[sysadmin-bin: 1/2] Add the scripts that will help out performing a complete migration from our custom setup to FreeIPA

From: Andrea Veri <av src gnome org>
To: gnome-sysadmin gnome org,commits-list gnome org
Subject: [sysadmin-bin: 1/2] Add the scripts that will help out performing a complete migration from our custom setup to FreeIPA
Date: Sat, 27 Sep 2014 20:34:58 +0000 (UTC)
commit 7184a3b2e84dacb2ab36186a1c8625f9450c6122
Author: Andrea Veri <av gnome org>
Date:   Sat Sep 27 22:32:51 2014 +0200

    Add the scripts that will help out performing a complete migration from our custom setup to FreeIPA

 membership/foundation-operations.py               |  190 +++++++++++++++++++++
 membership/migrate-foundation-field-to-freeipa.py |   95 ++++++++++
 2 files changed, 285 insertions(+), 0 deletions(-)
---
diff --git a/membership/foundation-operations.py b/membership/foundation-operations.py
new file mode 100755
index 0000000..304000e
--- /dev/null
+++ b/membership/foundation-operations.py
@@ -0,0 +1,190 @@
+#!/usr/bin/python
+
+import ldap
+import ldap.filter
+import calendar
+from email.mime.text import MIMEText
+from time import strftime, gmtime
+import smtplib
+
+LDAP_GROUP_BASE='cn=groups,cn=accounts,dc=gnome,dc=org'
+LDAP_USER_BASE='cn=users,cn=accounts,dc=gnome,dc=org'
+
+TODAY = strftime("%Y-%m-%d", gmtime())
+
+file = open('/home/admin/secret/freeipa','r')
+lines = file.readlines()
+
+for line in lines:
+        if line.find("ldap_password") > -1:
+                dirty_password = line.split()
+                ldap_password = str(dirty_password)
+
+                sanitize_file=["ldap_password","=","\"","'","[","]"]
+                for i in range(len(sanitize_file)):
+                        ldap_password = ldap_password.replace(sanitize_file[i],"")
+file.close()
+
+try:
+    l = ldap.open('localhost')
+    l.simple_bind("cn=Directory Manager", ldap_password)
+except ldap.LDAPError, e:
+        print >>sys.stderr, e
+        sys.exit(1)
+
+def _parse_members_from_group(group):
+
+    filter = ldap.filter.filter_format('(&(objectClass=posixgroup)(cn=%s))', (group, ))
+    results = l.search_s(LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE, filter, ('memberUid', ))
+
+    members = set()
+    for entry in results:
+        id = entry[0]
+        attr = entry[1]
+
+        members.update(attr['memberUid'])
+
+    return members
+
+def _get_foundation_members():
+    foundationmembers = _parse_members_from_group('foundation')
+
+    return foundationmembers
+
+def _get_attributes_from_ldap(uid, attr):
+    filter = ldap.filter.filter_format('(uid=%s)', (uid, ))
+    results = l.search_s(LDAP_USER_BASE, ldap.SCOPE_SUBTREE, filter, ('uid', attr, ))
+
+    for entry in results:
+        userid = entry[1]['uid']
+        attribute = entry[1][attr]
+
+        foundationmembership = dict(zip(userid, attribute))
+
+        return foundationmembership
+
+def _get_last_renewed_on():
+    foundationmembers = _get_foundation_members()
+
+    for member in foundationmembers:
+        first_added_attr = _get_attributes_from_ldap(member, 'FirstAdded')
+        last_renewed_on_attr = _get_attributes_from_ldap(member, 'LastRenewedOn')
+        mail_attr = _get_attributes_from_ldap(member,'mail')
+        common_name_attr = _get_attributes_from_ldap(member, 'cn')
+
+        if last_renewed_on_attr[member] == TODAY and first_added_attr == TODAY:
+           send_form_letters(new_member_form_letter, mail_attr[member], common_name_attr[member])
+        elif last_renewed_on_attr[member] == TODAY:
+           send_form_letters(renewal_form_letter, mail_attr[member], common_name_attr[member])
+        else:
+           continue
+
+def send_form_letters(form_letter, email, name):
+    try:
+        msg = MIMEText(form_letter)
+        msg['Subject'] = "Your GNOME Foundation Membership"
+        msg['From']    = "noreply gnome org"
+        msg['To']      = "%s" % (email)
+        msg['Reply-To']  = "membership-committee gnome org"
+        server = smtplib.SMTP("localhost")
+        server.sendmail(msg['From'], msg['To'], msg.as_string())
+        server.quit()
+        print "Successfully sent email to %s with email %s" % (name, email)
+    except smtplib.SMTPException:
+        print "ERROR: I wasn't able to send the email correctly, please check /var/log/maillog!"
