Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import sys
- import optparse
- import ldap
- from suds.client import Client
- from vidyo_disabler_config import LDAP_HOST, LDAP_USER, LDAP_PASS, VIDYO_API, \
- VIDYO_USER, VIDYO_PASS, VIDYO_EXCEPTIONS
- def get_all_ldap_users(ldap_conn, verbose):
- # For vidyo, we basically care about all human users in LDAP, regardless of
- # which org they are in, since I think community members could have vidyo
- # accounts, as well as moco and mofo staff. We only need their e-mail
- # address. Doing one query and gathering *all* 3000+ users into a giant list
- # is far less expensive than checking each of the 1400+ users from vidyo
- # individually
- all_users = ldap_conn.search_s(
- 'dc=mozilla',
- ldap.SCOPE_SUBTREE,
- '(&(objectClass=inetOrgPerson)(!(employeeType=DISABLED))\
- (|(o:dn:=org)(o:dn:=com)(o:dn:=net)))',
- attrlist=['mail'])
- ldap_users = []
- for user in all_users:
- ldap_users.append(user[1]['mail'][0])
- if verbose:
- print "LDAP users:"
- print ldap_users
- return ldap_users
- def get_vidyo_users(vidyo_client, verbose):
- # The getMembers method of the API returns both the total number of users
- # as well as up to 200 users at a time. Here's my attempt at a simple
- # pagination fix in order to get all the users.
- # The getMembers method of the vidyo portal API takes the following
- # parameters:
- #(Filter){
- # start = None
- # limit = None
- # sortBy = None
- # dir =
- # (sortDir){
- # value = None
- # }
- # query = None
- # }
- # We don't care about most of them, but first we just need to get the total
- # number of users, so we set filter.limit to 1 to just get the minimum
- # amount of data. Every call to getMembers returns the total number of
- # users
- filter_param = vidyo_client.factory.create('Filter')
- filter_param.limit = 1
- total_accounts = vidyo_client.service.getMembers(filter_param).total
- # Now that we know the total number of users in vidyo, we can form a simple
- # while loop to grab 200 at a time, which is the max limit that the API will
- # return at once. So start at 0 position, then increment the position by 200
- # at the end of each iteration, while subtracting 200, so we loop until
- # there none left.
- max_results = 200
- filter_param.limit = max_results
- filter_param.start = 0
- filter_param.sortBy = 'name'
- member_dict = {}
- while total_accounts > 0:
- resp = vidyo_client.service.getMembers(filter_param)
- for member in resp.member:
- # It seems that human LDAP users have name and emailAddress set to
- # the same thing. Non-human accounts, like conference rooms and such
- # don't seem to have that similarity, and we probably don't care
- # about those anyway, so to make things easy, let's only look at
- # users where the "name" attribute is identical to emailAddress
- # attribute.
- if member.name == member.emailAddress:
- member_dict[member.name] = member.memberID
- total_accounts -= max_results
- filter_param.start += max_results
- # We care about the member.name (username/email) for comparing to LDAP, but
- # we need the memberID in order to delete a user, so we return a dict with
- # both
- if verbose:
- print "vidyo users:"
- print member_dict
- return member_dict
- def delete_vidyo_member(vidyo_client, member, member_id, commit):
- print "deleting %s" % member
- if commit:
- # fix me. For testing and initial review, don't actually delete yet
- print "for real"
- #vidyo_client.service.deleteMember(member_id)
- def main(prog_args=None):
- if prog_args is None:
- prog_args = sys.argv
- # command line options. For Cron usage, we probably want only --commit.
- # For debug purposes, --verbose is more helpful
- parser = optparse.OptionParser()
- parser.usage = "Script to generate LDAP groups from search filters"
- parser.add_option('-v', '--verbose',
- action='store_true',
- default=False,
- dest='verbose',
- help='verbose output')
- parser.add_option('--commit',
- action='store_true',
- default=False,
- dest='commit',
- help='run script in commit mode')
- options, args = parser.parse_args(sys.argv[1:])
- commit = options.commit
- verbose = options.verbose
- # Using suds, initialize a SOAP client for the vidyo portal. Apparently it
- # only works with username and password.
- vidyo_client = Client(VIDYO_API, username=VIDYO_USER, password=VIDYO_PASS)
- # Main LDAP connection. This is used to get users from LDAP
- ldap_conn = ldap.initialize('ldap://%s' % LDAP_HOST)
- ldap_conn.start_tls_s()
- ldap_conn.simple_bind_s(LDAP_USER, LDAP_PASS)
- # We pretty much just need a list active users from vidyo and a list of
- # active users from LDAP in order to compare
- all_ldap_users = get_all_ldap_users(ldap_conn, verbose)
- all_vidyo_users = get_vidyo_users(vidyo_client, verbose)
- # For vidyo users, we get a dict back, because we want to display the e-mail
- # address of the user, but the deleteMember method needs the memberID.
- # Iterate through the email/memberid pairs checking each user against active
- # LDAP users, and if not found, and not in the exceptions list, delete.
- for member, member_id in all_vidyo_users.items():
- if member not in all_ldap_users:
- if member not in VIDYO_EXCEPTIONS:
- delete_vidyo_member(vidyo_client, member, member_id, commit)
- if __name__ == "__main__":
- main()
Add Comment
Please, Sign In to add comment