]> Frank Brehm's Git Trees - pixelpark/pp-admin-tools.git/commitdiff
Defining commandline parameters for lib/pp_admintools/app/remove_ldap_user.py
authorFrank Brehm <frank.brehm@pixelpark.com>
Mon, 5 Sep 2022 16:24:37 +0000 (18:24 +0200)
committerFrank Brehm <frank.brehm@pixelpark.com>
Mon, 5 Sep 2022 16:24:37 +0000 (18:24 +0200)
lib/pp_admintools/app/remove_ldap_user.py

index 29670ccffa42ea5743dbdf3e9908c3779cfdb0a5..7ea731df9aa8533d2e7a53edab2689815498111b 100644 (file)
@@ -13,12 +13,14 @@ import logging
 # Third party modules
 
 # Own modules
+from fb_tools.common import to_bool
+
 from ..xlate import XLATOR
 
 from ..app.ldap import LdapAppError
 from ..app.ldap import BaseLdapApplication
 
-__version__ = '0.1.1'
+__version__ = '0.2.0'
 LOG = logging.getLogger(__name__)
 
 _ = XLATOR.gettext
@@ -36,7 +38,101 @@ class RemoveLdapUserError(LdapAppError):
 class RemoveLdapUserApplication(BaseLdapApplication):
     """Application class for disabling or removing a user from LDAP."""
 
-    pass
+    default_nologin_shell = "/usr/sbin/nologin"
+    value_inactive = 'inactive'
+
+    # -------------------------------------------------------------------------
+    def __init__(self, appname=None, base_dir=None):
+
+        self.ldap_instances = []
+        self.given_users = []
+        self.nologin_shell = self.default_nologin_shell
+        self._deactivate = False
+
+        desc = _(
+            "Disables or removes the given users from LDAP. "
+            "If disabling, then the user will not be really removed, but disabled "
+            "by locking the password, setting all status flags to {inact!r}, "
+            "assigning {shell!r} as login shell und removing the user from all groups. "
+            "When removing (or purging) the user will be really removed from LDAP.")
+        desc = desc.format(inact=self.value_inactive, shell=self.nologin_shell)
+
+        super(RemoveLdapUserApplication, self).__init__(
+            appname=appname, description=desc, base_dir=base_dir, initialized=False)
+
+        self.initialized = True
+
+    # -------------------------------------------
+    @property
+    def deactivate(self):
+        """Defines, that the given users will not be removed, bur deactivated instaed."""
+
+        return self._deactivate
+
+    @deactivate.setter
+    def deactivate(self, value):
+        self._deactivate = to_bool(value)
+
+    # -------------------------------------------------------------------------
+    def as_dict(self, short=True):
+        """
+        Transforms the elements of the object into a dict
+
+        @param short: don't include local properties in resulting dict.
+        @type short: bool
+
+        @return: structure as dict
+        @rtype:  dict
+        """
+
+        res = super(RemoveLdapUserApplication, self).as_dict(short=short)
+
+        res['deactivate'] = self.deactivate
+
+        return res
+
+    # -------------------------------------------------------------------------
+    def init_arg_parser(self):
+
+        super(RemoveLdapUserApplication, self).init_arg_parser()
+
+        remove_group = self.arg_parser.add_argument_group(_('Removing options'))
+
+        remove_mode_group = remove_group.add_mutually_exclusive_group()
+
+        remove_mode_group.add_argument(
+            '-d', '--deactivate', dest="deactivate", action='store_true',
+            help=_(
+                "Deactivating the user instead of removing it. "
+                "This is mutually exclusive to {!r}.").format('--remove'),
+        )
+
+        remove_mode_group.add_argument(
+            '-R', '--remove', dest="deactivate", action='store_false',
+            help=_(
+                "Removing the user from LDAP. This is the default and is "
+                "mutually exclusive to {!r}.").format('--deactivate'),
+        )
+
+        remove_group.add_argument(
+            '-I', '--instance', dest="instance", nargs='*', type=str,
+            metavar=_('INSTANCE'),
+            help=_(
+                "The LDAP instance (LDAP cluster) from configuration, where to remove the user. "
+                "Multiple instances may be given. It is possible to give here the value "
+                "{val_all!r}, the then all found LDAP instances except {default!r} are used. "
+                "If not given, the the instance {default!r} will be used.").format(
+                    val_all='all', default='default'),
+        )
+
+        remove_group.add_argument(
+            'users', nargs='+', metavar=_('USER'),
+            help=_(
+                "The user, which should be deactivated or removed. "
+                "They may be given by their Uid (the alphanumeric POSIX name), "
+                "their mail address or their LDAP DN (be aware, that this may be "
+                "different in the particular LDAP instances).")
+        )
 
 
 # =============================================================================