+
+new_member_form_letter = """
+Dear GNOME contributor,
+
+Congratulations, you are now a member of the GNOME Foundation! Welcome, and
+thank you for supporting GNOME. Your name has joined those of the rest
+Foundation Membership:
+
+   https://www.gnome.org/foundation/membership
+
+As a member of the Foundation, you are able to vote in the elections of the
+Board of Directors, and you can also put yourself forward as a candidate for
+the Board. There are many other benefits to being a member, including having
+your blog on Planet GNOME, a @gnome.org email address, and the ability to apply
+for travel subsidies. All the guidelines to obtain these benefits are available at:
+
+   https://wiki.gnome.org/MembershipCommittee/MembershipBenefits
+
+While all the available benefits can be obtained on demand by looking at the above
+URL, @gnome.org email aliases are automatically created within 24 hours from the
+arrival of this email on your INBOX. Instructions for correctly setting up your
+email alias can be found at the following link:
+
+   https://wiki.gnome.org/AccountsTeam/MailAliasPolicy#Mail_aliases_configuration
+
+To help you stay informed about GNOME Foundation events, we have subscribed you
+to the foundation-announce mailing list, where all the major GNOME Foundation
+announcements are sent. It is a low volume list and does not allow subscribers
+to post emails. If you would like to read the archives you can do so here:
+
+    https://mail.gnome.org/mailman/listinfo/foundation-announce
+
+We also encourage you to subscribe to the foundation-list mailing
+list. It is used to discuss any issue relating to the GNOME Foundation. This is
+the place for you to suggest ideas and voice your opinions on issues pertaining
+to the GNOME Foundation. To subscribe or read the archives, go to:
+
+    https://mail.gnome.org/mailman/listinfo/foundation-list
+
+We also highly encourage you to introduce yourself to the members by
+writing to foundation-list. Please list your contributions and write a
+little about yourself, if you like :-)
+
+We have a map of contributors on our wiki. If you want others to be able to find
+you, you may add yourself to the list. This might be a good opportunity to find
+other contributors in your area:
+
+    https://wiki.gnome.org/GnomeWorldWide
+
+For more information about the GNOME Foundation, visit the GNOME Foundation's
+web page at:
+
+    https://www.gnome.org/foundation
+
+Thank you for all your great work as a member of the GNOME community.
+
+Best wishes,
+
+The GNOME Foundation Membership Committee"""
+
+renewal_form_letter = """
+Dear GNOME contributor,
+
+We are pleased to inform you that your GNOME Foundation Membership has
+been renewed for two years.
+
+Thank you for your ongoing contributions to GNOME, and for continuing to
+support the GNOME Foundation.
