Moved bin to sbin, added lib and update_passwd_and_group
This commit is contained in:
parent
0a9c66aa5c
commit
e47a6249f6
|
@ -16,7 +16,7 @@ dist/
|
||||||
downloads/
|
downloads/
|
||||||
eggs/
|
eggs/
|
||||||
.eggs/
|
.eggs/
|
||||||
lib/
|
#lib/
|
||||||
lib64/
|
lib64/
|
||||||
parts/
|
parts/
|
||||||
sdist/
|
sdist/
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
from ldap_core import LDAPCore
|
|
@ -0,0 +1,58 @@
|
||||||
|
from __future__ import print_function
|
||||||
|
from sys import stderr
|
||||||
|
from getpass import getpass
|
||||||
|
from ldap import initialize, LDAPError, INVALID_CREDENTIALS, SCOPE_SUBTREE
|
||||||
|
|
||||||
|
def eprint(*args, **kwargs):
|
||||||
|
print(*args, file=stderr, **kwargs)
|
||||||
|
|
||||||
|
def quit(con=None):
|
||||||
|
if con:
|
||||||
|
con.unbind_s()
|
||||||
|
|
||||||
|
def ldap_connect(core, anonymous=False):
|
||||||
|
ldap_host = core.domain
|
||||||
|
root_user = getattr(core, "root_user", None)
|
||||||
|
root_pswd = getattr(core, "root_pswd", None)
|
||||||
|
if not anonymous:
|
||||||
|
print("Attempting to connect to LDAP...")
|
||||||
|
if root_pswd is None:
|
||||||
|
root_pswd = getpass("Password for %s: " % root_user)
|
||||||
|
try:
|
||||||
|
con = initialize("ldap://%s" % ldap_host)
|
||||||
|
try:
|
||||||
|
if not anonymous:
|
||||||
|
con.simple_bind_s(root_user, root_pswd)
|
||||||
|
else:
|
||||||
|
con.simple_bind_s()
|
||||||
|
except INVALID_CREDENTIALS:
|
||||||
|
eprint("Username or password is wrong, or anonymous is disabled")
|
||||||
|
quit(con)
|
||||||
|
except LDAPError, e:
|
||||||
|
if type(e.message) == dict and e.message.has_key("desc"):
|
||||||
|
eprint("Error: %s" % e.message["desc"])
|
||||||
|
else:
|
||||||
|
eprint(e)
|
||||||
|
quit(con)
|
||||||
|
return con
|
||||||
|
except LDAPError, e:
|
||||||
|
if type(e.message) == dict and e.message.has_key("desc"):
|
||||||
|
eprint(e.message["desc"])
|
||||||
|
else:
|
||||||
|
eprint(e)
|
||||||
|
quit(con)
|
||||||
|
|
||||||
|
def ldap_search(core, find="", ou="", attrs=[], search_dn="",
|
||||||
|
search="(objectclass=*)", root=False):
|
||||||
|
con = core.connection
|
||||||
|
if not len(search_dn) > 0:
|
||||||
|
search_dn = "%s" % core.dn
|
||||||
|
|
||||||
|
if len(ou) > 0 and len(find) > 0:
|
||||||
|
search_dn = "%s,ou=%s,%s" % (find, ou, search_dn)
|
||||||
|
elif len(ou) > 0 and len(find) == 0:
|
||||||
|
search_dn = "ou=%s,%s" % (ou, search_dn)
|
||||||
|
elif len(ou) == 0 and len(find) > 0:
|
||||||
|
search_dn = "%s,%s" % (find, search_dn)
|
||||||
|
|
||||||
|
return con.search_s(search_dn, SCOPE_SUBTREE, search, attrs)
|
|
@ -0,0 +1,65 @@
|
||||||
|
from helpers import *
|
||||||
|
|
||||||
|
class LDAPCore:
|
||||||
|
def __init__(self, root_cred, domain):
|
||||||
|
self.domain = domain
|
||||||
|
self.dn = self.__domain_to_dn()
|
||||||
|
if root_cred:
|
||||||
|
self.root_name = root_cred[0]
|
||||||
|
self.root_pswd = root_cred[1]
|
||||||
|
self.root_user = "cn=%s,%s" % (self.root_name, self.dn)
|
||||||
|
self.connection = ldap_connect(self)
|
||||||
|
else:
|
||||||
|
self.connection = ldap_connect(self, anonymous=True)
|
||||||
|
|
||||||
|
def __domain_to_dn(self, domain=None):
|
||||||
|
if domain is None:
|
||||||
|
domain = self.domain
|
||||||
|
prefix = lambda p: "dc=%s" % p
|
||||||
|
dcs = list(map(prefix, domain.split(".")))
