From 3b58c85737402814aed4383bd185eda2af7d9a63 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Fri, 12 Jan 2018 12:31:39 +0100 Subject: [PATCH] Generating data to change in database. --- pp_lib/dnsui_users.py | 194 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 186 insertions(+), 8 deletions(-) diff --git a/pp_lib/dnsui_users.py b/pp_lib/dnsui_users.py index df96f76..362c71e 100644 --- a/pp_lib/dnsui_users.py +++ b/pp_lib/dnsui_users.py @@ -25,7 +25,7 @@ from .common import pp from .ldap_app import PpLdapAppError, PpLdapApplication -__version__ = '0.3.3' +__version__ = '0.4.1' LOG = logging.getLogger(__name__) @@ -58,6 +58,12 @@ class DnsuiUsersApp(PpLdapApplication): self.admin_user_dns = [] self.admin_group = self.default_admin_group + self.db_user_index = {} + self.ldap_user_index = {} + self.users_to_add = [] + self.users_to_update = [] + self.db_users_deactivate = [] + self.db_host = self.default_db_host self.db_port = self.default_db_port self.db_db = self.default_db_db @@ -232,6 +238,13 @@ class DnsuiUsersApp(PpLdapApplication): self.get_admin_users() self.get_db_users() + self.check_current_admin_users() + self.check_current_db_users() + + self.insert_db_users() + self.change_db_users() + self.deactivate_db_users() + finally: self._close_db() @@ -285,11 +298,12 @@ class DnsuiUsersApp(PpLdapApplication): LOG.warn("Did not found any admin users.") return - LOG.info("Getting data of admin users.") + LOG.info("Getting data of admin users from LDAP.") person = ObjectDef(['posixAccount', 'shadowAccount']) person += ["uid", "givenName", "sn", "mail"] + index = 0 for dn in self.admin_user_dns: if self.verbose > 1: @@ -302,14 +316,32 @@ class DnsuiUsersApp(PpLdapApplication): continue entry = entries[0] + sn = entry['sn'][0].strip() + fn = None + if entry['givenName'] and entry['givenName'][0]: + fn = entry['givenName'][0].strip() + if fn == '': + fn = None + mail = None + if entry['mail'] and entry['mail'][0]: + mail = entry['mail'][0].strip() + if mail == '': + mail = None + name = sn + if fn: + name = fn + ' ' + sn + uid = entry['uid'][0] user = { 'dn': dn, - 'uid': entry['uid'][0], - 'givenName': entry['givenName'][0], - 'sn': entry['sn'][0], - 'mail': entry['mail'][0], + 'uid': uid, + 'givenName': fn, + 'sn': sn, + 'mail': mail, + 'name': name } self.admin_users.append(user) + self.ldap_user_index[uid] = index + index += 1 LOG.debug("Found admin users:\n{}".format(pp(self.admin_users))) @@ -337,10 +369,12 @@ class DnsuiUsersApp(PpLdapApplication): if self.verbose > 2: LOG.debug("Got users:\n{}".format(pp(results))) + index = 0 for result in results: + uid = result[1] user = { 'id': result[0], - 'uid': result[1], + 'uid': uid, 'name': result[2], 'email': result[3], 'active': result[4], @@ -348,8 +382,152 @@ class DnsuiUsersApp(PpLdapApplication): 'developer': result[6], } self.db_users.append(user) + self.db_user_index[uid] = index + index += 1 + + if self.verbose > 1: + LOG.debug("Found database users:\n{}".format(pp(self.db_users))) + LOG.debug("Uid index:\n{}".format(pp(self.db_user_index))) + + # ------------------------------------------------------------------------- + def check_current_admin_users(self): + + LOG.info("Checking admin users from LDAP for existence in DB.") + + for ldap_user in self.admin_users: + + uid = ldap_user['uid'] + if uid in self.db_user_index: + + db_user = self.db_users[self.db_user_index[uid]] + change_data = {} + if db_user['name'] != ldap_user['name']: + change_data['name'] = ldap_user['name'] + if db_user['email'] != ldap_user['mail']: + change_data['email'] = ldap_user['mail'] + if