Untitled

#!/usr/bin/env python
import sys
import optparse
import ldap
from suds.client import Client

from vidyo_disabler_config import LDAP_HOST, LDAP_USER, LDAP_PASS, VIDYO_API, \
        VIDYO_USER, VIDYO_PASS, VIDYO_EXCEPTIONS

def get_all_ldap_users(ldap_conn, verbose):
    # For vidyo, we basically care about all human users in LDAP, regardless of
    # which org they are in, since I think community members could have vidyo
    # accounts, as well as moco and mofo staff. We only need their e-mail
    # address. Doing one query and gathering *all* 3000+ users into a giant list
    # is far less expensive than checking each of the 1400+ users from vidyo
    # individually
    all_users = ldap_conn.search_s(
        'dc=mozilla',
        ldap.SCOPE_SUBTREE,
        '(&(objectClass=inetOrgPerson)(!(employeeType=DISABLED))\
                (|(o:dn:=org)(o:dn:=com)(o:dn:=net)))',
        attrlist=['mail'])
    ldap_users = []
    for user in all_users:
        ldap_users.append(user[1]['mail'][0])

    if verbose:
        print "LDAP users:"
        print ldap_users
    return ldap_users


def get_vidyo_users(vidyo_client, verbose):
    # The getMembers method of the API returns both the total number of users
    # as well as up to 200 users at a time. Here's my attempt at a simple
    # pagination fix in order to get all the users.
    # The getMembers method of the vidyo portal API takes the following
    # parameters:
    #(Filter){
    #   start = None
    #   limit = None
    #   sortBy = None
    #   dir =
    #      (sortDir){
    #         value = None
    #      }
    #   query = None
    # }
    # We don't care about most of them, but first we just need to get the total
    # number of users, so we set filter.limit to 1 to just get the minimum
    # amount of data. Every call to getMembers returns the total number of
    # users

    filter_param = vidyo_client.factory.create('Filter')
    filter_param.limit = 1

    total_accounts = vidyo_client.service.getMembers(filter_param).total

    # Now that we know the total number of users in vidyo, we can form a simple
    # while loop to grab 200 at a time, which is the max limit that the API will
    # return at once. So start at 0 position, then increment the position by 200
    # at the end of each iteration, while subtracting 200, so we loop until
    # there none left.
    max_results = 200
    filter_param.limit = max_results
    filter_param.start = 0
    filter_param.sortBy = 'name'
    member_dict = {}
    while total_accounts > 0:
        resp = vidyo_client.service.getMembers(filter_param)
        for member in resp.member:
            # It seems that human LDAP users have name and emailAddress set to
            # the same thing. Non-human accounts, like conference rooms and such
            # don't seem to have that similarity, and we probably don't care
            # about those anyway, so to make things easy, let's only look at
            # users where the "name" attribute is identical to emailAddress
            # attribute.
            if member.name == member.emailAddress:
                member_dict[member.name] = member.memberID
        total_accounts -= max_results
        filter_param.start += max_results

    # We care about the member.name (username/email) for comparing to LDAP, but
    # we need the memberID in order to delete a user, so we return a dict with
    # both
    if verbose:
        print "vidyo users:"
        print member_dict
    return member_dict

def delete_vidyo_member(vidyo_client, member, member_id, commit):
    print "deleting %s" % member
    if commit:
        # fix me. For testing and initial review, don't actually delete yet
        print "for real"
        #vidyo_client.service.deleteMember(member_id)

def main(prog_args=None):

    if prog_args is None:
        prog_args = sys.argv
    # command line options. For Cron usage, we probably want only --commit.
    # For debug purposes, --verbose is more helpful
    parser = optparse.OptionParser()
    parser.usage = "Script to generate LDAP groups from search filters"
    parser.add_option('-v', '--verbose',
                      action='store_true',
                      default=False,
                      dest='verbose',
                      help='verbose output')
    parser.add_option('--commit',
                      action='store_true',
                      default=False,
                      dest='commit',
                      help='run script in commit mode')

    options, args = parser.parse_args(sys.argv[1:])

    commit = options.commit
    verbose = options.verbose

    # Using suds, initialize a SOAP client for the vidyo portal. Apparently it
    # only works with username and password.
    vidyo_client = Client(VIDYO_API, username=VIDYO_USER, password=VIDYO_PASS)

    # Main LDAP connection. This is used to get users from LDAP
    ldap_conn = ldap.initialize('ldap://%s' % LDAP_HOST)
    ldap_conn.start_tls_s()
    ldap_conn.simple_bind_s(LDAP_USER, LDAP_PASS)

    # We pretty much just need a list active users from vidyo and a list of
    # active users from LDAP in order to compare
    all_ldap_users = get_all_ldap_users(ldap_conn, verbose)
    all_vidyo_users = get_vidyo_users(vidyo_client, verbose)

    # For vidyo users, we get a dict back, because we want to display the e-mail
    # address of the user, but the deleteMember method needs the memberID.
    # Iterate through the email/memberid pairs checking each user against active
    # LDAP users, and if not found, and not in the exceptions list, delete.
    for member, member_id in all_vidyo_users.items():
        if member not in all_ldap_users:
            if member not in VIDYO_EXCEPTIONS:
                delete_vidyo_member(vidyo_client, member, member_id, commit)


if __name__ == "__main__":
    main()