API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 2nd, 2017
140
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 49.83 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2.  
  3. import base64
  4. import logging
  5. import os
  6. import pwd
  7. import shlex
  8. import subprocess
  9. import sys
  10. from grp import getgrnam
  11. from optparse import OptionParser
  12.  
  13. import DbInc
  14. import ldap
  15. import ldap.cidict
  16. import ldap.sasl
  17. import psycopg2
  18. import psycopg2.extras
  19. from ldap.controls import SimplePagedResultsControl
  20.  
  21. fields = {
  22. 'WIN2003': {
  23. 'person': ['person'],
  24. 'group': ['group'],
  25. 'objectguid': ['objectGUID', 'dn', 'rdn'],
  26. 'displayname': ['name', 'cn', 'givenName', 'sn'],
  27. 'description': ['description'],
  28. 'memberof': ['memberOf'],
  29. 'member': ['member'],
  30. 'oname': ['sAMAccountName', 'mailnickname', 'uid', 'cn', 'loginname'],
  31. 'mails': ['mail', 'userPrincipalName', 'proxyAddresses', 'rfc822mailbox']
  32. },
  33. 'COMMUNIGATE': {
  34. 'person': ['inetOrgPerson'],
  35. 'group': ['group'],
  36. 'objectguid': ['uid', 'dn', 'rdn'],
  37. 'displayname': ['name', 'cn', 'givenName', 'sn'],
  38. 'memberof': ['memberof'],
  39. 'member': ['member'],
  40. 'oname': ['sAMAccountName', 'mailnickname', 'uid', 'cn', 'loginname'],
  41. 'mails': ['mail', 'userPrincipalName', 'proxyAddresses', 'rfc822mailbox', 'email']
  42. },
  43. 'LOTUSNOTES': {
  44. 'person': ['inetorgperson'],
  45. 'group': ['group'],
  46. 'objectguid': ['uid', 'dn', 'rdn'],
  47. 'displayname': ['name', 'cn', 'givenName', 'sn'],
  48. 'memberof': ['memberof'],
  49. 'member': ['member'],
  50. 'oname': ['sAMAccountName', 'mailnickname', 'uid', 'cn', 'loginname'],
  51. 'mails': ['mail', 'userPrincipalName', 'proxyAddresses', 'rfc822mailbox', 'email']
  52. },
  53. 'IPLANET': {
  54. 'person': ['inetOrgPerson'],
  55. 'group': ['groupOfUniqueNames'],
  56. 'objectguid': ['uid', 'dn', 'rdn'],
  57. 'displayname': ['name', 'cn', 'givenName', 'sn'],
  58. 'memberof': ['memberof'],
  59. 'member': ['uniqueMember'],
  60. 'oname': ['sAMAccountName', 'mailnickname', 'uid', 'cn', 'loginname'],
  61. 'mails': ['mail', 'userPrincipalName', 'proxyAddresses', 'rfc822mailbox', 'email']
  62. },
  63. 'NOVELL': {
  64. 'person': ['inetOrgPerson'],
  65. 'group': ['groupOfNames'],
  66. 'objectguid': ['uid', 'dn', 'rdn'],
  67. 'displayname': ['name', 'cn', 'givenName', 'sn'],
  68. 'memberof': ['groupMembership'],
  69. 'member': ['member'],
  70. 'oname': ['sAMAccountName', 'mailnickname', 'uid', 'cn', 'loginname'],
  71. 'mails': ['mail', 'userPrincipalName', 'proxyAddresses', 'rfc822mailbox', 'email']
  72. }
  73. }
  74.  
  75.  
  76. class paLdap:
  77. partly_succesfull_flag = False
  78.  
  79. def __init__(self, _connector, _ldap_fields, loghandler, connect_timeout=5):
  80. self.connector = _connector
  81.  
  82. self.def_domain = ''
  83. for part in self.connector['base_dn'].split(","):
  84. if not self.def_domain:
  85. self.def_domain = part.split("=")[1]
  86. else:
  87. self.def_domain += "." + part.split("=")[1]
  88.  
  89. self.log_handler = loghandler
  90. self.ldap_fields = _ldap_fields
  91. self.ldap_timeout = 30
  92. self.connect_timeout = connect_timeout
  93. self.ldap_protocol = 'ldap://'
  94.  
  95. if self.connector['is_ssl'] == 't':
  96. self.ldap_protocol = 'ldaps://'
  97. self.server = ""
  98. # print 'LDAP password:\n\t %s' % base64.b64decode(self.connector['ldap_password'])
  99. # print 'LDAP user:\n\t %s' % self.connector['bind_dn']
  100. self.connect()
  101.  
