GNOME.org
 

[sysadmin-bin] Port cleanup-inactive-ldap-accounts.py to gnome_ldap_utils

commit 14fb040eb938a47cee344ccaab9323b87c296101
Author: Andrea Veri <averi redhat com>
Date:   Fri Oct 13 18:10:34 2017 +0200

    Port cleanup-inactive-ldap-accounts.py to gnome_ldap_utils

 cleanup-inactive-ldap-accounts.py |   97 +++++++++----------------------------
 gnome_ldap_utils.py               |   26 +++++++++-
 2 files changed, 47 insertions(+), 76 deletions(-)
---
diff --git a/cleanup-inactive-ldap-accounts.py b/cleanup-inactive-ldap-accounts.py
index 2a836fd..6cf0d5a 100755
--- a/cleanup-inactive-ldap-accounts.py
+++ b/cleanup-inactive-ldap-accounts.py
@@ -1,23 +1,23 @@
 #!/usr/bin/python
 
-from __future__ import print_function
 import datetime
 import os
 import sys
 import calendar
 import time
-import ldap
-import ldap.filter
 import socket
-from optparse import OptionParser
 import smtplib
+
+from __future__ import print_function
+from optparse import OptionParser
 from email.MIMEText import MIMEText
 
-LDAP_GROUP_BASE='cn=groups,cn=accounts,dc=gnome,dc=org'
-LDAP_USER_BASE='cn=users,cn=accounts,dc=gnome,dc=org'
+from gnome_ldap_utils import *
 
 execfile('/home/admin/secret/freeipa')
 
+glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', ldap_password)
+
 parser = OptionParser()
 parser.add_option("--print-inactive-accounts", action="store_true", default=False,
                   help="Generates a list of inactive accounts by parsing each gnome_pushlog file. The list 
includes accounts that have been removed already")
@@ -58,74 +58,22 @@ def user_is_current(username):
      return username in last_pushed_times and last_pushed_times[username] >= now - 2 * 365 * 24 * 60 * 60
 
 
-try:
-    l = ldap.open('account.gnome.org')
-    l.simple_bind("cn=Directory Manager", ldap_password)
-except ldap.LDAPError, e:
-    print >>sys.stderr, e
-    sys.exit(1)
-
-# Import the various LDAP functions from the create-auth script.
-def _get_group_from_ldap(group):
-
-    filter = ldap.filter.filter_format('(&(objectClass=posixGroup)(cn=%s))', (group, ))
-    results = l.search_s(LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE, filter, ('member', ))
-
-    members = set()
-
-    for _, attr in results:
-        for userid in attr['member']:
-            splitentry = userid.split(',')
-            singleentry = splitentry[0]
-            splitteduid = singleentry.split('=')
-            uid = splitteduid[1]
-
-            members.add(uid)
-
-    return members
-
-def get_uids_from_group(group):
-    people = _get_group_from_ldap(group)
-
-    people.discard('root')
-    people.discard('sysadmin')
-    people.discard('translations')
-    people.discard('gitadmin')
-    people.discard('otaylor')
-    people.discard('puiterwijk')
-    people.discard('av')
-
-    return people
-
 def add_remove_comment_to_user(username, group):
     new_comment = 'Removed from group %s by cleanup-inactive-ldap-accounts at %s.' % (group, 
datetime.date.today())
-    filter = ldap.filter.filter_format('(uid=%s)', (username, ))
-    results = l.search_s(LDAP_USER_BASE, ldap.SCOPE_SUBTREE, filter, ('uid', 'cn', 'description', 'mail', ))
-
-    if not len(results) > 0:
-        # Something went very wrong here...
-        return False
 
-    try:
-        current_comment = results[0][1]['description'][0]
-
-        has_description = True
-    except KeyError:
-        has_description = False
+    ldap_fields = glu.get_attributes_from_ldap(username, 'cn', 'description', 'mail')
+    current_comment = ldap_fields[2]
+    name = ldap_fields[1]
+    mail = ldap_fields[3]
 
-    if has_description == False:
+    if current_comment is None:
         comment = new_comment
 
-        update_comment = [(ldap.MOD_ADD, 'description', comment)]
-        l.modify_s('uid=%s,%s' % (username, LDAP_USER_BASE), update_comment)
-    elif has_description == True:
-        comment = '%s %s' % (current_comment, new_comment)
-
-        update_comment = [(ldap.MOD_REPLACE, 'description', comment)]
-        l.modify_s('uid=%s,%s' % (username, LDAP_USER_BASE), update_comment)
+        add_or_update_description(username, comment, add=True)
+    else:
+        comment = '%s. %s' % (current_comment, new_comment)
 
