bn8/updateMemberOf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

First version using packaged mylib version

Browse source
This commit is contained in:
Benjamin Renard 2021-07-12 13:45:25 +02:00
parent e4d5c1cb9a
commit 7d7069d5e2
2 changed files with 74 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
README.md
View file

@ -4,25 +4,33 @@ Tool to force update memberOf attributes of users on OpenLDAP directory using me
## Requirements ## Requirements
* [python-mylib](https://gogs.zionetrix.net/bn8/python-mylib) (legacy branch) * [python-mylib](https://gogs.zionetrix.net/bn8/python-mylib)
## Installation ## Installation
``` ```
git clone -b legacy https://gogs.zionetrix.net/bn8/updateMemberOf.git /usr/local/src/updateMemberOf git clone https://gogs.zionetrix.net/bn8/updateMemberOf.git /usr/local/src/updateMemberOf
ln -s /usr/local/src/updateMemberOf/updateMemberOf /usr/local/sbin/updateMemberOf ln -s /usr/local/src/updateMemberOf/updateMemberOf /usr/local/sbin/updateMemberOf
``` ```
## Usage ## Usage
``` ```
usage: updateMemberOf [-h] [-d] [-H HOST] [-D DN] [-P PWD] [-f FILTER] [-b BASE] [--v2] [-a ATTR] [-p] usage: updateMemberOf [-h] [-v] [-d] [-l LOGFILE] [-C] [-j] [-p] [-H HOST] [-D DN] [-P PWD] [-f FILTER] [-b BASE] [--v2] [-a ATTR]
Update memberOf attributes Update memberOf attributes
optional arguments: optional arguments:
-h, --help show this help message and exit -h, --help show this help message and exit
-v, --verbose Enable verbose mode
-d, --debug Enable debug mode -d, --debug Enable debug mode
-l LOGFILE, --log-file LOGFILE
Log file path (default: None)
-C, --console Always log on console (even if log file is configured)
-j, --just-try Enable just-try mode
-p, --progress Enable progress bar
LDAP options:
-H HOST, --host HOST LDAP server URI (default: ldapi:///) -H HOST, --host HOST LDAP server URI (default: ldapi:///)
-D DN, --dn DN LDAP bind DN -D DN, --dn DN LDAP bind DN
-P PWD, --password PWD -P PWD, --password PWD
@ -32,7 +40,6 @@ optional arguments:
-b BASE, --base BASE LDAP group base DN -b BASE, --base BASE LDAP group base DN
--v2 Utiliser le protocole LDAP v2. --v2 Utiliser le protocole LDAP v2.
-a ATTR, --attr ATTR Group members attribute (default: uniqueMember) -a ATTR, --attr ATTR Group members attribute (default: uniqueMember)
-p, --progress Show progress bar
``` ```
## Copyright ## Copyright

