From 8fd5f1e2515629e9049650d8c3c17da279678cad Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Thu, 11 Jan 2018 16:02:06 +0100 Subject: [PATCH] Adding all files for bin/check-dnsui-users --- bin/check-dnsui-users | 41 ++++++++++++++++++++++++ etc/check-dnsui-users.ini.default | 37 +++++++++++++++++++++ pp_lib/dnsui_users.py | 53 +++++++++++++++++++++++++++++++ 3 files changed, 131 insertions(+) create mode 100755 bin/check-dnsui-users create mode 100644 etc/check-dnsui-users.ini.default create mode 100644 pp_lib/dnsui_users.py diff --git a/bin/check-dnsui-users b/bin/check-dnsui-users new file mode 100755 index 0000000..fa4ef4e --- /dev/null +++ b/bin/check-dnsui-users @@ -0,0 +1,41 @@ +#!/usr/bin/env python3 + +# Standard modules +import sys +import os +import logging +import locale + +# own modules: +cur_dir = os.getcwd() +base_dir = cur_dir + +if sys.argv[0] != '' and sys.argv[0] != '-c': + bin_dir = os.path.dirname(sys.argv[0]) +base_dir = os.path.abspath(os.path.join(bin_dir, '..')) +module_dir = os.path.join(base_dir, 'pp_lib') +if os.path.exists(module_dir): + sys.path.insert(0, base_dir) + +from pp_lib.dnsui_users import DnsuiUsersApp + +log = logging.getLogger(__name__) + +__author__ = 'Frank Brehm ' +__copyright__ = '(C) 2018 by Frank Brehm, Pixelpark GmbH, Berlin' + +appname = os.path.basename(sys.argv[0]) + +locale.setlocale(locale.LC_ALL, '') + +app = DnsuiUsersApp(appname=appname) +app.initialized = True + +if app.verbose > 2: + print("{c}-Object:\n{a}".format(c=app.__class__.__name__, a=app)) + +#app() + +sys.exit(0) + +# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 diff --git a/etc/check-dnsui-users.ini.default b/etc/check-dnsui-users.ini.default new file mode 100644 index 0000000..3f42897 --- /dev/null +++ b/etc/check-dnsui-users.ini.default @@ -0,0 +1,37 @@ +# Template for ldap.ini +# +# Please copy it to /etc/pixelpark/ldap.ini, /etc/ldap.ini +# or $HOME/.config/pixelpark/ldap.ini to define LDAP-specific configuration values +# for all LDAP based scripts in this working directory. +# +# Please note, that all of these values in the ldap.ini.default file are +# the default values of the scripts, except bind_pw, which HAS to be configured. + +[LDAP] + +# The LDAP Server name or address +# maybe multiple hosts as a comma separated list +host = ldap.pixelpark.com + +# The (UDP) port on the LDAP server +# default 389 for ldap:// and 636 for ldaps:// +port = 389 + +# Use SSL/TLS for communication with the LDAP server (ldaps://) +# Boolean value +ssl = False + +# Base DN for all subtree searches +base_dn = o=isp + +# The DN to use to authenticate against the LDAP server (binding) +bind_dn = uid=Solaris_NSS,ou=Unix NSS,ou=Applications,o=pixelpark,o=isp + +# The password of the latter Bind-DN +# Note: there is no default value for the password, it HAS to be configured +#bind_pw = .nss.pro + +# Timeout in seconds for all LDAP operations +timeout = 5 + +# vim: filetype=dosini diff --git a/pp_lib/dnsui_users.py b/pp_lib/dnsui_users.py new file mode 100644 index 0000000..61ee965 --- /dev/null +++ b/pp_lib/dnsui_users.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +""" +@author: Frank Brehm +@contact: frank.brehm@pixelpark.com +@copyright: © 2018 by Frank Brehm, Berlin +@summary: The module for the check-dnsui-users application object. +""" +from __future__ import absolute_import + +# Standard modules +import logging +import logging.config +import textwrap + +# Third party modules +# from ldap3 import ObjectDef, AttrDef, Reader, Writer +from ldap3 import ObjectDef +import psycopg2 + +# Own modules +from .common import pp + +from .ldap_app import PpLdapAppError, PpLdapApplication + +__version__ = '0.1.0' +LOG = logging.getLogger(__name__) + + +# ============================================================================= +class DnsuiUsersError(PpLdapAppError): + pass + +# ============================================================================= +class DnsuiUsersApp(PpLdapApplication): + """Class for the 'check-dnsui-users' application to ensure: + * all users in DNSUI DB, which are not existing in LDAP, are disabled + * all users in LDAP, which are members of group 'Administratoren Pixelpark Berlin', + are existing and have administrator access. + """ + + # ------------------------------------------------------------------------- + + +# ============================================================================= + +if __name__ == "__main__": + + pass + +# ============================================================================= + +# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 list -- 2.39.5