  102. def connect(self):
  103. for ldap_server in self.connector['server_ip'].split():
  104. self.ldap_url = self.ldap_protocol + ldap_server + ':' + str(self.connector['port'])
  105. self.server = ldap_server
  106. try:
  107. self.conn = ldap.initialize(self.ldap_url)
  108. self.conn.network_timeout = self.connect_timeout
  109. self.conn.set_option(ldap.OPT_REFERRALS, 0)
  110. self.conn.simple_bind_s(self.connector['bind_dn'], base64.b64decode(self.connector['ldap_password']))
  111. return
  112. except ldap.SERVER_DOWN:
  113. LOGGER("LDAP server %s did not respond in %s seconds" % (ldap_server, self.connect_timeout), self.log_handler)
  114. self.conn.unbind_s()
  115. self.conn = None
  116. continue
  117. except ldap.INVALID_CREDENTIALS, e:
  118. print 'Invalid credentials error:\nERROR: %s' % str(e)
  119. LOGGER(str(e), self.log_handler)
  120. sys.exit(1)
  121. except ldap.LDAPError, e:
  122. LOGGER('LDAP connection error:\n\tERROR: %s' % e[0]["desc"], self.log_handler)
  123. sys.exit(1)
  124. LOGGER('No response from LDAP servers', self.log_handler)
  125. sys.exit(1)
  126.  
  127. def disconnect(self):
  128. if not self.conn:
  129. return
  130.  
  131. try:
  132. self.conn.unbind_s()
  133. self.conn = None
  134. except ldap.LDAPError, e:
  135. print 'LDAP disconnection error: %s' % str(e)
  136. LOGGER(str(e), self.log_handler)
  137.  
  138. def ldap_paged_search(self, group=0, sizelimit=0):
  139. ix = 0
  140. base_dn = self.connector['base_dn']
  141. if self.connector["server_type"] == "OPENLDAP":
  142. self.fields = {
  143. 'person': [self.connector["ldap_person_class"]],
  144. 'group': [self.connector["ldap_group_class"]],
  145. 'objectguid': [self.connector["ldap_group_id"]],
  146. 'displayname': [self.connector["ldap_display_name"], 'name', 'cn', 'givenName', 'sn'],
  147. 'dn': [self.connector["ldap_dn"]],
  148. 'memberof': [self.connector["ldap_member_of"]],
  149. 'member': [self.connector["ldap_member"]],
  150. 'oname': [self.connector["ldap_cn"]],
  151. 'mails': [self.connector["ldap_email"]],
  152. 'description': ['description']
  153. }
  154. else:
  155. self.fields = self.ldap_fields.get(self.connector["server_type"])
  156.  
  157. if self.connector["ldap_filter"] == '' or \
  158. self.connector["ldap_filter"] == "objectClass=Person" or \
  159. self.connector["ldap_filter"] is None:
  160. objectClassUsers = "(objectClass=person"
  161. else:
  162. # compile filter
  163. objectClassUsers = "(&(objectClass=person)(|"
  164. for entry in self.connector["ldap_filter"].split(";"):
  165. objectClassUsers += "(name=%s*)" % entry
  166. objectClassUsers += "(cn=%s*)" % entry
  167. objectClassUsers += "(%s=%s*)" % (self.fields["oname"][0], entry)
  168. objectClassUsers += ")"
  169.  
  170. if self.connector["ldap_group_filter"] == '' or \
  171. self.connector["ldap_group_filter"] == "objectClass=Group" or \
  172. self.connector["ldap_group_filter"] is None:
  173. objectClassGroups = "(objectClass=group"
  174. else:
  175. objectClassGroups = "(&(objectClass=group)(|"
  176. for entry in self.connector["ldap_group_filter"].split(";"):
  177. objectClassGroups += "(name=%s*)" % entry
  178. objectClassGroups += "(cn=%s*)" % entry
  179. objectClassGroups += "(%s=%s*)" % (self.fields["oname"][0], entry)
  180. objectClassGroups += ")"
  181.  
  182. self.attrs = []
  183. for field in self.fields.items():
  184. self.attrs.extend(field[1][0].split(","))
  185.  
  186. if not group:
  187. query = "%s)" % objectClassUsers
  188. else:
  189. query = "%s)" % objectClassGroups
  190.  
  191. self.ldap_page_size = 0
  192.  
  193. try:
  194. msgid_test = self.conn.search_ext(base_dn, ldap.SCOPE_SUBTREE, query, attrlist=self.attrs, serverctrls=[])
  195. res_test = self.conn.result3(msgid=msgid_test, timeout=self.ldap_timeout)
  196. except ldap.SIZELIMIT_EXCEEDED, e:
  197. self.disconnect()
  198. self.connect()
  199. self.ldap_page_size = 100
  200. self.paged_results_control = SimplePagedResultsControl(True, self.ldap_page_size, '')
  201. except ldap.FILTER_ERROR, e:
  202. LOGGER('LDAP filter error:\n\tERROR: %s' % e[0]["desc"], self.log_handler)
  203. sys.exit()
  204.  
  205. while True:
  206. if self.ldap_page_size == 0:
  207. serverctrls = []
  208. else:
  209. serverctrls = [self.paged_results_control]
  210.  
