Untitled

#!/usr/bin/python

import psycopg2
import psycopg2.extras
import base64
import sys
import shlex
import subprocess
import logging
from optparse import OptionParser

import ldap
from ldap.controls import SimplePagedResultsControl
import ldap.sasl
import ldap.cidict
from grp import getgrnam
import pwd
import getopt,os
import time
import DbInc


fields = {
        'WIN2003':{
            'person':['person'],
            'group':['group'],
            'objectguid':['objectGUID','dn','rdn'],
            'displayname':['name','cn','givenName','sn'],
            'description':['description'],
            'memberof':['memberOf'],
            'member':['member'],
            'oname':['sAMAccountName','mailnickname','uid','cn','loginname'],
            'mails':['mail','userPrincipalName','proxyAddresses','rfc822mailbox']
            },
        'COMMUNIGATE':{
            'person':['inetOrgPerson'],
            'group':['group'],
            'objectguid':['uid','dn','rdn'],
            'displayname':['name','cn','givenName','sn'],
            'memberof':['memberof'],
            'member':['member'],
            'oname':['sAMAccountName','mailnickname','uid','cn','loginname'],
            'mails':['mail','userPrincipalName','proxyAddresses','rfc822mailbox','email']
            },
        'LOTUSNOTES':{
            'person':['inetorgperson'],
            'group':['group'],
            'objectguid':['uid','dn','rdn'],
            'displayname':['name','cn','givenName','sn'],
            'memberof':['memberof'],
            'member':['member'],
            'oname':['sAMAccountName','mailnickname','uid','cn','loginname'],
            'mails':['mail','userPrincipalName','proxyAddresses','rfc822mailbox','email']
            },
        'IPLANET':{
            'person':['inetOrgPerson'],
            'group':['groupOfUniqueNames'],
            'objectguid':['uid','dn','rdn'],
            'displayname':['name','cn','givenName','sn'],
            'memberof':['memberof'],
            'member':['uniqueMember'],
            'oname':['sAMAccountName','mailnickname','uid','cn','loginname'],
            'mails':['mail','userPrincipalName','proxyAddresses','rfc822mailbox','email']
            },
        'NOVELL':{
            'person':['inetOrgPerson'],
            'group':['groupOfNames'],
            'objectguid':['uid','dn','rdn'],
            'displayname':['name','cn','givenName','sn'],
            'memberof':['groupMembership'],
            'member':['member'],
            'oname':['sAMAccountName','mailnickname','uid','cn','loginname'],
            'mails':['mail','userPrincipalName','proxyAddresses','rfc822mailbox','email']
            }
        }

class paLdap:

    partly_succesfull_flag = False

    def __init__(self,_connector,_ldap_fields,loghandler,connect_timeout=5):
        self.connector=_connector

        self.def_domain=''
        for part in self.connector['base_dn'].split(","):
            if not self.def_domain:
                self.def_domain=part.split("=")[1]
            else:
                self.def_domain += "." + part.split("=")[1]

        self.log_handler=loghandler
        self.ldap_fields=_ldap_fields
        self.ldap_timeout = 30
        self.connect_timeout = connect_timeout
        self.ldap_protocol = 'ldap://'

        if self.connector['is_ssl'] == 't':
            self.ldap_protocol = 'ldaps://'
        self.server = ""
        #print 'LDAP password:\n\t %s' % base64.b64decode(self.connector['ldap_password'])
        #print 'LDAP user:\n\t %s' % self.connector['bind_dn']
        self.connect()

    def connect(self):
        for ldap_server in self.connector['server_ip'].split():
            self.ldap_url = self.ldap_protocol + ldap_server + ':' + str( self.connector['port'])
            self.server = ldap_server
            try:
                self.conn = ldap.initialize(self.ldap_url)
                self.conn.network_timeout = self.connect_timeout
                self.conn.set_option(ldap.OPT_REFERRALS, 0)
                self.conn.simple_bind_s( self.connector['bind_dn'],  base64.b64decode(self.connector['ldap_password']))
                return
            except ldap.SERVER_DOWN:
                LOGGER("LDAP server %s did not respond in %s seconds" % (ldap_server,self.connect_timeout),self.log_handler)
                self.conn.unbind_s()
                self.conn = None
                continue
            except ldap.INVALID_CREDENTIALS, e:
                print 'Invalid credentials error:\nERROR: %s' % str(e)
                LOGGER(str(e),self.log_handler)
                sys.exit(1)
            except ldap.LDAPError, e:
                LOGGER('LDAP connection error:\n\tERROR: %s' % e[0]["desc"],self.log_handler)
                sys.exit(1)
        LOGGER('No response from LDAP servers',self.log_handler)
        sys.exit(1)


    def disconnect(self):
        if not self.conn:
            return

        try:
            self.conn.unbind_s()
            self.conn = None
        except ldap.LDAPError, e:
            print 'LDAP disconnection error: %s' % str(e)
            LOGGER(str(e),self.log_handler)

    def ldap_paged_search(self, group=0, sizelimit = 0):
        ix = 0
        base_dn = self.connector['base_dn']
        if self.connector["server_type"] == "OPENLDAP":
            self.fields = {
                    'person':[self.connector["ldap_person_class"]],
                    'group':[self.connector["ldap_group_class"]],
                    'objectguid':[self.connector["ldap_group_id"]],
                    'displayname':[self.connector["ldap_display_name"],'name','cn','givenName','sn'],
                    'dn':[self.connector["ldap_dn"]],
                    'memberof':[self.connector["ldap_member_of"]],
                    'member':[self.connector["ldap_member"]],
                    'oname':[self.connector["ldap_cn"]],
                    'mails':[self.connector["ldap_email"]],
                    'description':['description']
                    }
        else:
            self.fields   = self.ldap_fields.get(self.connector["server_type"])