+
+You are eligible to become a candidate for election and to vote in the annual
+Board of Directors elections held each June before GUADEC. If you were not
+already subscribed to the foundation-announce mailing list, you have been
+subscribed to this list, where all the major GNOME Foundation announcements are
+sent. It is a low volume list and does not allow subscribers to post emails. If
+you would like to read the archives you can do so here:
+
+    https://mail.gnome.org/mailman/listinfo/foundation-announce
+
+You are also encouraged to subscribe to the foundation-list mailing list. It is
+open to the public (even non-members) and is used to discuss any issue relating
+to the GNOME Foundation. This is the place for you to suggest ideas and voice
+your opinions on issues pertaining to the GNOME Foundation. To subscribe or
+read the archives, go to:
+
+    https://mail.gnome.org/mailman/listinfo/foundation-list
+
+For more information about the GNOME Foundation, visit the GNOME Foundation's
+web page at:
+
+    https://www.gnome.org/foundation
+
+Thanks for your contributions to GNOME.
+
+Best wishes,
+
+The GNOME Foundation Membership Committee"""
diff --git a/membership/migrate-foundation-field-to-freeipa.py 
b/membership/migrate-foundation-field-to-freeipa.py
new file mode 100755
index 0000000..bcf4ce2
--- /dev/null
+++ b/membership/migrate-foundation-field-to-freeipa.py
@@ -0,0 +1,95 @@
+#!/usr/bin/python
+
+import mysql.connector
+import calendar
+import time
+import ldap
+import ldap.filter
+
+LDAP_USER_BASE='cn=users,cn=accounts,dc=gnome,dc=org'
+LDAP_GROUP_BASE='cn=groups,cn=accounts,dc=gnome,dc=org'
+
+ldap_password = ''
+
+try:
+    l = ldap.open('localhost')
+    l.simple_bind("cn=Directory Manager", ldap_password)
+except ldap.LDAPError, e:
+    print >>sys.stderr, e
+    sys.exit(1)
+
+def _get_group_from_ldap(group):
+
+    filter = ldap.filter.filter_format('(&(objectClass=ipausergroup)(cn=%s))', (group, ))
+    results = l.search_s(LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE, filter, ('member', ))
+
+    members = set()
+    for entry in results:
+        id = entry[0]
+        attr = entry[1]
+
+        members.update(attr['member'])
+
+    return members
+
+def get_uids_from_group(group):
+    people = _get_group_from_ldap(group)
+
+    return people
+
+
+def query_database_with(query):
+
+    db = mysql.connector.connect(host="localhost",
+    user = "foundation",
+    passwd = "",
+    db = "foundation",
+    charset='utf8')
+
+    cur = db.cursor()
+    cur.execute(query)
+
+    result = cur.fetchall()
+    return result
+
+    cur.close()
+
+def sync_userid_to_freeipa():
+    sync_members = {}
+    last_renewed = query_database_with('select userid, first_added from foundationmembers;')
+
+    for member in last_renewed:
+        attribute = member[1]
+        userid = member[0]
+        sync_members[userid] = attribute
+        print userid, attribute
+
+def sync_attributes_to_freeipa():
+    sync_members = {}
+    get_members = query_database_with("select userid, first_added from foundationmembers")
+
+    for member in get_members:
+        attribute = member[1]
+        userid = member[0]
+        sync_members[userid] = attribute
+
+        if userid is not None and userid != '':
+            add_firstadded = [(ldap.MOD_ADD, 'FirstAdded', str(attribute))]
+            l.modify_s('uid=%s,cn=users,cn=accounts,dc=gnome,dc=org' % str(userid), add_firstadded) 
+
+def sync_changed_to_freeipa():
+    sync_members = {}
+    get_members = query_database_with("select userid, last_renewed_on from foundationmembers;")
+
+    for member in get_members:
+        attribute = member[1]
+        userid = member[0]
+        sync_members[userid] = attribute
+     
+        if userid is not None and userid != '':
+            add_firstadded = [(ldap.MOD_ADD, 'LastRenewedOn', str(attribute))]
+            l.modify_s('uid=%s,cn=users,cn=accounts,dc=gnome,dc=org' % str(userid), add_firstadded)
+            print 'Adding %s' % str(userid)
+
+sync_attributes_to_freeipa()
+sync_changed_to_freeipa()
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]