db_user['active'] != 1: + change_data['active'] = 1 + if db_user['admin'] != 1: + change_data['admin'] = 1 + if db_user['developer'] != 1: + change_data['developer'] = 1 + if change_data.keys(): + change_data['id'] = db_user['id'] + self.users_to_update.append(change_data) + + else: + + db_user = { + 'uid': uid, + 'name': ldap_user['name'], + 'email': ldap_user['mail'], + 'active': 1, + 'admin': 1, + 'developer': 1, + } + self.users_to_add.append(db_user) + + # ------------------------------------------------------------------------- + def check_current_db_users(self): + + LOG.info("Checking current users in DB for existence in LDAP.") + + person = ObjectDef(['posixAccount', 'shadowAccount']) + person += ["uid", "givenName", "sn", "mail"] + + for db_user in self.db_users: + + uid = db_user['uid'] + db_id = db_user['id'] + LOG.debug("Checking DB user {n!r} ({u}) ...".format(n=db_user['name'], u=uid)) + + if uid in self.ldap_user_index: + if self.verbose > 1: + LOG.debug("DB user {!r} is an active administrator.".format(uid)) + continue + + query_filter = ( + '(&(objectclass=posixAccount)(objectclass=shadowAccount)' + '(uid={}))').format(uid) + if self.verbose > 2: + LOG.debug("Query filter: {!r}".format(query_filter)) - LOG.debug("Found database users:\n{}".format(pp(self.db_users))) + entries = self.ldap_search_subtree(person, query_filter) + if self.verbose > 2: + LOG.debug("Found {} LDAP entries.".format(len(entries))) + if entries: + + entry = entries[0] + change_data = {} + + if db_user['active'] != 1: + change_data['active'] = 1 + + sn = entry['sn'][0].strip() + fn = None + if entry['givenName'] and entry['givenName'][0]: + fn = entry['givenName'][0].strip() + if fn == '': + fn = None + mail = None + if entry['mail'] and entry['mail'][0]: + mail = entry['mail'][0].strip() + if mail == '': + mail = None + name = sn + if fn: + name = fn + ' ' + sn + + if db_user['name'] != name: + change_data['name'] = name + if db_user['email'] != mail: + change_data['email'] = mail + if db_user['developer'] != 1: + change_data['developer'] = 1 + + if change_data.keys(): + change_data['id'] = db_id + self.users_to_update.append(change_data) + else: + LOG.debug("Data uf user {n!r} ({u}) are still correct.".format( + n=db_user['name'], u=uid)) + else: + LOG.warn("DB user {n!r} ({u}) does not exists anymore, will be dectivated.".format( + n=db_user['name'], u=uid)) + self.db_users_deactivate.append(db_id) + + # ------------------------------------------------------------------------- + def insert_db_users(self): + + if not self.users_to_add: + LOG.info("No user data to add to database.") + return + + LOG.info("Adding new users to database.") + if self.verbose > 1: + LOG.debug("User data to insert:\n{}".format(pp(self.users_to_add))) + + # ------------------------------------------------------------------------- + def change_db_users(self): + + if not self.users_to_update: + LOG.info("No user data to update.") + return + + LOG.info("Updating user data in database.") + if self.verbose > 1: + LOG.debug("User data to update:\n{}".format(pp(self.users_to_update))) + + # ------------------------------------------------------------------------- + def deactivate_db_users(self): + + if not self.db_users_deactivate: + LOG.info("No user data to deactivate.") + return + + LOG.info("Deactivating users in database.") + if self.verbose > 1: + LOG.debug("User Ids to deactivate:\n{}".format(pp(self.db_users_deactivate))) # ------------------------------------------------------------------------- def _close_db(self): -- 2.39.5