        if self.connector["ldap_filter"] == '':
            objectClassUsers = self.fields["person"][0]
        else:
            objectClassUsers = self.connector["ldap_filter"]

        if self.connector["ldap_group_filter"] == '':
            objectClassGroups = self.fields["group"][0]
        else:
            objectClassGroups = self.connector["ldap_group_filter"]

        self.attrs = []
        for field in self.fields.items():
            self.attrs.extend(field[1][0].split(","))

        if not group:
            query = "(%s)" % objectClassUsers
        else:
            query = "(%s)" % objectClassGroups

        self.ldap_page_size = 0

        try:
            msgid_test = self.conn.search_ext(base_dn, ldap.SCOPE_SUBTREE, query, attrlist=self.attrs, serverctrls=[])
            res_test = self.conn.result3(msgid=msgid_test, timeout=self.ldap_timeout)
        except ldap.SIZELIMIT_EXCEEDED, e:
            self.disconnect()
            self.connect()
            self.ldap_page_size = 100
            self.paged_results_control = SimplePagedResultsControl(True, self.ldap_page_size, '')
        except ldap.FILTER_ERROR, e:
            LOGGER('LDAP filter error:\n\tERROR: %s' % e[0]["desc"], self.log_handler)
            sys.exit()

        while True:
            if self.ldap_page_size == 0:
                serverctrls = []
            else:
                serverctrls = [self.paged_results_control]

            try:
                msgid = self.conn.search_ext(base_dn, ldap.SCOPE_SUBTREE, query, attrlist=self.attrs, serverctrls=serverctrls)
                res = self.conn.result3(msgid=msgid, timeout=self.ldap_timeout)
                unused_code, results, unused_msgid, serverctrls = res
            except ldap.FILTER_ERROR, e:
                LOGGER('LDAP filter error:\n\tERROR: %s' % e[0]["desc"], self.log_handler)
                sys.exit()

            for result in results:
                ix += 1
                #users.append(result)
                yield result
                if sizelimit and ix >= sizelimit:
                    self.partly_succesfull_flag = True
                    break
            if sizelimit and ix >= sizelimit:
                self.partly_succesfull_flag = True
                break
            cookie = None
            for serverctrl in serverctrls:
                if serverctrl.controlType == ldap.CONTROL_PAGEDRESULTS:
                    cookie = serverctrl.cookie
                    if cookie:
                        self.paged_results_control.cookie = cookie
                    break
            if not cookie:
                break

    def get_connector_users(self):
        self.users = {}
        #LOGGER("got obj from ldap",self.log_handler)
        #print self.def_domain
        counter = 0
        for user in self.ldap_paged_search():
            self.ldap_ogid = ''
            tmp_user={}
            if type(user[1]) is dict:
                #print user

                tmp_user["isgroup"]    = 0
                tmp_user["obj_dn"]        = user[0]

                for attributes in self.fields["objectguid"]:
                    for attr in attributes.split(","):
                        if user[1].has_key(attr):
                            self.ldap_ogid = user[1][attr][0].encode('hex')
                            break

                if not self.ldap_ogid:
                    self.ldap_ogid = user[0].encode('hex')

                for attributes in self.fields["displayname"]:
                    for attr in attributes.split(","):
                        if user[1].has_key(attr):
                            tmp_user["obj_full_name"]    = user[1][attr][0]
                            break

                not_valid_user = False
                for attributes in self.fields["oname"]:
                    for attr in attributes.split(","):
                        if user[1].has_key(attr):
                            if "$" not in user[1][attr][0].lower():
                                #tmp_user["userlogin"] = user[1][attr][0].replace(' ','_')
                                tmp_user["obj_login"] = user[1][attr][0].lower()
                                break
                            else:
                                not_valid_user = True
                if not tmp_user.has_key("obj_login"):
                    not_valid_user = True
                if not_valid_user:
                    continue

                #tmp_user["oname"] += "@" + self.def_domain
                #tmp_user["userlogin"] += "@" + self.def_domain

                aliases = []
                tmp_aliases = set()
                for attributes in self.fields["mails"]:
                    for attr in attributes.split(","):
                        if user[1].has_key(attr):
                            for alias in user[1][attr]:
                                pe=alias.split(":")
                                if pe[0].lower() == "smtp":
                                    if pe[1].lower() not in aliases:
                                        aliases.append(pe[1].lower())
                                elif "@" in alias and alias.lower() not in aliases:
                                    aliases.append(alias.lower())

                if len(aliases):
                    tmp_user["email"] = aliases[0]
                else:
                    #tmp_user["email"] =  "%s@%s" % (tmp_user["userlogin"], self.def_domain)
                    tmp_user["email"] =  "%s@%s" % (tmp_user["obj_login"], self.def_domain)

                if len(aliases) > 0:
                    #tmp_user["def_email"] = aliases[0]
                    tmp_user["email"] = aliases[0]
                    tmp_aliases = set(aliases[1:])

                tmp_user["aliases"] = tmp_aliases

                memberOf = set()
                for attributes in self.fields["memberof"]:
                    for attr in attributes.split(","):
                        if user[1].has_key(attr):
                            for group in user[1][attr]:
                                memberOf.add(group)

                tmp_user["memberOf"] = memberOf
                counter += 1
                self.users[str(self.ldap_ogid)]=tmp_user
        return counter