-    name = results[0][1]['cn'][0]
-    mail = results[0][1]['mail'][0]
+        add_or_update_description(username, comment, update=True)
 
     form_letter = """
 Hello %s, your membership of the group %s has been automatically removed, due to inactivity.
@@ -153,21 +101,24 @@ the GNOME Accounts Team""" % (name, group)
     return True
 
 
-gnomecvs_users = (get_uids_from_group('gnomecvs'))
-ftpadmin_users = (get_uids_from_group('ftpadmin'))
+excludes = ['root', 'sysadmin', 'gitadmin', 'translations',
+            'gitadmin', 'otaylor', 'puiterwijk', 'av']
+
+gnomecvs_users = (glu.get_uids_from_group('gnomecvs', excludes))
+ftpadmin_users = (glu.get_uids_from_group('ftpadmin', excludes))
 
 for gnomecvs_user in gnomecvs_users:
     if not user_is_current(gnomecvs_user):
         if options.verbose:
             print ("Removing user %s from gnomecvs" % gnomecvs_user, end='\n')
-        remove_members = [ (ldap.MOD_DELETE, 'member','uid=%s,%s' % (gnomecvs_user, LDAP_USER_BASE)) ]
-        l.modify_s('cn=gnomecvs,%s' % LDAP_GROUP_BASE, remove_members)
+
+        glu.remove_user_from_ldap_group(gnomecvs_user, 'gnomecvs')
         add_remove_comment_to_user(gnomecvs_user, 'gnomecvs')
 
 for ftpadmin_user in ftpadmin_users:
     if not user_is_current(ftpadmin_user):
         if options.verbose:
             print ("Removing user %s from ftpadmin" % ftpadmin_user, end='\n')
-        remove_members = [ (ldap.MOD_DELETE, 'member','uid=%s,%s' % (ftpadmin_user, LDAP_USER_BASE)) ]
-        l.modify_s('cn=ftpadmin,%s' % LDAP_GROUP_BASE, remove_members)
+
+        glu.remove_user_from_ldap_group(ftpadmin_user, 'ftpadmin')
         add_remove_comment_to_user(gnomecvs_user, 'ftpadmin')
diff --git a/gnome_ldap_utils.py b/gnome_ldap_utils.py
index 738afdd..8895efd 100755
--- a/gnome_ldap_utils.py
+++ b/gnome_ldap_utils.py
@@ -51,7 +51,10 @@ class Gnome_ldap_utils:
             _result = self.conn.search_s(self.LDAP_USER_BASE, ldap.SCOPE_SUBTREE, filter, (attrs))
 
             for arg in attrs:
-                results.append(_result[0][1][arg][0])
+                try:
+                    results.append(_result[0][1][arg][0])
+                except KeyError:
+                    results.append(None)
         else:
             result = self.conn.search_s(self.LDAP_USER_BASE, ldap.SCOPE_SUBTREE, filter, ('uid', attr, ))
 
@@ -62,9 +65,13 @@ class Gnome_ldap_utils:
         else:
             return None
 
-    def get_uids_from_group(self, group):
+    def get_uids_from_group(self, group, excludes=[]):
         people = self.get_group_from_ldap(group)
 
+        if len(excludes) > 0:
+            for person in excludes:
+                people.discard(person)
+
         return people
 
     def replace_ldap_password(self, userid, password):
@@ -83,4 +90,17 @@ class Gnome_ldap_utils:
         import ldap
 
         remove_members = [(ldap.MOD_DELETE, 'member', 'uid=%s,%s' % (userid, self.LDAP_USER_BASE))]
-        self.conn.modify_s('cn=%s,%s' % (group, self.LDAP_GROUP_BASE), remove_members)
\ No newline at end of file
+        self.conn.modify_s('cn=%s,%s' % (group, self.LDAP_GROUP_BASE), remove_members)
+
+
+    def add_or_update_description(self, userid, comment, add=False, update=False):
+        import sys
+
+        if add and not update:
+            update_comment = [(ldap.MOD_ADD, 'description', comment)]
+            self.conn.modify_s('uid=%s,%s' % (userid, self.LDAP_USER_BASE), update_comment)
+        elif update and not add:
+            update_comment = [(ldap.MOD_REPLACE, 'description', comment)]
+            self.conn.modify_s('uid=%s,%s' % (userid, self.LDAP_USER_BASE), update_comment)
+        else:
+            sys.exit(1)
\ No newline at end of file
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]