Univention Bugzilla – Bug 32581
Hook support for ldap-group-to-file.py
Last modified: 2013-11-19 06:42:50 CET
We should add a simple hook mechanism for ldap-group-to-file.py. We have often the problem that we need all members of a group including groups in groups.
With such a mechanism we could simple add a script which reads all group members with 'getent group grp'.
Needed for Bug #29710
root@master151:~# echo -e '#!/bin/sh\necho "TEST"' >/var/lib/ldap-group-to-file-hooks.d/test
root@master151:~# chmod +x /var/lib/ldap-group-to-file-hooks.d/test
root@master151:~# /usr/lib/univention-pam/ldap-group-to-file.py --verbose
Found 39 ldap groups
The file /var/lib/extrausers/group was created.
run-parts: executing /var/lib/ldap-group-to-file-hooks.d/admingrp-user-passwordreset
run-parts: executing /var/lib/ldap-group-to-file-hooks.d/test
Test Case: r44042
+ stdout_pipe = subprocess.PIPE
+ stderr_pipe = subprocess.PIPE
+ p = subprocess.Popen(... stdout=stdout_pipe, stderr=stderr_pipe)
+ returncode = p.wait()
Either use os.path.devnull or communicate(); first one is preferred.
And please move the whole addition into a separate function and call it from the __main__ CLOB.
OK: Otherwise works as expected.
FYI: The recursion prevention looks fishy; see attached version for some cleanups.
Created attachment 5465 [details]
1. Use /dev/null instead of PIPE
2. Don't use deprecated string module
3. Split into smaller functions
4. Log to STDERR
5. Really prevent recursively double resolving the same group
With r44423 I changed the code to use os.path.devnull and a separate function for the hook handling.
(In reply to Philipp Hahn from comment #3)
> FYI: The recursion prevention looks fishy; see attached version for some
If we have a problem please create a new bug. I won't change it with this bug.
OK: /usr/lib/univention-pam/ldap-group-to-file.py --file /tmp/tmp
OK: /usr/lib/univention-pam/ldap-group-to-file.py --file /tmp/tmp --verbose
UCS 3.2 has been released:
If this error occurs again, please use "Clone This Bug".