    def get_connector_groups(self):
        self.groups = {}
        self.ldap_ogid = ''

        for group in self.ldap_paged_search(1):
            tmp_group={}
            if type(group[1]) is dict:
                #print group
                tmp_group["isgroup"] = 1
                #tmp_group["group_dn"]         = group[0]
                tmp_group["obj_dn"]         = group[0]

                for attributes in self.fields["objectguid"]:
                    for attr in attributes.split(","):
                        if group[1].has_key(attr):
                            self.ldap_ogid = group[1][attr][0].encode('hex')
                            break

                if not self.ldap_ogid:
                    self.ldap_ogid = group[0].encode('hex')

                for attributes in self.fields["displayname"]:
                    for attr in attributes.split(","):
                        if group[1].has_key(attr):
                            #tmp_group["fullname"]    = group[1][attr][0]
                            tmp_group["obj_full_name"]    = group[1][attr][0]
                            break

                for attributes in self.fields["description"]:
                    for attr in attributes.split(","):
                        if group[1].has_key(attr):
                            tmp_group["obj_description"] = group[1][attr][0]
                            break
                        else:
                            tmp_group["obj_description"] = 'None'

                members = set()
                for attributes in self.fields["member"]:
                    for attr in attributes.split(","):
                        if group[1].has_key(attr):
                            for user in group[1][attr]:
                                members.add(user)

                tmp_group["member"] = members

                for attributes in self.fields["oname"]:
                    for attr in attributes.split(","):
                        if group[1].has_key(attr):
                            #tmp_group["oname"] = group[1][attr][0].replace(' ','_')
                            #tmp_group["userlogin"] = group[1][attr][0].replace(' ','_')
                            #tmp_group["userlogin"] = group[1][attr][0]
                            tmp_group["obj_login"] = group[1][attr][0]
                            break

                #tmp_group["oname"] += "@" + self.def_domain
                #tmp_group["userlogin"] += "@" + self.def_domain

                aliases = []
                tmp_aliases = set()
                for attributes in self.fields["mails"]:
                    for attr in attributes.split(","):
                        if group[1].has_key(attr):
                            for alias in group[1][attr]:
                                pe=alias.split(":")
                                if pe[0].lower() == "smtp":
                                    if pe[1].lower() not in aliases:
                                        aliases.append(pe[1].lower())
                                elif "@" in alias and alias.lower() not in aliases:
                                    aliases.append(alias.lower())

                if len(aliases) > 0:
                    tmp_group["def_email"] = aliases[0]
                    tmp_aliases = set(aliases[1:])

                tmp_group["aliases"] = tmp_aliases

                self.groups[str(self.ldap_ogid)]=dict(tmp_group)

                #if len(tmp_group["aliases"]) or tmp_group.has_key("def_email"):
                #    tmp_group["isgroup"]                     =  0
                #    tmp_group["oname"]                         += "_aga"
                #    tmp_group["dn"]                             += " Auto-group alias"
                #    tmp_group["fullName"]                     += " Auto-group alias"
                #    self.users[str(self.ldap_ogid + "_aga")] = tmp_group


    def __del__(self):
        self.disconnect()

class paDB:
    def __init__(self,loghandler):
        self.log_handler=loghandler
        try:
            _db='um'
            _user='postgres'
            _host='127.0.0.1'
            #_host='192.168.7.202'
            #self.db=psycopg2.connect(database='secure',host='192.168.7.102',user='pineapp')
            self.db = psycopg2.connect(database=_db,user=_user,host=_host)
            self.cur=self.db.cursor(cursor_factory=psycopg2.extras.DictCursor)
        except:
            # Get the most recent exception
            exceptionType, exceptionValue, exceptionTraceback = sys.exc_info()
            # Exit the script and print an error telling what happened.
            LOGGER("Database connection failed!\n ->%s" % (exceptionValue),self.log_handler)
            sys.exit("Database connection failed!\n ->%s" % (exceptionValue))

    def get_connectors(self):
        self.cur.execute(DbInc.Queries["SELECT"]["connectors"])
        self.connectors=self.cur.fetchall()

    def get_connector(self,connectorID):
        self.cur.execute(DbInc.Queries["SELECT"]["connector"],[connectorID])
        self.connectors=self.cur.fetchall()

    def buid_membership(self):
        self.cur.execute(DbInc.Queries["SELECT"]["user_member_of"])
        result = self.cur.fetchall()

        self.memberShip = {}
        for row in result:
            if self.memberShip.has_key(row["groupdn"]):
                self.memberShip[row["groupdn"]].add(row["userdn"])
            else:
                memberset = set()
                memberset.add(row["userdn"])
                self.memberShip[row["groupdn"]] = memberset
        self.cur.execute(DbInc.Queries["SELECT"]["group_member_of"])
        result = self.cur.fetchall()

        for row in result:
            if self.memberShip.has_key(row["pgdn"]):
                self.memberShip[row["pgdn"]].add(row["groupdn"])
            else:
                memberset = set()
                memberset.add(row["groupdn"])
                self.memberShip[row["pgdn"]] = memberset

    def get_aliases(self):
        self.user_aliases = {}
        self.cur.execute(DbInc.Queries["SELECT"]["users_aliases"])
        _user_aliases    = self.cur.fetchall()