  211. try:
  212. msgid = self.conn.search_ext(base_dn, ldap.SCOPE_SUBTREE, query, attrlist=self.attrs, serverctrls=serverctrls)
  213. res = self.conn.result3(msgid=msgid, timeout=self.ldap_timeout)
  214. unused_code, results, unused_msgid, serverctrls = res
  215. except ldap.FILTER_ERROR, e:
  216. LOGGER('LDAP filter error:\n\tERROR: %s' % e[0]["desc"], self.log_handler)
  217. sys.exit(1)
  218.  
  219. for result in results:
  220. ix += 1
  221. # users.append(result)
  222. yield result
  223. if sizelimit and ix >= sizelimit:
  224. self.partly_succesfull_flag = True
  225. break
  226. if sizelimit and ix >= sizelimit:
  227. self.partly_succesfull_flag = True
  228. break
  229. cookie = None
  230. for serverctrl in serverctrls:
  231. if serverctrl.controlType == ldap.CONTROL_PAGEDRESULTS:
  232. cookie = serverctrl.cookie
  233. if cookie:
  234. self.paged_results_control.cookie = cookie
  235. break
  236. if not cookie:
  237. break
  238.  
  239. def get_connector_users(self):
  240. self.users = {}
  241. # LOGGER("got obj from ldap",self.log_handler)
  242. # print self.def_domain
  243. counter = 0
  244. for user in self.ldap_paged_search():
  245. self.ldap_ogid = ''
  246. tmp_user = {}
  247. if type(user[1]) is dict:
  248. # print user
  249.  
  250. tmp_user["isgroup"] = 0
  251. tmp_user["obj_dn"] = user[0]
  252.  
  253. for attributes in self.fields["objectguid"]:
  254. for attr in attributes.split(","):
  255. if user[1].has_key(attr):
  256. self.ldap_ogid = user[1][attr][0].encode('hex')
  257. break
  258.  
  259. if not self.ldap_ogid:
  260. self.ldap_ogid = user[0].encode('hex')
  261.  
  262. for attributes in self.fields["displayname"]:
  263. for attr in attributes.split(","):
  264. if user[1].has_key(attr):
  265. tmp_user["obj_full_name"] = user[1][attr][0]
  266. break
  267.  
  268. not_valid_user = False
  269. for attributes in self.fields["oname"]:
  270. for attr in attributes.split(","):
  271. if user[1].has_key(attr):
  272. if "$" not in user[1][attr][0].lower():
  273. # tmp_user["userlogin"] = user[1][attr][0].replace(' ','_')
  274. tmp_user["obj_login"] = user[1][attr][0].lower()
  275. break
  276. else:
  277. not_valid_user = True
  278. if not tmp_user.has_key("obj_login"):
  279. not_valid_user = True
  280. if not_valid_user:
  281. continue
  282.  
  283. # tmp_user["oname"] += "@" + self.def_domain
  284. # tmp_user["userlogin"] += "@" + self.def_domain
  285.  
  286. aliases = []
  287. tmp_aliases = set()
  288. for attributes in self.fields["mails"]:
  289. for attr in attributes.split(","):
  290. if user[1].has_key(attr):
  291. for alias in user[1][attr]:
  292. pe = alias.split(":")
  293. if pe[0].lower() == "smtp":
  294. if pe[1].lower() not in aliases:
  295. aliases.append(pe[1].lower())
  296. elif "@" in alias and alias.lower() not in aliases:
  297. aliases.append(alias.lower())
  298.  
  299. if len(aliases):
  300. tmp_user["email"] = aliases[0]
  301. else:
  302. # tmp_user["email"] = "%s@%s" % (tmp_user["userlogin"], self.def_domain)
  303. tmp_user["email"] = "%s@%s" % (tmp_user["obj_login"], self.def_domain)
  304.  
  305. if len(aliases) > 0:
  306. # tmp_user["def_email"] = aliases[0]
  307. tmp_user["email"] = aliases[0]
  308. tmp_aliases = set(aliases[1:])
  309.  
  310. tmp_user["aliases"] = tmp_aliases
  311.  
  312. memberOf = set()
  313. for attributes in self.fields["memberof"]:
  314. for attr in attributes.split(","):
  315. if user[1].has_key(attr):
  316. for group in user[1][attr]:
  317. memberOf.add(group)
  318.  
  319. tmp_user["memberOf"] = memberOf
  320. counter += 1
  321. self.users[str(self.ldap_ogid)] = tmp_user
  322. return counter
  323.  
  324. def get_connector_groups(self):
  325. self.groups = {}
  326. self.ldap_ogid = ''
  327.  
  328. for group in self.ldap_paged_search(1):
  329. tmp_group = {}
  330. if type(group[1]) is dict:
  331. # print group
  332. tmp_group["isgroup"] = 1
  333. # tmp_group["group_dn"] = group[0]
  334. tmp_group["obj_dn"] = group[0]
  335.  
  336. for attributes in self.fields["objectguid"]:
  337. for attr in attributes.split(","):
  338. if group[1].has_key(attr):
  339. self.ldap_ogid = group[1][attr][0].encode('hex')
  340. break
  341.  
