _stderr = proc.communicate() > elif verbose: > print >> sys.stderr, '%s does not exist' % (HOOK_DIR,) > > >if __name__ == '__main__': > main()
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5465">View the attachment on a separate page</a>.</b>
Actions:
View
Attachments on
bug 32581
: 5465