        for row in _user_aliases:
            if self.aliases.has_key(row["object_id"]):
                if row["default_email_ind"] is True:
                    self.user_aliases[row["object_id"]]['def_email'] = row["email"].lower()
                    self.user_aliases[row["object_id"]]['emails'].add(row["email"].lower())
                else:
                    self.user_aliases[row["object_id"]]['emails'].add(row["email"].lower())
            else:
                item = {}
                item['def_email'] = ''
                item['emails'] = set()
                if row["default_email_ind"] is True:
                    item['def_email'] = row["email"].lower()
                    item['emails'].add(row["email"].lower())
                else:
                    item['emails'].add(row["email"].lower())

                self.user_aliases[row["object_id"]] = item

        self.group_aliases = {}
        self.cur.execute(DbInc.Queries["SELECT"]["groups_aliases"])
        _group_aliases    = self.cur.fetchall()

        for row in _group_aliases:
            if self.aliases.has_key(row["object_id"]):
                if row["default_email_ind"] is True:
                    self.group_aliases[row["object_id"]]['def_email'] = row["email"].lower()
                    self.group_aliases[row["object_id"]]['emails'].add(row["email"].lower())
                else:
                    self.group_aliases[row["object_id"]]['emails'].add(row["email"].lower())
            else:
                item = {}
                item['def_email'] = ''
                item['emails'] = set()
                if row["default_email_ind"] is True:
                    item['def_email'] = row["email"].lower()
                    item['emails'].add(row["email"].lower())
                else:
                    item['emails'].add(row["email"].lower())

                self.group_aliases[row["uid"]] = item


    def get_objects(self,_connectorId):
        self.objects = {}

        query = DbInc.Queries["SELECT"]["users_objects"]
        data =(str(_connectorId),)
        self.cur.execute(query,data)
        _users = self.cur.fetchall()
        query = DbInc.Queries["SELECT"]["groups_objects"]
        data =(str(_connectorId),)
        self.cur.execute(query,data)
        _groups = self.cur.fetchall()

        self.InitialSqlObjects = []
        self.InitialSqlObjects.extend(_users)
        self.InitialSqlObjects.extend(_groups)

        #_objects=[]
        #_objects.extend(_users)
        #_objects.extend(_groups)

        for user in _users:
            tmp_obj={}
            self.ldap_ogid = user["ldap_ogid"]
            tmp_obj["obj_dn"]            =    user["user_dn"]
            tmp_obj["obj_id"]            =    user["id"]
            tmp_obj["obj_login"]        =    user["userlogin"]
            tmp_obj["obj_full_name"]    =    user["fullname"]
            tmp_obj["aliases"]            =    user["email"]
            tmp_obj["email"]            =    user["email"]
            tmp_obj["obj_group_ind"]    =    0
            #if self.aliases.has_key(object["user_id"]):
            #    #tmp_obj["default_email_ind"] =    self.user_aliases[object["user_id"]]["default_email_ind"]
            #    tmp_obj["def_email"]         =  self.user_aliases[user["user_id"]]["def_email"]
            #    tmp_obj["aliases"]             =    self.user_aliases[user["user_id"]]["emails"]
            self.objects[self.ldap_ogid] = tmp_obj

        for group in _groups:
            tmp_obj={}
            self.ldap_ogid = group["ldap_ogid"]
            tmp_obj["obj_dn"]            =    group["group_dn"]
            tmp_obj["obj_id"]            =    group["id"]
            tmp_obj["obj_login"]        =    group["groupname"]
            tmp_obj["obj_full_name"]    =    group["groupname"]
            tmp_obj["obj_description"]    =    group["description"]
            #tmp_obj["aliases"]            =    group["email"]
            tmp_obj["aliases"]            =    ''
            tmp_obj["email"]            =    ''
            tmp_obj["obj_group_ind"]    =    1
            #if self.aliases.has_key(object["user_id"]):
            #    #tmp_obj["default_email_ind"] =    self.group_aliases[object["group_id"]]["default_email_ind"]
            #    tmp_obj["def_email"]         =  self.group_aliases[user["group_id"]]["def_email"]
            #    tmp_obj["aliases"]             =    self.group_aliases[user["group_id"]]["emails"]

            self.objects[self.ldap_ogid] = tmp_obj

    def add_object(self, object, key, connector_id, debug,isgroup):
        #print "add_object object = [ %s ]" % object
        Log = {}
        if not isgroup:
            query = DbInc.Queries["INSERT"]["user"]
            #data =(object["userlogin"], object["fullname"], object["email"], 1, object["user_dn"], key, connector_id)
            data =(object["obj_login"].lower(), object["obj_full_name"], object["email"], 1, object["obj_dn"], key, connector_id)

            try:
                self.cur.execute(query,data)
            except psycopg2.IntegrityError as e:
                if e.pgcode == "23505":
                    print "\nbaseDN=%s\n" % object["obj_dn"]
                    sys.exit(12)
                raise e

            #self.cur.execute("SELECT currval('pineapp.objects_oid_seq')")
            #curr_oid = self.cur.fetchone()

            if Log.has_key("log") or Log.has_key("debug"):
                Log["log"]        += "Adding NEW user: %s" % (object["obj_full_name"])
                Log["debug"]    += "\n" + Log["log"]
            else:
                Log["log"]        = "Adding NEW user: %s" % (object["obj_full_name"])
                Log["debug"]    = "\n" + Log["log"]

            if debug:
                if Log.has_key("log") or Log.has_key("debug"):
                    Log["debug"] += "\n\t%s" % (self.cur.mogrify(query,data))
                else:
                    Log["debug"] = "\n\t%s" % (self.cur.mogrify(query,data))
        else:
            query = DbInc.Queries["INSERT"]["group"]
            #data =(object["userlogin"], object["group_dn"], key, 1, connector_id)
            data =(object["obj_login"], object["obj_dn"], key, 1, connector_id, object["obj_description"])