  342. if not self.ldap_ogid:
  343. self.ldap_ogid = group[0].encode('hex')
  344.  
  345. for attributes in self.fields["displayname"]:
  346. for attr in attributes.split(","):
  347. if group[1].has_key(attr):
  348. # tmp_group["fullname"] = group[1][attr][0]
  349. tmp_group["obj_full_name"] = group[1][attr][0]
  350. break
  351.  
  352. for attributes in self.fields["description"]:
  353. for attr in attributes.split(","):
  354. if group[1].has_key(attr):
  355. tmp_group["obj_description"] = group[1][attr][0]
  356. break
  357. else:
  358. tmp_group["obj_description"] = 'None'
  359.  
  360. members = set()
  361. for attributes in self.fields["member"]:
  362. for attr in attributes.split(","):
  363. if group[1].has_key(attr):
  364. for user in group[1][attr]:
  365. members.add(user)
  366.  
  367. tmp_group["member"] = members
  368.  
  369. for attributes in self.fields["oname"]:
  370. for attr in attributes.split(","):
  371. if group[1].has_key(attr):
  372. # tmp_group["oname"] = group[1][attr][0].replace(' ','_')
  373. # tmp_group["userlogin"] = group[1][attr][0].replace(' ','_')
  374. # tmp_group["userlogin"] = group[1][attr][0]
  375. tmp_group["obj_login"] = group[1][attr][0]
  376. break
  377.  
  378. # tmp_group["oname"] += "@" + self.def_domain
  379. # tmp_group["userlogin"] += "@" + self.def_domain
  380.  
  381. aliases = []
  382. tmp_aliases = set()
  383. for attributes in self.fields["mails"]:
  384. for attr in attributes.split(","):
  385. if group[1].has_key(attr):
  386. for alias in group[1][attr]:
  387. pe = alias.split(":")
  388. if pe[0].lower() == "smtp":
  389. if pe[1].lower() not in aliases:
  390. aliases.append(pe[1].lower())
  391. elif "@" in alias and alias.lower() not in aliases:
  392. aliases.append(alias.lower())
  393.  
  394. if len(aliases) > 0:
  395. tmp_group["def_email"] = aliases[0]
  396. tmp_aliases = set(aliases[1:])
  397.  
  398. tmp_group["aliases"] = tmp_aliases
  399.  
  400. self.groups[str(self.ldap_ogid)] = dict(tmp_group)
  401.  
  402. # if len(tmp_group["aliases"]) or tmp_group.has_key("def_email"):
  403. # tmp_group["isgroup"] = 0
  404. # tmp_group["oname"] += "_aga"
  405. # tmp_group["dn"] += " Auto-group alias"
  406. # tmp_group["fullName"] += " Auto-group alias"
  407. # self.users[str(self.ldap_ogid + "_aga")] = tmp_group
  408.  
  409. def __del__(self):
  410. self.disconnect()
  411.  
  412.  
  413. class paDB:
  414. def __init__(self, loghandler):
  415. self.log_handler = loghandler
  416. try:
  417. _db = 'um'
  418. _user = 'postgres'
  419. _host = '127.0.0.1'
  420. # _host='192.168.7.202'
  421. # self.db=psycopg2.connect(database='secure',host='192.168.7.102',user='pineapp')
  422. self.db = psycopg2.connect(database=_db, user=_user, host=_host)
  423. self.cur = self.db.cursor(cursor_factory=psycopg2.extras.DictCursor)
  424. except:
  425. # Get the most recent exception
  426. exceptionType, exceptionValue, exceptionTraceback = sys.exc_info()
  427. # Exit the script and print an error telling what happened.
  428. LOGGER("Database connection failed!\n ->%s" % (exceptionValue), self.log_handler)
  429. sys.exit("Database connection failed!\n ->%s" % (exceptionValue))
  430.  
  431. def get_connectors(self):
  432. self.cur.execute(DbInc.Queries["SELECT"]["connectors"])
  433. self.connectors = self.cur.fetchall()
  434.  
  435. def get_connector(self, connectorID):
  436. self.cur.execute(DbInc.Queries["SELECT"]["connector"], [connectorID])
  437. self.connectors = self.cur.fetchall()
  438.  
  439. def buid_membership(self):
  440. self.cur.execute(DbInc.Queries["SELECT"]["user_member_of"])
  441. result = self.cur.fetchall()
  442.  
  443. self.memberShip = {}
  444. for row in result:
  445. if self.memberShip.has_key(row["groupdn"]):
  446. self.memberShip[row["groupdn"]].add(row["userdn"])
  447. else:
  448. memberset = set()
  449. memberset.add(row["userdn"])
  450. self.memberShip[row["groupdn"]] = memberset
  451. self.cur.execute(DbInc.Queries["SELECT"]["group_member_of"])
  452. result = self.cur.fetchall()
  453.  
  454. for row in result:
  455. if self.memberShip.has_key(row["pgdn"]):
  456. self.memberShip[row["pgdn"]].add(row["groupdn"])
  457. else:
  458. memberset = set()
  459. memberset.add(row["groupdn"])
  460. self.memberShip[row["pgdn"]] = memberset
  461.  
