[sysadmin-bin] Migrate create-auth to use account.gnome.org

From: Andrea Veri <av src gnome org>
To: gnome-sysadmin gnome org,commits-list gnome org
Subject: [sysadmin-bin] Migrate create-auth to use account.gnome.org
Date: Tue, 14 Oct 2014 11:05:53 +0000 (UTC)
commit 8ebbe418ab6009de325836bf3777abb923ab31dc
Author: Andrea Veri <av gnome org>
Date:   Tue Oct 14 13:05:46 2014 +0200

    Migrate create-auth to use account.gnome.org

 create-auth |   49 ++++++++++++++++++++++---------------------------
 1 files changed, 22 insertions(+), 27 deletions(-)
---
diff --git a/create-auth b/create-auth
index 2edd43c..acc5b70 100755
--- a/create-auth
+++ b/create-auth
@@ -29,20 +29,10 @@ def get_md5sum_hash():
             user_md5sums [file] = m.hexdigest ()
     return user_md5sums
 
-## Don't overload ldap.gnome.org too much, make use of our slave
-## for the gnomecvs, gnomeweb, webusers and ftpbasic groups.
-
-SLAVE_CONNECTED_MACHINES = ['git.gnome.org', 'master.gnome.org', 'clipboard.gnome.org', 'webapps.gnome.org', 
'webapps2.gnome.org']
-
-if socket.gethostname() in SLAVE_CONNECTED_MACHINES:
-    ldap_server = 'view.gnome.org'
-else:
-    ldap_server = 'ldap.gnome.org'
-
 ## first you must open a connection to the server
 try:
-    l = ldap.open(ldap_server)
-    l.simple_bind("cn=Manager,dc=gnome,dc=org")
+    l = ldap.open('account.gnome.org')
+    l.simple_bind("cn=Directory Manager")
 except ldap.LDAPError, e:
     print >>sys.stderr, e
     sys.exit(1)
@@ -59,21 +49,26 @@ RESTRICTS = {
     'nagios':
         'command="/home/admin/bin/run-nagios-command",no-pty,no-port-forwarding ',
 }
-LDAP_GROUP_BASE='ou=groups,dc=gnome,dc=org'
-LDAP_USER_BASE='ou=people,dc=gnome,dc=org'
+
+LDAP_GROUP_BASE='cn=users,cn=accounts,dc=gnome,dc=org'
+LDAP_USER_BASE='cn=users,cn=accounts,dc=gnome,dc=org'
 
 
 def _get_group_from_ldap(group):
 
-    filter = ldap.filter.filter_format('(&(objectClass=posixGroup)(cn=%s))', (group, ))
-    results = l.search_s(LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE, filter, ('memberUid', ))
+    filter = ldap.filter.filter_format('(&(objectClass=posixgroup)(cn=%s))', (group, ))
+    results = l.search_s(LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE, filter, ('member', ))
 
     members = set()
-    for entry in results:
-        id = entry[0]
-        attr = entry[1]
 
-        members.update(attr['memberUid'])
+    for _, attr in results:
+        for userid in attr['member']:
+            splitentry = userid.split(',')
+            singleentry = splitentry[0]
+            splitteduid = singleentry.split('=')
+            uid = splitteduid[1]
+
+            members.add(uid)
 
     return members
 
@@ -83,7 +78,7 @@ def _get_user_data_from_ldap(filter):
 
     user_data = {}
     try:
-        searchattrs = ('uid', 'homeDirectory', 'authorizedKey',
+        searchattrs = ('uid', 'homeDirectory', 'ipaSshPubKey',
                        'uidNumber', 'gidNumber')
         persona_data = l.search_s ("ou=people,dc=gnome,dc=org",
                                    ldap.SCOPE_SUBTREE, filter, searchattrs)
@@ -95,14 +90,14 @@ def _get_user_data_from_ldap(filter):
         return user_data
 
     for dn, person_info in persona_data:
-        key_list = person_info['authorizedKey']
+        key_list = person_info['ipaSshPubKey']
         key_list.sort ()
 
         uid = person_info['uid'][0]
 
         user_data[uid] = {
             'uid': uid,
-            'authorizedKey': key_list,
+            'ipaSshPubKey': key_list,
             'uidNumber': person_info['uidNumber'][0],
             'gidNumber': person_info['gidNumber'][0],
             'homeDirectory': person_info['homeDirectory'][0],
@@ -122,7 +117,7 @@ def get_homedirs(limit_uids=None):
     else:
         filter = ""
 
-    filter = '(&(!(homeDirectory=/))(authorizedKey=*)%s)' % filter
+    filter = '(&(!(homeDirectory=/))(ipaSshPubKey=*)%s)' % filter
 
     return _get_user_data_from_ldap(filter)
 
@@ -317,7 +312,7 @@ def lookup_user_info(uids):
     filter = ldap.filter.filter_format(format, list(uids))
     if len(uids) > 0:
         filter = '(|%s)' % filter
-    filter = '(&%s(authorizedKey=*))' % filter
+    filter = '(&%s(ipaSshPubKey=*))' % filter
 
     return _get_user_data_from_ldap(filter)
 
@@ -379,7 +374,7 @@ def create_directory_structure (user_data):
             os.mkdir (user_dir_name, 0700)
             os.chown (user_dir_name, int(user['uidNumber']), int (user['gidNumber']))
             file = open (authorized_keys_file, "w")
-            for key in user['authorizedKey']:
+            for key in user['ipaSshPubKey']:
                 restrict = user.get('restrict', None)
                 if restrict:
                     file.write(RESTRICTS[restrict])
@@ -460,7 +455,7 @@ if __name__ == '__main__':
     parser.add_option("--create-homedirs",
                       action="store_const", dest="homedirs", const="basic")
 
-    parser.add_option("--random-sleep",  action="store_true", 
+    parser.add_option("--random-sleep",  action="store_true",
                       help="Sets a random sleep time before executing the script, useful to not overload 
ldap-back")
 
     parser.set_defaults(homedirs=None)
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]