113
updateMemberOf
View file

@ -1,29 +1,26 @@
#!/usr/bin/python #!/usr/bin/python
import argparse """ Tool to force update memberOf attributes of users on OpenLDAP directory using memberOf overlay """
import getpass import getpass
import logging import logging
import sys
sys.path.insert(0,'/usr/local/src/python-mylib/') from mylib.ldap import LdapClient
import LdapServer from mylib.ldap import LdapServer
import Pbar from mylib.pbar import Pbar
from mylib.scripts.helpers import get_opts_parser
from mylib.scripts.helpers import init_logging
default_host = 'ldapi:///' default_host = 'ldapi:///'
default_filter = '(objectClass=posixGroup)' default_filter = '(objectClass=posixGroup)'
default_attr = 'uniqueMember' default_attr = 'uniqueMember'
parser = argparse.ArgumentParser(description="Update memberOf attributes") parser = get_opts_parser(desc="Update memberOf attributes", just_try=True, progress=True)
# options # options
parser.add_argument( ldap_opts = parser.add_argument_group('LDAP options')
'-d', '--debug',
action='store_true', ldap_opts.add_argument(
dest='debug',
help='Enable debug mode',
default=False
)
parser.add_argument(
'-H', '--host', '-H', '--host',
action="store", action="store",
type=str, type=str,
@ -31,7 +28,7 @@ parser.add_argument(
help="LDAP server URI (default: %s)" % default_host, help="LDAP server URI (default: %s)" % default_host,
default=default_host default=default_host
) )
parser.add_argument( ldap_opts.add_argument(
'-D', '--dn', '-D', '--dn',
action="store", action="store",
type=str, type=str,
@ -39,7 +36,7 @@ parser.add_argument(
help="LDAP bind DN", help="LDAP bind DN",
default=None default=None
) )
parser.add_argument( ldap_opts.add_argument(
'-P', '--password', '-P', '--password',
action="store", action="store",
type=str, type=str,
@ -47,7 +44,7 @@ parser.add_argument(
help="LDAP bind password", help="LDAP bind password",
default=None default=None
) )
parser.add_argument( ldap_opts.add_argument(
'-f', '--filter', '-f', '--filter',
action="store", action="store",
type=str, type=str,
@ -55,7 +52,7 @@ parser.add_argument(
help="LDAP groups filter (default: %s)" % default_filter, help="LDAP groups filter (default: %s)" % default_filter,
default=default_filter default=default_filter
) )
parser.add_argument( ldap_opts.add_argument(
'-b', '--base', '-b', '--base',
action="store", action="store",
type=str, type=str,
@ -63,14 +60,14 @@ parser.add_argument(
help="LDAP group base DN", help="LDAP group base DN",
default=None default=None
) )
parser.add_argument( ldap_opts.add_argument(
'--v2', '--v2',
action="store_true", action="store_true",
dest="ldapv2", dest="ldapv2",
help="Utiliser le protocole LDAP v2.", help="Utiliser le protocole LDAP v2.",
default=None default=None
) )
parser.add_argument( ldap_opts.add_argument(
'-a', '--attr', '-a', '--attr',
action="store", action="store",
type=str, type=str,
@ -78,49 +75,61 @@ parser.add_argument(
help="Group members attribute (default: %s)" % default_attr, help="Group members attribute (default: %s)" % default_attr,
default=default_attr default=default_attr
) )
parser.add_argument(
'-p', '--progress',
action='store_true',
dest='progress',
help='Show progress bar',
default=False
)
options = parser.parse_args() options = parser.parse_args()
if options.debug:
logging.basicConfig(level=logging.DEBUG,format='%(asctime)s - %(levelname)s - %(message)s')
else:
logging.basicConfig(level=logging.INFO,format='%(asctime)s - %(levelname)s - %(message)s')
if options.base is None: if options.base is None:
parser.error('You must specify base DN using --base parameter') parser.error('You must specify base DN using --base parameter')
init_logging(options, "Update memberOf")
if options.dn and not options.pwd: if options.dn and not options.pwd:
options.pwd=getpass.getpass() options.pwd = getpass.getpass()
class MyLdapClient(LdapClient):
""" Implement a custom LdapClient to handle group objects """
def __init__(self, scripts_options): # pylint: disable=super-init-not-called
self.options = scripts_options
logging.info(u"Connect to LDAP server %s", self.options.host)
self.cnx = LdapServer(self.options.host, dn=self.options.dn, pwd=self.options.pwd, v2=self.options.ldapv2)
self.cnx.connect()
def get_groups(self):
""" Retreive groups form LDAP server """
return self.get_objects(
'group',
self.options.filter,
self.options.base,
[ self.options.attr ]
)
def touch_group_members(self, obj):
""" Touch group members attribute """
current = self.get_attr(obj, self.options.attr, all_values=True)
if not current:
return True
logging.debug('Update - remove values of %s', obj['dn'])
changes = self.get_changes(obj, {options.attr: []})
logging.debug('Changes:\n%s', self.format_changes(changes))
if self.update_object(obj, changes):
obj[options.attr] = []
logging.debug('Update - restore values of %s', obj['dn'])
changes = self.get_changes(obj, {options.attr: current})
logging.debug('Changes:\n%s', self.format_changes(changes))
return myldap.update_object(obj, changes)
return False
# Start LDAP connection # Start LDAP connection
myldap = LdapServer.LdapServer(options.host, options.dn, options.pwd, options.ldapv2) myldap = MyLdapClient(options)
myldap.connect() groups = myldap.get_groups()
ldap_data=myldap.search(options.base, options.filter, [ options.attr ]) logging.info('%s groups found', len(groups))
logging.info('%s groups found', len(ldap_data))
pbar = Pbar.Pbar('Update memberOf', len(ldap_data), enabled=options.progress)
for dn in ldap_data:
old = myldap.get_attr(ldap_data[dn], options.attr, all=True)
if old is None:
continue
logging.debug('Update - remove values of %s', dn)
if myldap.update_object(
dn, {options.attr: old}, {options.attr: []}
):
logging.debug('Update - restore values of %s', dn)
myldap.update_object(dn, {options.attr: []}, {options.attr: old})
pbar = Pbar('Update memberOf', len(groups), enabled=options.progress)
for dn, group in groups.items():
myldap.touch_group_members(group)
pbar.increment() pbar.increment()
pbar.finish() pbar.finish()