  462. def get_aliases(self):
  463. self.user_aliases = {}
  464. self.cur.execute(DbInc.Queries["SELECT"]["users_aliases"])
  465. _user_aliases = self.cur.fetchall()
  466.  
  467. for row in _user_aliases:
  468. if self.aliases.has_key(row["object_id"]):
  469. if row["default_email_ind"] is True:
  470. self.user_aliases[row["object_id"]]['def_email'] = row["email"].lower()
  471. self.user_aliases[row["object_id"]]['emails'].add(row["email"].lower())
  472. else:
  473. self.user_aliases[row["object_id"]]['emails'].add(row["email"].lower())
  474. else:
  475. item = {}
  476. item['def_email'] = ''
  477. item['emails'] = set()
  478. if row["default_email_ind"] is True:
  479. item['def_email'] = row["email"].lower()
  480. item['emails'].add(row["email"].lower())
  481. else:
  482. item['emails'].add(row["email"].lower())
  483.  
  484. self.user_aliases[row["object_id"]] = item
  485.  
  486. self.group_aliases = {}
  487. self.cur.execute(DbInc.Queries["SELECT"]["groups_aliases"])
  488. _group_aliases = self.cur.fetchall()
  489.  
  490. for row in _group_aliases:
  491. if self.aliases.has_key(row["object_id"]):
  492. if row["default_email_ind"] is True:
  493. self.group_aliases[row["object_id"]]['def_email'] = row["email"].lower()
  494. self.group_aliases[row["object_id"]]['emails'].add(row["email"].lower())
  495. else:
  496. self.group_aliases[row["object_id"]]['emails'].add(row["email"].lower())
  497. else:
  498. item = {}
  499. item['def_email'] = ''
  500. item['emails'] = set()
  501. if row["default_email_ind"] is True:
  502. item['def_email'] = row["email"].lower()
  503. item['emails'].add(row["email"].lower())
  504. else:
  505. item['emails'].add(row["email"].lower())
  506.  
  507. self.group_aliases[row["uid"]] = item
  508.  
  509. def get_objects(self, _connectorId):
  510. self.objects = {}
  511.  
  512. query = DbInc.Queries["SELECT"]["users_objects"]
  513. data = (str(_connectorId),)
  514. self.cur.execute(query, data)
  515. _users = self.cur.fetchall()
  516. query = DbInc.Queries["SELECT"]["groups_objects"]
  517. data = (str(_connectorId),)
  518. self.cur.execute(query, data)
  519. _groups = self.cur.fetchall()
  520.  
  521. self.InitialSqlObjects = []
  522. self.InitialSqlObjects.extend(_users)
  523. self.InitialSqlObjects.extend(_groups)
  524.  
  525. # _objects=[]
  526. # _objects.extend(_users)
  527. # _objects.extend(_groups)
  528.  
  529. for user in _users:
  530. tmp_obj = {}
  531. self.ldap_ogid = user["ldap_ogid"]
  532. tmp_obj["obj_dn"] = user["user_dn"]
  533. tmp_obj["obj_id"] = user["id"]
  534. tmp_obj["obj_login"] = user["userlogin"]
  535. tmp_obj["obj_full_name"] = user["fullname"]
  536. tmp_obj["aliases"] = user["email"]
  537. tmp_obj["email"] = user["email"]
  538. tmp_obj["obj_group_ind"] = 0
  539. # if self.aliases.has_key(object["user_id"]):
  540. # #tmp_obj["default_email_ind"] = self.user_aliases[object["user_id"]]["default_email_ind"]
  541. # tmp_obj["def_email"] = self.user_aliases[user["user_id"]]["def_email"]
  542. # tmp_obj["aliases"] = self.user_aliases[user["user_id"]]["emails"]
  543. self.objects[self.ldap_ogid] = tmp_obj
  544.  
  545. for group in _groups:
  546. tmp_obj = {}
  547. self.ldap_ogid = group["ldap_ogid"]
  548. tmp_obj["obj_dn"] = group["group_dn"]
  549. tmp_obj["obj_id"] = group["id"]
  550. tmp_obj["obj_login"] = group["groupname"]
  551. tmp_obj["obj_full_name"] = group["groupname"]
  552. tmp_obj["obj_description"] = group["description"]
  553. # tmp_obj["aliases"] = group["email"]
  554. tmp_obj["aliases"] = ''
  555. tmp_obj["email"] = ''
  556. tmp_obj["obj_group_ind"] = 1
  557. # if self.aliases.has_key(object["user_id"]):
  558. # #tmp_obj["default_email_ind"] = self.group_aliases[object["group_id"]]["default_email_ind"]
  559. # tmp_obj["def_email"] = self.group_aliases[user["group_id"]]["def_email"]
  560. # tmp_obj["aliases"] = self.group_aliases[user["group_id"]]["emails"]
  561.  