|
||||||
|
return ",".join(dcs)
|
||||||
|
|
||||||
|
def close(self):
|
||||||
|
quit(self.connection)
|
||||||
|
|
||||||
|
def search(self, find="", ou="", attrs=[], search_dn="",
|
||||||
|
search="(objectclass=*)", root=False):
|
||||||
|
return ldap_search(self, find, ou, attrs, search_dn, search, root)
|
||||||
|
|
||||||
|
def parse_passwd(self, user_info):
|
||||||
|
uid = user_info["uid"]
|
||||||
|
uidn = user_info["uidNumber"]
|
||||||
|
gidn = user_info["gidNumber"]
|
||||||
|
gecos = user_info["gecos"]
|
||||||
|
home = user_info["homeDirectory"]
|
||||||
|
shell = user_info["loginShell"]
|
||||||
|
return "%s:x:%s:%s:%s:%s:%s" % (uid, uidn, gidn, gecos, home, shell)
|
||||||
|
|
||||||
|
def parse_group(self, group_info):
|
||||||
|
cn = group_info["cn"]
|
||||||
|
gidn = group_info["gidNumber"]
|
||||||
|
return "%s:x:%s:" % (cn, gidn)
|
||||||
|
|
||||||
|
def users(self):
|
||||||
|
ldap_users = "ou=People,%s" % self.dn
|
||||||
|
attrs = [
|
||||||
|
"uid",
|
||||||
|
"uidNumber",
|
||||||
|
"gidNumber",
|
||||||
|
"gecos",
|
||||||
|
"homeDirectory",
|
||||||
|
"loginShell"
|
||||||
|
]
|
||||||
|
results = self.search(search_dn=ldap_users, attrs=attrs)
|
||||||
|
users = [self.parse_passwd({
|
||||||
|
k: v[0] for k, v in user[1].items()
|
||||||
|
}) for user in results if len(user[1]) > 0]
|
||||||
|
return users
|
||||||
|
|
||||||
|
def groups(self):
|
||||||
|
ldap_users = "ou=Group,%s" % self.dn
|
||||||
|
results = self.search(search_dn=ldap_users, attrs=["cn","gidNumber"])
|
||||||
|
groups = [self.parse_group({
|
||||||
|
k: v[0] for k, v in group[1].items()
|
||||||
|
}) for group in results if len(group[1]) > 0]
|
||||||
|
return groups
|
|
@ -0,0 +1,25 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
import sys
|
||||||
|
|
||||||
|
sys.path.insert(0, "/center/lib/center")
|
||||||
|
|
||||||
|
from ldap_core import LDAPCore
|
||||||
|
|
||||||
|
name = "Manager"
|
||||||
|
domain = "tilde.center"
|
||||||
|
etc = "/center/etc"
|
||||||
|
with open("%s/secrets/ldap.secret" % etc, "r") as secret:
|
||||||
|
pswd = secret.read().strip()
|
||||||
|
root = (name, pswd)
|
||||||
|
core = LDAPCore(root, domain)
|
||||||
|
passwd_file = "%s/passwd" % etc
|
||||||
|
group_file = "%s/group" % etc
|
||||||
|
with open(passwd_file, "w") as passwd:
|
||||||
|
passwd.write("\n".join(core.users()) + "\n")
|
||||||
|
|
||||||
|
with open(group_file, "w") as group:
|
||||||
|
group.write("\n".join(core.groups()) + "\n")
|
||||||
|
|
||||||
|
core.close()
|
||||||
|
print("Successfully updated %s and %s!" % (passwd_file, group_file))
|
Loading…
Reference in New Issue