            try:
                self.cur.execute(query,data)
            except psycopg2.IntegrityError as e:
                if e.pgcode == "23505":
                    print "\nbaseDN=%s\n" % object["obj_dn"]
                    sys.exit(12)
                raise e

            if Log.has_key("log") or Log.has_key("debug"):
                Log["log"]        += "Adding NEW group: %s" % (object["obj_login"])
                Log["debug"]    = "\n" + Log["log"]
            else:
                Log["log"]        = "Adding NEW group: %s" % (object["obj_login"])
                Log["debug"]    = "\n" + Log["log"]

            if debug:
                if Log.has_key("debug"):
                    Log["debug"] += "\n\t%s" % (self.cur.mogrify(query,data))
                else:
                    Log["debug"] = "\n\t%s" % (self.cur.mogrify(query,data))

        return Log

    def update_object(self, ldap_user, ldap_userid , _connectorId, debug,isgroup):
        Log = {}
        userUpToDate = 1

        if debug:
            if Log.has_key("debug"):
                if not isgroup:
                    Log["debug"] += "Processing: %s\n" % (ldap_user["obj_full_name"])
                if isgroup:
                    Log["debug"] += "Processing: %s\n" % (ldap_user["obj_login"])
            else:
                if not isgroup:
                    Log["debug"] = "Processing: %s\n" % (ldap_user["obj_full_name"])
                if isgroup:
                    Log["debug"] = "Processing: %s\n" % (ldap_user["obj_login"])

        for key,val in ldap_user.items():
            if self.objects[ldap_userid].has_key(key):
                if not type(self.objects[ldap_userid][key]).__name__ == 'set':
                    if not ldap_user[key] == self.objects[ldap_userid][key]:

                        if key == "obj_login":
                            if not ldap_user[key].lower() == self.objects[ldap_userid][key].lower():
                                if not isgroup:
                                    query = DbInc.Queries["UPDATE"]["user_login"]
                                    data =(ldap_user[key].lower(), self.objects[ldap_userid]["obj_id"],)

                                    if Log.has_key("log"):
                                        Log["log"] += "\nUpdating User Login \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key].lower())
                                    else:
                                        Log["log"] = "Updating User Login \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key].lower())
                                    if debug:
                                        if Log.has_key("debug"):
                                            Log["debug"] += "\t%s\n" % (self.cur.mogrify(query,data))
                                        else:
                                            Log["debug"] = "\t%s\n" % (self.cur.mogrify(query,data))

                                if isgroup:
                                    query = DbInc.Queries["UPDATE"]["group_login"]
                                    data =(ldap_user[key], self.objects[ldap_userid]["obj_id"],)

                                    if Log.has_key("log"):
                                        Log["log"] += "\nUpdating Group Login \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])
                                    else:
                                        Log["log"] = "Updating Group Login \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])
                                    if debug:
                                        if Log.has_key("debug"):
                                            Log["debug"] += "\t%s\n" % (self.cur.mogrify(query,data))
                                        else:
                                            Log["debug"] = "\t%s\n" % (self.cur.mogrify(query,data))

                                self.cur.execute(query, data)
                                userUpToDate = 0


                        if key == "obj_full_name":
                            if not isgroup:
                                query = DbInc.Queries["UPDATE"]["user_fullname"]
                                data =(ldap_user[key], self.objects[ldap_userid]["obj_id"],)
                                self.cur.execute(query,data)

                                userUpToDate = 0
                                if Log.has_key("log"):
                                    Log["log"] += "\nOID(%s) Updating User fullname \"%s\" to \"%s\"" % (self.objects[ldap_userid]["obj_id"],self.objects[ldap_userid][key], ldap_user[key])
                                else:
                                    Log["log"] = "OID(%s) Updating User fullname \"%s\" to \"%s\"" % (self.objects[ldap_userid]["obj_id"],self.objects[ldap_userid][key], ldap_user[key])
                                if debug:
                                    if Log.has_key("debug"):
                                        Log["debug"] += "\t%s\n" % (self.cur.mogrify(query,data))
                                    else:
                                        Log["debug"] = "\t%s\n" % (self.cur.mogrify(query,data))

                        if key == "obj_dn":
                            if isgroup:
                                query = DbInc.Queries["UPDATE"]["group_dn"]
                            else:
                                query = DbInc.Queries["UPDATE"]["user_dn"]

                            data =(ldap_user[key],self.objects[ldap_userid]["obj_id"],)
                            self.cur.execute(query,data)

                            if Log.has_key("log"):
                                Log["log"] += "\nUpdating dn \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])
                            else:
                                Log["log"] = "Updating dn \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])

                            if debug:
                                userUpToDate = 0
                                if Log.has_key("debug"):
                                    Log["debug"] += "\t%s\n" % (self.cur.mogrify(query,data))
                                else:
                                    Log["debug"] = "\t%s\n" % (self.cur.mogrify(query,data))

                        if key == "obj_description":
                            if isgroup:
                                query = DbInc.Queries["UPDATE"]["group_description"]
                                data =(ldap_user[key], self.objects[ldap_userid]["obj_id"],)
                                self.cur.execute(query, data)

                                if Log.has_key("log"):
                                    Log["log"] += "\nUpdating Group Description \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])
                                else:
                                    Log["log"] = "Updating Group Description \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])

