[sysadmin-bin] Add the remove_expired_memberships_from_foundation function and keep compatibility between RFC2307 a

From: Andrea Veri <av src gnome org>
To: gnome-sysadmin gnome org,commits-list gnome org
Subject: [sysadmin-bin] Add the remove_expired_memberships_from_foundation function and keep compatibility between RFC2307 a
Date: Mon, 29 Sep 2014 13:23:52 +0000 (UTC)
commit 0eefe125c5f22960c39d91b5c8b175c90073c4b1
Author: Andrea Veri <av gnome org>
Date:   Mon Sep 29 15:19:47 2014 +0200

    Add the remove_expired_memberships_from_foundation function and keep compatibility between RFC2307 and 
RFC2307bis trees.
    
    When adding or removing an user from a specific LDAP group make sure to
    add / remove it by using both the member (RFC2307bis) and memberUid (RFC2307)
    syntaxes to not break their trees making the groups themselves inconsistent.
    
    Also add the remove_expired_memberships_from_foundation function that will
    remove older than two years members from the foundation group. As of today
    this just means the expired membership will have to follow the renewal process
    through the usual procedure and get added to the relevant group again by the
    Membership Committee. Removing the user from the foundation group won't impact
    @gnome.org aliases as we currently don't remove old aliases from the aliases
    table.

 membership/foundation-operations.py |   42 +++++++++++++++++++++++++++++++---
 1 files changed, 38 insertions(+), 4 deletions(-)
---
diff --git a/membership/foundation-operations.py b/membership/foundation-operations.py
index e7eb538..207b336 100755
--- a/membership/foundation-operations.py
+++ b/membership/foundation-operations.py
@@ -3,11 +3,12 @@
 import ldap
 import socket
 import ldap.filter
+import calendar
 import smtplib
 import sys
 import os
 from email.mime.text import MIMEText
-from time import strftime, gmtime
+from time import strftime, gmtime, strptime, localtime, time
 from optparse import OptionParser
 
 usage = "usage: %prog [options]"
@@ -25,10 +26,14 @@ parser.add_option("--sync-foundation-with-mailusers",
                   action="store_true", default=False,
                   help="Make sure foundation LDAP group members are synced to the mailusers group "
                        "which is then exported through the export-mail.py script"
+parser.add_option("--remove-expired-foundation-members",
+                  action="store_true", default=False,
+                  help="Foundation membership lasts two years, remove expired members from the "
+                       "foundation LDAP group"
 
 (options, args) = parser.parse_args()
 
-LDAP_GROUP_BASE='cn=groups,cn=compat,dc=gnome,dc=org'
+LDAP_GROUP_BASE='cn=groups,cn=accounts,dc=gnome,dc=org'
 LDAP_USER_BASE='cn=users,cn=accounts,dc=gnome,dc=org'
 
 TODAY = strftime("%Y-%m-%d", gmtime())
@@ -100,17 +105,43 @@ def _get_foundation_fields_from_ldap():
         else:
            pass
 
-def sync_user_to_ldap_mailusers(member):
+def sync_user_to_mailusers_memberuid(member):
+        add_members = [(ldap.MOD_ADD, 'memberUid', member)]
+        l.modify_s('cn=mailusers,cn=groups,cn=accounts,dc=gnome,dc=org', add_members)
+
+def sync_user_to_mailusers_member(member):
         add_members = [(ldap.MOD_ADD, 'member', 'uid=%s,cn=users,cn=accounts,dc=gnome,dc=org' % (member))]
         l.modify_s('cn=mailusers,cn=groups,cn=accounts,dc=gnome,dc=org', add_members)
 
+def remove_user_from_foundation_memberuid(member):
+        remove_members = [(ldap.MOD_DELETE, 'memberUid', member)]
+        l.modify_s('cn=foundation,cn=groups,cn=accounts,dc=gnome,dc=org', remove_members)
+
+def remove_user_from_foundation_member(member):
+        remove_members = [(ldap.MOD_DELETE, 'member', 'uid=%s,cn=users,cn=accounts,dc=gnome,dc=org' % 
(member))]
+        l.modify_s('cn=foundation,cn=groups,cn=accounts,dc=gnome,dc=org', remove_members)
+
 def _sync_foundation_with_mailusers():
     foundationmembers = _get_foundation_members()
     mailusers = _parse_members_from_group('mailusers')
 
     for member in foundationmembers:
         if member not in mailusers:
-            sync_user_to_ldap_mailusers(member)
+            sync_user_to_mailusers_memberuid(member)
+            sync_user_to_mailusers_member(member)
+
+def remove_expired_memberships_from_foundation():
+    foundationmembers = _get_foundation_members()
+    now = time()
+
+    for member in foundationmembers:
+        last_renewed_on_attr = _get_attributes_from_ldap(member, 'LastRenewedOn')
+        convert_to_unix_time = calendar.timegm(strptime(last_renewed_on_attr[member], '%Y-%m-%d'))
+
+        if member in foundationmembers and convert_to_unix_time < now - 365 * 2 * 24 * 60 * 60:
+            print "Removing %s from the foundation LDAP group as the membership expired on %s" % (member, 
last_renewed_on_attr[member])
+            remove_user_from_foundation_memberuid(member)
+            remove_user_from_foundation_member(member)
 
 def send_form_letters(form_letter, email, name):
     try:
@@ -261,5 +292,8 @@ def main():
     if options.sync_foundation_with_mailusers:
         _sync_foundation_with_mailusers()
 
+    if options.remove_expired_foundation_members:
+        remove_expired_memberships_from_foundation()
+
 if __name__ == "__main__":
     main()
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]