[sysadmin-bin] Don't use the Directory Manager cn for handling read/write operations, go with individual service ac
- From: Andrea Veri <averi src gnome org>
- To: gnome-sysadmin gnome org,commits-list gnome org
- Subject: [sysadmin-bin] Don't use the Directory Manager cn for handling read/write operations, go with individual service ac
- Date: Tue, 27 Aug 2019 09:53:45 +0000 (UTC)
commit a8be25f99014f1ca1ada11bd29354994e42bb36e
Author: Andrea Veri <averi redhat com>
Date: Tue Aug 27 11:50:43 2019 +0200
Don't use the Directory Manager cn for handling read/write operations, go with individual service
accounts instead
cleanup-inactive-ldap-accounts.py | 4 ++--
create-auth | 4 ++--
create-homedirs | 4 ++--
gitlab/gitlab-operations.py | 4 ++--
mail/export-mail.py | 11 +++--------
membership/foundation-operations.py | 4 ++--
reset-my-password.py | 4 ++--
7 files changed, 15 insertions(+), 20 deletions(-)
---
diff --git a/cleanup-inactive-ldap-accounts.py b/cleanup-inactive-ldap-accounts.py
index 9c4d74a..8d5b33c 100755
--- a/cleanup-inactive-ldap-accounts.py
+++ b/cleanup-inactive-ldap-accounts.py
@@ -14,9 +14,9 @@ from email.MIMEText import MIMEText
from gnome_ldap_utils import *
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_rw_ftpadmin_gnomecvs')
-glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', ldap_password)
+glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, LDAP_USER, LDAP_PASSWORD)
GL_PATH = '/var/opt/gitlab/git-data/repositories/GNOME'
parser = OptionParser()
diff --git a/create-auth b/create-auth
index 010ca73..322c297 100755
--- a/create-auth
+++ b/create-auth
@@ -29,14 +29,14 @@ def get_md5sum_hash():
user_md5sums [file] = m.hexdigest ()
return user_md5sums
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_ro')
## first you must open a connection to the server
try:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_PATH)
l = ldap.initialize('ldaps://view.gnome.org:636')
- l.simple_bind_s("cn=Directory Manager", ldap_password)
+ l.simple_bind_s(LDAP_USER, LDAP_PASSWORD)
except ldap.LDAPError, e:
print >>sys.stderr, e
sys.exit(1)
diff --git a/create-homedirs b/create-homedirs
index 8412e1d..404c11f 100755
--- a/create-homedirs
+++ b/create-homedirs
@@ -7,9 +7,9 @@ import subprocess
from gnome_ldap_utils import *
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_ro')
-glu = Gnome_ldap_utils(LDAP_GROUP_BASE, 'account.gnome.org', LDAP_USER_BASE, 'cn=Directory Manager',
ldap_password)
+glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, LDAP_USER, LDAP_PASSWORD)
def create_home_directory(uid):
diff --git a/gitlab/gitlab-operations.py b/gitlab/gitlab-operations.py
index e3d38b7..dd24e3a 100755
--- a/gitlab/gitlab-operations.py
+++ b/gitlab/gitlab-operations.py
@@ -10,10 +10,10 @@ import semi_rdf
from xml.sax import SAXParseException
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_ro')
execfile('/home/admin/secret/gitlab_rw')
-glu = gnome_ldap_utils.Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager',
ldap_password)
+glu = gnome_ldap_utils.Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, LDAP_USER, LDAP_PASSWORD)
gl = gitlab.Gitlab('https://gitlab.gnome.org', GITLAB_PRIVATE_RW_TOKEN, api_version=4)
DOAP = "http://usefulinc.com/ns/doap#"
diff --git a/mail/export-mail.py b/mail/export-mail.py
index a744a92..768077f 100755
--- a/mail/export-mail.py
+++ b/mail/export-mail.py
@@ -6,12 +6,7 @@ import ldap.filter
import subprocess
import sys
-LDAP_URL='ldaps://account.gnome.org:636/'
-LDAP_GROUP_BASE='cn=groups,cn=accounts,dc=gnome,dc=org'
-LDAP_USER_BASE='cn=users,cn=accounts,dc=gnome,dc=org'
-LDAP_CA_PATH = '/etc/ipa/ca.crt'
-
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_ro')
ALIASES = [
('/etc/gnome.org/cvs-mail/virtual', 'cvs.gnome.org', ('gnomecvs', 'gnomevcs')),
@@ -70,8 +65,8 @@ if __name__ == '__main__':
try:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_PATH)
- l = ldap.initialize(LDAP_URL)
- l.simple_bind_s("cn=Directory Manager", ldap_password)
+ l = ldap.initialize('ldaps://account.gnome.org:636')
+ l.simple_bind_s(LDAP_USER, LDAP_PASSWORD)
except ldap.LDAPError, e:
print >>sys.stderr, e
sys.exit(1)
diff --git a/membership/foundation-operations.py b/membership/foundation-operations.py
index 4960da3..290a09c 100755
--- a/membership/foundation-operations.py
+++ b/membership/foundation-operations.py
@@ -43,9 +43,9 @@ if len(sys.argv) == 1:
parser.print_help()
sys.exit(1)
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_foundation')
-glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', ldap_password)
+glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, LDAP_USER, LDAP_PASSWORD)
today = dt.date.today()
foundationmembers = glu.get_uids_from_group('foundation')
diff --git a/reset-my-password.py b/reset-my-password.py
index 8062196..a1e0c98 100755
--- a/reset-my-password.py
+++ b/reset-my-password.py
@@ -8,9 +8,9 @@ import os
from email.MIMEText import MIMEText
from gnome_ldap_utils import *
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_rw_resets')
-glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', ldap_password)
+glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, LDAP_USER, LDAP_PASSWORD)
def gen_passwd(length=12, chars=string.letters + string.digits):
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]