                                if debug:
                                    userUpToDate = 0
                                    if Log.has_key("debug"):
                                        Log["debug"] += "\t%s\n" % (self.cur.mogrify(query,data))
                                    else:
                                        Log["debug"] = "\t%s\n" % (self.cur.mogrify(query,data))

        if debug:
            if userUpToDate:
                if Log.has_key("debug"):
                    Log["debug"] += "\t%s is  Up to date" % (ldap_user["obj_full_name"])
                else:
                    Log["debug"] = "\t%s is  Up to date" % (ldap_user["obj_full_name"])

        return Log

    def del_object(self, object, debug):
        Log = {}
        if object["obj_group_ind"]:
            query = DbInc.Queries["DELETE"]["group"]
        else:
            query = DbInc.Queries["DELETE"]["user"]

        data =(object["obj_id"],)
        if not object["obj_group_ind"]:
            if Log.has_key("log"):
                Log["log"] += "\nRemoving user: %s" % (object["obj_full_name"])
            else:
                Log["log"] = "Removing user: %s" % (object["obj_full_name"])
        else:
            if Log.has_key("log"):
                Log["log"] += "\nRemoving Group: %s" % (object["obj_full_name"])
            else:
                Log["log"] = "Removing Group: %s" % (object["obj_full_name"])

        if debug:
            if Log.has_key("debug"):
                Log["debug"] += "\n\t%s" % (self.cur.mogrify(query,data))
            else:
                Log["debug"] = "\t%s" % (self.cur.mogrify(query,data))

        self.cur.execute(query,data)
        return Log

    def build_DN2OID(self,_connectorId):
        self.user_DN2OID = {}
        self.group_DN2OID = {}

        query = DbInc.Queries["SELECT"]["users_objects"]
        data =(str(_connectorId),)
        self.cur.execute(query,data)
        res = self.cur.fetchall()
        for row in res:
            self.user_DN2OID[row["user_dn"]]=row["id"]

        query = DbInc.Queries["SELECT"]["groups_objects"]
        data =(str(_connectorId),)
        self.cur.execute(query,data)
        res = self.cur.fetchall()
        for row in res:
            self.group_DN2OID[row["group_dn"]]=row["id"]

    def add_object2group(self, objectID, groupID, isgroup, debug):
        Log = {}
        if isgroup:
            query = DbInc.Queries["INSERT"]["group_member_of"]
        else:
            query = DbInc.Queries["INSERT"]["user_member_of"]

        data =(objectID, groupID)
        self.cur.execute(query,data)
        if debug:
            if Log.has_key("debug"):
                Log["debug"] += "\t%s\n" % (self.cur.mogrify(query,data))
            else:
                Log["debug"] = "\t%s\n" % (self.cur.mogrify(query,data))

    def del_object2group(self, objectID, groupID, isgroup, debug):
        Log = {}
        if isgroup:
            query = DbInc.Queries["DELETE"]["group_member_of"]
        else:
            query = DbInc.Queries["DELETE"]["user_member_of"]
        data =(objectID, groupID)
        self.cur.execute(query,data)

        if debug:
            if Log.has_key("debug"):
                Log["debug"] += "\t%s\n" % (self.cur.mogrify(query,data))
            else:
                Log["debug"] = "\t%s\n" % (self.cur.mogrify(query,data))

    def set_ldapogid(self, dn, ldapogid, isgroup, debug):
        Log = {}
        if isgroup:
            query = DbInc.Queries["UPDATE"]["group_ldap_ogid"]
        else:
            query = DbInc.Queries["UPDATE"]["user_ldap_ogid"]

        data =(dn, ldapogid)
        self.cur.execute(query,data)

        if Log.has_key("log"):
            Log["log"] += "\nSetting Up LdapOgid (%s) for: (%s)" % (dn, ldapogid)
        else:
            Log["log"] = "Setting Up LdapOgid (%s) for: (%s)" % (dn, ldapogid)

        if debug:
            if Log.has_key("debug"):
                Log["debug"] += "\t%s\n" % (self.cur.mogrify(query,data))
            else:
                Log["debug"] = "\t%s\n" % (self.cur.mogrify(query,data))

        return Log

    def ldap_ogid_exists(self):
        """Get information about ldap_ogid column"""
        self.cur.execute("""
            SELECT 1
            FROM information_schema.columns
            WHERE column_name = 'ldap_ogid'
        """)
        return True if self.cur.rowcount else False

    def add_ldap_ogid_column(self):
        """Alter db schema and add missing column"""
        sql = [
            'alter table policy.users add column ldap_ogid character varying;',
            'alter table policy.groups add column ldap_ogid character varying;'
        ]
        try:
            for query in sql:
                self.cur.execute(query)
            self.db.commit()
            return True
        except Exception as e:
            print e
            self.db.rollback()


def LOGGER(msg):
    logger = logging.getLogger('ldap_sync')
    hdlr = logging.FileHandler('./ldap_sync.log')
    #formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
    formatter = logging.Formatter('%(asctime)s %(name)s %(message)s')
    hdlr.setFormatter(formatter)
    logger.addHandler(hdlr)
    logger.setLevel(logging.INFO)
    logger.info(msg)

def LOGGER(msg,hndl):
    hndl.info(msg)
    print msg

def init_LOGGER():
    logger = logging.getLogger('ldap_sync')
    hdlr = logging.FileHandler('/tmp/ldap_sync.log')
    os.fchown(hdlr.stream.fileno(),pwd.getpwnam('apache').pw_uid,getgrnam("apache").gr_gid)
    #formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
    formatter = logging.Formatter('%(asctime)s %(name)s %(message)s')
    hdlr.setFormatter(formatter)
    logger.addHandler(hdlr)
    logger.setLevel(logging.INFO)
    return logger