  562. self.objects[self.ldap_ogid] = tmp_obj
  563.  
  564. def add_object(self, object, key, connector_id, debug, isgroup):
  565. # print "add_object object = [ %s ]" % object
  566. Log = {}
  567. if not isgroup:
  568. query = DbInc.Queries["INSERT"]["user"]
  569. # data =(object["userlogin"], object["fullname"], object["email"], 1, object["user_dn"], key, connector_id)
  570. data = (object["obj_login"].lower(), object["obj_full_name"], object["email"], 1, object["obj_dn"], key, connector_id)
  571.  
  572. try:
  573. self.cur.execute(query, data)
  574. except psycopg2.IntegrityError as e:
  575. if e.pgcode == "23505":
  576. self.cur.execute("commit")
  577. Log["log"] = "Duplicate user: %s" % (object["obj_full_name"])
  578. # sys.exit(12)
  579. return Log
  580.  
  581. # self.cur.execute("SELECT currval('pineapp.objects_oid_seq')")
  582. # curr_oid = self.cur.fetchone()
  583.  
  584. if Log.has_key("log") or Log.has_key("debug"):
  585. Log["log"] += "Adding NEW user: %s" % (object["obj_full_name"])
  586. Log["debug"] += "\n" + Log["log"]
  587. else:
  588. Log["log"] = "Adding NEW user: %s" % (object["obj_full_name"])
  589. Log["debug"] = "\n" + Log["log"]
  590.  
  591. if debug:
  592. if Log.has_key("log") or Log.has_key("debug"):
  593. Log["debug"] += "\n\t%s" % (self.cur.mogrify(query, data))
  594. else:
  595. Log["debug"] = "\n\t%s" % (self.cur.mogrify(query, data))
  596. else:
  597. query = DbInc.Queries["INSERT"]["group"]
  598. # data =(object["userlogin"], object["group_dn"], key, 1, connector_id)
  599. data = (object["obj_login"], object["obj_dn"], key, 1, connector_id, object["obj_description"])
  600.  
  601. try:
  602. self.cur.execute(query, data)
  603. except psycopg2.IntegrityError as e:
  604. if e.pgcode == "23505":
  605. self.cur.execute("commit")
  606. Log["log"] = "Duplicate user: %s" % (object["obj_full_name"])
  607. # sys.exit(12)
  608. return Log
  609.  
  610. if Log.has_key("log") or Log.has_key("debug"):
  611. Log["log"] += "Adding NEW group: %s" % (object["obj_login"])
  612. Log["debug"] = "\n" + Log["log"]
  613. else:
  614. Log["log"] = "Adding NEW group: %s" % (object["obj_login"])
  615. Log["debug"] = "\n" + Log["log"]
  616.  
  617. if debug:
  618. if Log.has_key("debug"):
  619. Log["debug"] += "\n\t%s" % (self.cur.mogrify(query, data))
  620. else:
  621. Log["debug"] = "\n\t%s" % (self.cur.mogrify(query, data))
  622.  
  623. return Log
  624.  
  625. def update_object(self, ldap_user, ldap_userid, _connectorId, debug, isgroup):
  626. Log = {}
  627. userUpToDate = 1
  628.  
  629. if debug:
  630. if Log.has_key("debug"):
  631. if not isgroup:
  632. Log["debug"] += "Processing: %s\n" % (ldap_user["obj_full_name"])
  633. if isgroup:
  634. Log["debug"] += "Processing: %s\n" % (ldap_user["obj_login"])
  635. else:
  636. if not isgroup:
  637. Log["debug"] = "Processing: %s\n" % (ldap_user["obj_full_name"])
  638. if isgroup:
  639. Log["debug"] = "Processing: %s\n" % (ldap_user["obj_login"])
  640.  
  641. for key, val in ldap_user.items():
  642. if self.objects[ldap_userid].has_key(key):
  643. if not type(self.objects[ldap_userid][key]).__name__ == 'set':
  644. if not ldap_user[key] == self.objects[ldap_userid][key]:
  645.  
  646. if key == "obj_login":
  647. if not ldap_user[key].lower() == self.objects[ldap_userid][key].lower():
  648. if not isgroup:
  649. query = DbInc.Queries["UPDATE"]["user_login"]
  650. data = (ldap_user[key].lower(), self.objects[ldap_userid]["obj_id"],)
  651.  
  652. if Log.has_key("log"):
  653. Log["log"] += "\nUpdating User Login \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key].lower())
  654. else:
  655. Log["log"] = "Updating User Login \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key].lower())
  656. if debug:
  657. if Log.has_key("debug"):
  658. Log["debug"] += "\t%s\n" % (self.cur.mogrify(query, data))
  659. else:
  660. Log["debug"] = "\t%s\n" % (self.cur.mogrify(query, data))
  661.  
  662. if isgroup:
  663. query = DbInc.Queries["UPDATE"]["group_login"]
  664. data = (ldap_user[key], self.objects[ldap_userid]["obj_id"],)
  665.  
