[sysadmin-bin] Port cleanup-inactive-ldap-accounts to RFC2307bis fields
- From: Andrea Veri <av src gnome org>
- To: gnome-sysadmin gnome org,commits-list gnome org
- Subject: [sysadmin-bin] Port cleanup-inactive-ldap-accounts to RFC2307bis fields
- Date: Sun, 5 Oct 2014 21:36:09 +0000 (UTC)
commit 42b99b865c09ae8bba7c4b53698a66f0c0531786
Author: Andrea Veri <av gnome org>
Date: Sun Oct 5 23:36:04 2014 +0200
Port cleanup-inactive-ldap-accounts to RFC2307bis fields
cleanup-inactive-ldap-accounts.py | 44 ++++++++++++++++--------------------
1 files changed, 20 insertions(+), 24 deletions(-)
---
diff --git a/cleanup-inactive-ldap-accounts.py b/cleanup-inactive-ldap-accounts.py
index 45beef3..59b7673 100755
--- a/cleanup-inactive-ldap-accounts.py
+++ b/cleanup-inactive-ldap-accounts.py
@@ -10,8 +10,10 @@ import ldap.filter
import socket
from optparse import OptionParser
-LDAP_USER_BASE='ou=people,dc=gnome,dc=org'
-LDAP_GROUP_BASE='ou=groups,dc=gnome,dc=org'
+LDAP_GROUP_BASE='cn=groups,cn=accounts,dc=gnome,dc=org'
+LDAP_USER_BASE='cn=users,cn=accounts,dc=gnome,dc=org'
+
+execfile('/home/admin/secret/freeipa')
parser = OptionParser()
parser.add_option("--print-inactive-accounts", action="store_true", default=False,
@@ -30,18 +32,6 @@ infrastructure_folders = 'archive', 'cgit', 'empty-description', 'repositories.t
repositories = filter( lambda f: not f.startswith(infrastructure_folders), os.listdir('/git'))
last_pushed_times = {}
-file = open('/home/admin/secret/ldap','r')
-lines = file.readlines()
-
-for line in lines:
- if line.find("ldap_password") > -1:
- dirty_password = line.split()
- ldap_password = str(dirty_password)
-
- sanitize_file=["ldap_password","=","\"","'","[","]"]
- for i in range(len(sanitize_file)):
- ldap_password = ldap_password.replace(sanitize_file[i],"")
-file.close()
for repository in repositories:
pushlog = open('/git/%s/gnome_pushlog' % repository, 'r')
@@ -60,12 +50,14 @@ for user, last_pushed in last_pushed_times.iteritems():
if options.print_inactive_accounts:
print ("%s: %s" % (user, time.strftime("%d-%m-%Y", last_pushed)), end='\n')
+
def user_is_current(username):
return username in last_pushed_times and last_pushed_times[username] >= now - 2 * 365 * 24 * 60 * 60
+
try:
- l = ldap.open('ldap.gnome.org')
- l.simple_bind("cn=Manager,dc=gnome,dc=org", ldap_password)
+ l = ldap.open('account.gnome.org')
+ l.simple_bind("cn=Directory Manager", ldap_password)
except ldap.LDAPError, e:
print >>sys.stderr, e
sys.exit(1)
@@ -77,11 +69,15 @@ def _get_group_from_ldap(group):
results = l.search_s(LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE, filter, ('memberUid', ))
members = set()
- for entry in results:
- id = entry[0]
- attr = entry[1]
- members.update(attr['memberUid'])
+ for _, attr in results:
+ for userid in attr['member']:
+ splitentry = userid.split(',')
+ singleentry = splitentry[0]
+ splitteduid = singleentry.split('=')
+ uid = splitteduid[1]
+
+ members.add(uid)
return members
@@ -105,12 +101,12 @@ for gnomecvs_user in gnomecvs_users:
if not user_is_current(gnomecvs_user):
if options.verbose:
print ("Removing user %s from gnomecvs" % gnomecvs_user, end='\n')
- remove_members = [ (ldap.MOD_DELETE, 'memberUid','%s' % gnomecvs_user) ]
- l.modify_s('cn=gnomecvs,ou=groups,dc=gnome,dc=org', remove_members)
+ remove_members = [ (ldap.MOD_DELETE, 'member','uid=%s,cn=users,cn=accounts,dc=gnome,dc=org' %
gnomecvs_user) ]
+ l.modify_s('cn=gnomecvs,cn=groups,cn=accounts,dc=gnome,dc=org', remove_members)
for ftpadmin_user in ftpadmin_users:
if not user_is_current(ftpadmin_user):
if options.verbose:
print ("Removing user %s from ftpadmin" % ftpadmin_user, end='\n')
- remove_members = [ (ldap.MOD_DELETE, 'memberUid','%s' % ftpadmin_user) ]
- l.modify_s('cn=ftpadmin,ou=groups,dc=gnome,dc=org', remove_members)
+ remove_members = [ (ldap.MOD_DELETE, 'member','uid=%s,cn=users,cn=accounts,dc=gnome,dc=org' %
ftpadmin_user) ]
+ l.modify_s('cn=ftpadmin,cn=groups,cn=accounts,dc=gnome,dc=org', remove_members)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