def runsystemcmd(cmd, debug, log_handler):
    LOGGER("Running: %s" % cmd ,log_handler)
    #(output, err) = subprocess.Popen(shlex.split(cmd), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).communicate()
    p = subprocess.Popen(shlex.split(cmd), shell = False)
    try:
        os.waitpid(p.pid, 0)[1]
    except:
        pass

def main():
    parser = OptionParser()
    parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, help="set DEBUG true")
    parser.add_option("-l", "--ldapid", dest="ldapid", action="store", help="Test LDAP connector ID")
    parser.add_option("--connectorid", dest="connectorid", action="store", help="Synchronize connector ID")
    parser.add_option ("--SetLdapOgid", dest="SetLdapOgid", action="store_true", default=False, help="Setting LdapOgids of existing users and groups in case that are missing ...")
    (options, args) = parser.parse_args(sys.argv[1:])

    log_handler=init_LOGGER()
    #print options
    debug = options.debug
    connectorID = None
    check_only = False
    partly_successful_flag = False
    user_counter = 0

    # Check if python-ldap up to date, or ldap paged search will fail
    ldap_version = tuple(int(i) for i in ldap.__version__.split("."))
    if ldap_version < (2, 4):
        LOGGER("python-ldap module version is lover than 2.4,"
               "update needed.", log_handler)
        sys.exit(1)

    try:
        with open("/usr/local/pineapp/x700/etc/PA_ALLOWED_USERS", "r") as allowed_users_file:
            max_allowed_users = allowed_users_file.read()
            try:
                max_allowed_users = int(max_allowed_users)
            except:
                LOGGER("illegal file contents (expected int)", log_handler)
                # if we can't read max users consider we have unlimited license
                max_allowed_users = 0
    except IOError:
        LOGGER("Allowed users file does not exists", log_handler)
        # if we can't read max users consider we have unlimited license
        max_allowed_users = 0

    if options.ldapid:
        try:
            connectorID = int(options.ldapid)
            check_only = True
        except:
            print("Connector ID should be integer!")
            sys.exit(1)
    elif options.connectorid:
        try:
            connectorID = int(options.connectorid)
        except:
            print("Connector ID should be integer!")
            sys.exit(1)

    if options.ldapid and options.connectorid:
        print("Test and synchronize commands cannot be used together. Please choose one only.")
        sys.exit(1)
    if debug:
        debugLog = ''
        LOGGER("START",log_handler)

    sql=paDB(log_handler)
    if connectorID:
        sql.get_connector(connectorID)
    else:
        sql.get_connectors()

    if len(sql.connectors) == 0:
        print("Connector with ID %s wasn't found." % connectorID)
        sys.exit(1)

    #for connector in sql.connectors:
    #    print connector
    #    print "\n\n"
    #sys.exit()
    #LOGGER("fin connectors",log_handler)

    # some backuped schema may not contain column `ldap_ogid`, try to add it
    if not sql.ldap_ogid_exists():
        LOGGER(
            "Missing `ldap_ogid` in policy schema, adding...", log_handler)
        if not sql.add_ldap_ogid_column():
            sys.exit(1)

    cix = 0
    for connector in sql.connectors:
        pldap=paLdap(connector,fields,log_handler)
        if check_only:
                #pldap.connect()
                pldap.disconnect()
                sys.exit(0)
        ldap_memberShip = {}
        LOGGER("Synchronizing against LDAP (%s)" % (pldap.server),log_handler)

        user_count = pldap.get_connector_users()
        pldap.get_connector_groups()

        ldap_objects = {}
        if max_allowed_users == 0:
            ldap_objects.update(pldap.users)
        elif user_counter + user_count <= max_allowed_users:
            # in case when connector user count is lower than
            # max_users
            ldap_objects.update(pldap.users)
            user_counter += user_count
        elif user_counter < max_allowed_users < user_counter + user_count:
            # in case when max_users limit is not yet used and
            # connector has another chunk of objects
            for key, user in pldap.users.items():
                if user_counter == max_allowed_users:
                    partly_successful_flag = True
                    break
                ldap_objects.update({key: user})
                user_counter += 1
        else:
            partly_successful_flag = True

        ldap_objects.update(pldap.groups)

        sql.get_objects(connector["ldap_id"])
        sql_objects = {}
        sql_objects.update(sql.objects)

        if options.SetLdapOgid:
            cix += 1
            for o in sql.InitialSqlObjects:
                for k,v in ldap_objects.items():
                    if o.has_key("user_dn"):
                        if ldap_objects[k]["obj_dn"] == o["user_dn"]:
                            log = sql.set_ldapogid(k, o["user_dn"], 0, debug)
                            if log.has_key("log") and not debug:
                                LOGGER(log["log"],log_handler)

                            if debug:
                                LOGGER(log["debug"],log_handler)
                    else:
                        if ldap_objects[k]["obj_dn"] == o["group_dn"]:
                            log = sql.set_ldapogid(k, o["group_dn"], 1, debug)
                            if log.has_key("log") and not debug:
                                LOGGER(log["log"],log_handler)