  666. if Log.has_key("log"):
  667. Log["log"] += "\nUpdating Group Login \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])
  668. else:
  669. Log["log"] = "Updating Group Login \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])
  670. if debug:
  671. if Log.has_key("debug"):
  672. Log["debug"] += "\t%s\n" % (self.cur.mogrify(query, data))
  673. else:
  674. Log["debug"] = "\t%s\n" % (self.cur.mogrify(query, data))
  675.  
  676. self.cur.execute(query, data)
  677. userUpToDate = 0
  678.  
  679. if key == "obj_full_name":
  680. if not isgroup:
  681. query = DbInc.Queries["UPDATE"]["user_fullname"]
  682. data = (ldap_user[key], self.objects[ldap_userid]["obj_id"],)
  683. self.cur.execute(query, data)
  684.  
  685. userUpToDate = 0
  686. if Log.has_key("log"):
  687. Log["log"] += "\nOID(%s) Updating User fullname \"%s\" to \"%s\"" % (self.objects[ldap_userid]["obj_id"], self.objects[ldap_userid][key], ldap_user[key])
  688. else:
  689. Log["log"] = "OID(%s) Updating User fullname \"%s\" to \"%s\"" % (self.objects[ldap_userid]["obj_id"], self.objects[ldap_userid][key], ldap_user[key])
  690. if debug:
  691. if Log.has_key("debug"):
  692. Log["debug"] += "\t%s\n" % (self.cur.mogrify(query, data))
  693. else:
  694. Log["debug"] = "\t%s\n" % (self.cur.mogrify(query, data))
  695.  
  696. if key == "obj_dn":
  697. if isgroup:
  698. query = DbInc.Queries["UPDATE"]["group_dn"]
  699. else:
  700. query = DbInc.Queries["UPDATE"]["user_dn"]
  701.  
  702. data = (ldap_user[key], self.objects[ldap_userid]["obj_id"],)
  703. self.cur.execute(query, data)
  704.  
  705. if Log.has_key("log"):
  706. Log["log"] += "\nUpdating dn \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])
  707. else:
  708. Log["log"] = "Updating dn \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])
  709.  
  710. if debug:
  711. userUpToDate = 0
  712. if Log.has_key("debug"):
  713. Log["debug"] += "\t%s\n" % (self.cur.mogrify(query, data))
  714. else:
  715. Log["debug"] = "\t%s\n" % (self.cur.mogrify(query, data))
  716.  
  717. if key == "obj_description":
  718. if isgroup:
  719. query = DbInc.Queries["UPDATE"]["group_description"]
  720. data = (ldap_user[key], self.objects[ldap_userid]["obj_id"],)
  721. self.cur.execute(query, data)
  722.  
  723. if Log.has_key("log"):
  724. Log["log"] += "\nUpdating Group Description \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])
  725. else:
  726. Log["log"] = "Updating Group Description \"%s\" to \"%s\"" % (self.objects[ldap_userid][key], ldap_user[key])
  727.  
  728. if debug:
  729. userUpToDate = 0
  730. if Log.has_key("debug"):
  731. Log["debug"] += "\t%s\n" % (self.cur.mogrify(query, data))
  732. else:
  733. Log["debug"] = "\t%s\n" % (self.cur.mogrify(query, data))
  734.  
  735. if debug:
  736. if userUpToDate:
  737. if Log.has_key("debug"):
  738. Log["debug"] += "\t%s is Up to date" % (ldap_user["obj_full_name"])
  739. else:
  740. Log["debug"] = "\t%s is Up to date" % (ldap_user["obj_full_name"])
  741.  
  742. return Log
  743.  
  744. def del_object(self, object, debug):
  745. Log = {}
  746. if object["obj_group_ind"]:
  747. query = DbInc.Queries["DELETE"]["group"]
  748. else:
  749. query = DbInc.Queries["DELETE"]["user"]
  750.  
  751. data = (object["obj_id"],)
  752. if not object["obj_group_ind"]:
  753. if Log.has_key("log"):
  754. Log["log"] += "\nRemoving user: %s" % (object["obj_full_name"])
  755. else:
  756. Log["log"] = "Removing user: %s" % (object["obj_full_name"])
  757. else:
  758. if Log.has_key("log"):
  759. Log["log"] += "\nRemoving Group: %s" % (object["obj_full_name"])
  760. else:
  761. Log["log"] = "Removing Group: %s" % (object["obj_full_name"])
  762.  
  763. if debug:
  764. if Log.has_key("debug"):
  765. Log["debug"] += "\n\t%s" % (self.cur.mogrify(query, data))
  766. else:
  767. Log["debug"] = "\t%s" % (self.cur.mogrify(query, data))
  768.  
  769. self.cur.execute(query, data)
  770. return Log
  771.  
  772. def build_DN2OID(self, _connectorId):
  773. self.user_DN2OID = {}
  774. self.group_DN2OID = {}
  775.  
