|
1 |
#!/usr/bin/python2.6 |
|
|
2 |
# |
3 |
# Copyright 2013 Univention GmbH |
4 |
# |
5 |
# http://www.univention.de/ |
6 |
# |
7 |
# All rights reserved. |
8 |
# |
9 |
# The source code of this program is made available |
10 |
# under the terms of the GNU Affero General Public License version 3 |
11 |
# (GNU AGPL V3) as published by the Free Software Foundation. |
12 |
# |
13 |
# Binary versions of this program provided by Univention to you as |
14 |
# well as other copyrighted, protected or trademarked materials like |
15 |
# Logos, graphics, fonts, specific documentations and configurations, |
16 |
# cryptographic keys etc. are subject to a license agreement between |
17 |
# you and Univention and not subject to the GNU AGPL V3. |
18 |
# |
19 |
# In the case you use this program under the terms of the GNU AGPL V3, |
20 |
# the program is provided in the hope that it will be useful, |
21 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
22 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
23 |
# GNU Affero General Public License for more details. |
24 |
# |
25 |
# You should have received a copy of the GNU Affero General Public |
26 |
# License with the Debian GNU/Linux or Univention distribution in file |
27 |
# /usr/share/common-licenses/AGPL-3; if not, see |
28 |
# <http://www.gnu.org/licenses/>. |
29 |
|
30 |
import sys |
31 |
import univention.admin.allocators |
32 |
import univention.admin.uldap |
33 |
from optparse import OptionParser, OptionValueError |
34 |
from univention.config_registry import ConfigRegistry |
35 |
|
36 |
from optparse import (OptionParser,BadOptionError,AmbiguousOptionError) |
37 |
|
38 |
class PassThroughOptionParser(OptionParser): |
39 |
""" |
40 |
An unknown option pass-through implementation of OptionParser. |
41 |
|
42 |
When unknown arguments are encountered, bundle with largs and try again, |
43 |
until rargs is depleted. |
44 |
|
45 |
sys.exit(status) will still be called if a known argument is passed |
46 |
incorrectly (e.g. missing arguments or bad argument types, etc.) |
47 |
""" |
48 |
def _process_args(self, largs, rargs, values): |
49 |
while rargs: |
50 |
try: |
51 |
OptionParser._process_args(self,largs,rargs,values) |
52 |
except (BadOptionError,AmbiguousOptionError), e: |
53 |
largs.append(e.opt_str) |
54 |
|
55 |
def create_group_Enterprise_Domain_Controllers(lo): |
56 |
|
57 |
position = univention.admin.uldap.position(lo.base) |
58 |
|
59 |
sambaSID = "S-1-5-9" |
60 |
groupName = "Enterprise Domain Controllers" |
61 |
groupDN = "cn=%s,cn=groups,%s" % (groupName, lo.base) |
62 |
|
63 |
alloc = [] |
64 |
try: |
65 |
uid = univention.admin.allocators.request(lo, position, 'groupName', value=groupName) |
66 |
alloc.append(("groupName",groupName)) |
67 |
except univention.admin.uexceptions.noLock, e: |
68 |
univention.admin.allocators.release(lo, position, 'groupName', groupName) |
69 |
print "Group already exists" |
70 |
sys.exit(1) |
71 |
|
72 |
ldap_filter = "(&(univentionService=Samba 4)(objectClass=univentionDomainController))" |
73 |
s4dc_dnlist = lo.searchDn(ldap_filter, lo.base) |
74 |
s4dc_uidlist = [ "%s$" % univention.admin.uldap.explodeDn(s4dcdn, 1)[0] for s4dcdn in s4dc_dnlist ] |
75 |
|
76 |
gidNumber = univention.admin.allocators.request(lo, position, 'gidNumber') |
77 |
alloc.append(("gidNumber",gidNumber)) |
78 |
|
79 |
ocs = ["top", "posixGroup", "univentionGroup", "sambaGroupMapping", "univentionObject"] |
80 |
al = [("objectClass", ocs)] |
81 |
al.append(("gidNumber", [gidNumber])) |
82 |
al.append(("sambaSID", [sambaSID])) |
83 |
al.append(("sambaGroupType", ["5"])) |
84 |
al.append(("uniqueMember", s4dc_dnlist)) |
85 |
al.append(("memberUid", s4dc_uidlist)) |
86 |
al.append(("univentionObjectType", "groups/group")) |
87 |
try: |
88 |
lo.add(groupDN, al) |
89 |
except Exception, err: |
90 |
print "Exception:", err |
91 |
for i, j in alloc: |
92 |
univention.admin.allocators.release(lo, position, i, j) |
93 |
for i, j in alloc: |
94 |
univention.admin.allocators.confirm(lo, position, i, j) |
95 |
|
96 |
if __name__ == "__main__": |
97 |
parser = PassThroughOptionParser() |
98 |
parser.add_option("--binddn", dest="binddn") |
99 |
parser.add_option("--bindpwd", dest="bindpw") |
100 |
parser.add_option("--bindpwdfile", dest="bindpwdfile") |
101 |
opts, args = parser.parse_args() |
102 |
|
103 |
ucr = ConfigRegistry() |
104 |
ucr.load() |
105 |
|
106 |
if not opts.binddn: |
107 |
try: |
108 |
opts.bindpw = open('/etc/ldap.secret').read().rstrip('\n') |
109 |
opts.binddn = "cn=admin,%s" % ucr['ldap/base'] |
110 |
except IOError: |
111 |
fatal('Could not read /etc/ldap.secret') |
112 |
|
113 |
if opts.bindpwdfile and not opts.bindpw: |
114 |
opts.bindpw = open(opts.bindpwdfile, 'r').read().strip() |
115 |
|
116 |
try: |
117 |
lo = univention.admin.uldap.access(host=ucr['ldap/master'], port=int(ucr.get('ldap/master/port', '7389')), base=ucr['ldap/base'], binddn=opts.binddn, bindpw=opts.bindpw, start_tls=2) |
118 |
except Exception, e: |
119 |
print "Error during uldap.access: ", str(e) |
120 |
sys.exit(1) |
121 |
|
122 |
create_group_Enterprise_Domain_Controllers(lo) |