                            if debug:
                                LOGGER(log["debug"],log_handler)

            if cix == len(sql.connectors):
                sql.db.commit()
                LOGGER("\n\nLdapOgids were fixed please run sync again without \"--SetLdapOgid\" option", log_handler)
                sys.exit()
            else:
                continue

        for k,v in sql_objects.items():
            if not ldap_objects.has_key(k):
                log = sql.del_object(sql_objects[k], debug)

                if log.has_key("log") and not debug:
                    LOGGER(log["log"],log_handler)

                if debug:
                    LOGGER(log["debug"],log_handler)

        for k,v in ldap_objects.items():
            if not sql_objects.has_key(k):
                log = sql.add_object(ldap_objects[k], k, connector["ldap_id"], debug,ldap_objects[k]["isgroup"])

                if log.has_key("log") and not debug:
                    LOGGER(log["log"],log_handler)

                if debug:
                    if log.has_key("debug"):
                        LOGGER(log["debug"],log_handler)

            else:
                log = sql.update_object(ldap_objects[k], k, connector["ldap_id"], debug,ldap_objects[k]["isgroup"])

                if log.has_key("log") and not debug:
                    LOGGER(log["log"],log_handler)

                if debug:
                    if log.has_key("debug"):
                        LOGGER(log["debug"],log_handler)

            ### Building LDAP Group and User memberships
            if ldap_objects[k]["isgroup"]:
                if ldap_objects[k].has_key("member"):
                    ldap_memberShip[ldap_objects[k]["obj_dn"]] = ldap_objects[k]["member"]
            else:
                if ldap_objects[k].has_key("memberOf"):
                    for groupDN in list(ldap_objects[k]["memberOf"]):
                        if ldap_memberShip.has_key(groupDN):
                            ldap_memberShip[groupDN].add(ldap_objects[k]["obj_dn"])

                        else:
                            tmp_set = set()
                            tmp_set.add(ldap_objects[k]["obj_dn"])
                            ldap_memberShip[groupDN] = tmp_set

        sql.build_DN2OID(connector["ldap_id"])
        sql.buid_membership()

        for groupDN,members in sql.memberShip.items():
            if ldap_memberShip.has_key(groupDN):
                if len(members.difference(ldap_memberShip[groupDN])):
                    isgroup = False
                    for member in list(members.difference(ldap_memberShip[groupDN])):
                        if sql.user_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
                            #LOGGER("Removing user (%s) from group (%s)" % (member, sql.group_DN2OID[groupDN]), log_handler)
                            LOGGER("Removing user [%s](OID: %s) to group [%s](GID: %s)" % (member, sql.user_DN2OID[member],
                                groupDN, sql.group_DN2OID[groupDN]),log_handler)
                            sql.del_object2group(sql.user_DN2OID[member], sql.group_DN2OID[groupDN], isgroup, debug)
                        if sql.group_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
                            isgroup = True
                            #LOGGER("Removing group (%s) from group (%s)" % (member, sql.group_DN2OID[groupDN]), log_handler)
                            LOGGER("Removing group [%s](GID: %s) from group [%s](GID: %s)" %(member, sql.group_DN2OID[member],
                                groupDN, sql.group_DN2OID[groupDN]),log_handler)
                            sql.del_object2group(sql.group_DN2OID[member], sql.group_DN2OID[groupDN] ,isgroup, debug)

        for groupDN,members in ldap_memberShip.items():
            if not sql.memberShip.has_key(groupDN):
                for member in list(members):
                    isgroup = False
                    if sql.user_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
                        #LOGGER("Adding User(DN): %s to group (%s) " % (sql.user_DN2OID[member],sql.group_DN2OID[groupDN]),log_handler)
                        LOGGER("Adding User(DN): [%s](OID: %s) to group [%s](GID: %s)" % (member, sql.user_DN2OID[member],
                            groupDN, sql.group_DN2OID[groupDN]),log_handler)
                        sql.add_object2group(sql.user_DN2OID[member], sql.group_DN2OID[groupDN], isgroup, debug)
                    if sql.group_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
                        isgroup = True
                        #LOGGER("Adding Group(DN): %s to group (%s) " % (sql.group_DN2OID[member],sql.group_DN2OID[groupDN]),log_handler)
                        LOGGER("Adding Group(DN): [%s](GID: %s) to group [%s](GID: %s)" % (member, sql.group_DN2OID[member],
                            groupDN, sql.group_DN2OID[groupDN]),log_handler)
                        sql.add_object2group(sql.group_DN2OID[member], sql.group_DN2OID[groupDN], isgroup, debug)
            else:
                if len(members.difference(sql.memberShip[groupDN])):
                    for member in list(members.difference(sql.memberShip[groupDN])):
                        isgroup = False
                        if sql.user_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
                            #LOGGER("Adding (update) User(DN): %s to group (%s) " % (member,sql.group_DN2OID[groupDN]),log_handler)
                            LOGGER("Adding (update) User(DN): [%s](OID: %s) to group [%s](GID: %s)"% (member, sql.user_DN2OID[member],
                                groupDN, sql.group_DN2OID[groupDN]),log_handler)
                            sql.add_object2group(sql.user_DN2OID[member], sql.group_DN2OID[groupDN], isgroup, debug)
                        if sql.group_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
                            isgroup = True
                            #LOGGER("Adding (update) Group(DN): %s to group (%s) " % (member,sql.group_DN2OID[groupDN]),log_handler)
                            LOGGER("Adding (update) Group(DN): [%s](GID: %s) to group [%s](GID: %s)" % (member, sql.group_DN2OID[member],
                                groupDN, sql.group_DN2OID[groupDN]),log_handler)
                            sql.add_object2group(sql.group_DN2OID[member], sql.group_DN2OID[groupDN], isgroup, debug)

        sql.db.commit()
    for cmd in DbInc.PostSyncActions["CMDS"]:
        runsystemcmd(cmd, debug, log_handler)

    if debug:
        LOGGER("END",log_handler)

    if partly_successful_flag:
        sys.exit(11)

if __name__ == "__main__":
    sys.exit(main())