  776. query = DbInc.Queries["SELECT"]["users_objects"]
  777. data = (str(_connectorId),)
  778. self.cur.execute(query, data)
  779. res = self.cur.fetchall()
  780. for row in res:
  781. self.user_DN2OID[row["user_dn"]] = row["id"]
  782.  
  783. query = DbInc.Queries["SELECT"]["groups_objects"]
  784. data = (str(_connectorId),)
  785. self.cur.execute(query, data)
  786. res = self.cur.fetchall()
  787. for row in res:
  788. self.group_DN2OID[row["group_dn"]] = row["id"]
  789.  
  790. def add_object2group(self, objectID, groupID, isgroup, debug):
  791. Log = {}
  792. if isgroup:
  793. query = DbInc.Queries["INSERT"]["group_member_of"]
  794. else:
  795. query = DbInc.Queries["INSERT"]["user_member_of"]
  796.  
  797. data = (objectID, groupID)
  798. self.cur.execute(query, data)
  799. if debug:
  800. if Log.has_key("debug"):
  801. Log["debug"] += "\t%s\n" % (self.cur.mogrify(query, data))
  802. else:
  803. Log["debug"] = "\t%s\n" % (self.cur.mogrify(query, data))
  804.  
  805. def del_object2group(self, objectID, groupID, isgroup, debug):
  806. Log = {}
  807. if isgroup:
  808. query = DbInc.Queries["DELETE"]["group_member_of"]
  809. else:
  810. query = DbInc.Queries["DELETE"]["user_member_of"]
  811. data = (objectID, groupID)
  812. self.cur.execute(query, data)
  813.  
  814. if debug:
  815. if Log.has_key("debug"):
  816. Log["debug"] += "\t%s\n" % (self.cur.mogrify(query, data))
  817. else:
  818. Log["debug"] = "\t%s\n" % (self.cur.mogrify(query, data))
  819.  
  820. def set_ldapogid(self, dn, ldapogid, isgroup, debug):
  821. Log = {}
  822. if isgroup:
  823. query = DbInc.Queries["UPDATE"]["group_ldap_ogid"]
  824. else:
  825. query = DbInc.Queries["UPDATE"]["user_ldap_ogid"]
  826.  
  827. data = (dn, ldapogid)
  828. self.cur.execute(query, data)
  829.  
  830. if Log.has_key("log"):
  831. Log["log"] += "\nSetting Up LdapOgid (%s) for: (%s)" % (dn, ldapogid)
  832. else:
  833. Log["log"] = "Setting Up LdapOgid (%s) for: (%s)" % (dn, ldapogid)
  834.  
  835. if debug:
  836. if Log.has_key("debug"):
  837. Log["debug"] += "\t%s\n" % (self.cur.mogrify(query, data))
  838. else:
  839. Log["debug"] = "\t%s\n" % (self.cur.mogrify(query, data))
  840.  
  841. return Log
  842.  
  843. def ldap_ogid_exists(self):
  844. """Get information about ldap_ogid column"""
  845. self.cur.execute("""
  846. SELECT 1
  847. FROM information_schema.columns
  848. WHERE column_name = 'ldap_ogid'
  849. """)
  850. return True if self.cur.rowcount else False
  851.  
  852. def add_ldap_ogid_column(self):
  853. """Alter db schema and add missing column"""
  854. sql = [
  855. 'alter table policy.users add column ldap_ogid character varying;',
  856. 'alter table policy.groups add column ldap_ogid character varying;'
  857. ]
  858. try:
  859. for query in sql:
  860. self.cur.execute(query)
  861. self.db.commit()
  862. return True
  863. except Exception as e:
  864. print e
  865. self.db.rollback()
  866.  
  867.  
  868. def LOGGER(msg):
  869. logger = logging.getLogger('ldap_sync')
  870. hdlr = logging.FileHandler('./ldap_sync.log')
  871. # formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
  872. formatter = logging.Formatter('%(asctime)s %(name)s %(message)s')
  873. hdlr.setFormatter(formatter)
  874. logger.addHandler(hdlr)
  875. logger.setLevel(logging.INFO)
  876. logger.info(msg)
  877.  
  878.  
  879. def LOGGER(msg, hndl):
  880. hndl.info(msg)
  881. print msg
  882.  
  883.  
  884. def init_LOGGER():
  885. logger = logging.getLogger('ldap_sync')
  886. hdlr = logging.FileHandler('/tmp/ldap_sync.log')
  887. os.fchown(hdlr.stream.fileno(), pwd.getpwnam('apache').pw_uid, getgrnam("apache").gr_gid)
  888. # formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
  889. formatter = logging.Formatter('%(asctime)s %(name)s %(message)s')
  890. hdlr.setFormatter(formatter)
  891. logger.addHandler(hdlr)
  892. logger.setLevel(logging.INFO)
  893. return logger
  894.  
  895.  
  896. def runsystemcmd(cmd, debug, log_handler):
  897. LOGGER("Running: %s" % cmd, log_handler)
  898. # (output, err) = subprocess.Popen(shlex.split(cmd), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).communicate()
  899. p = subprocess.Popen(shlex.split(cmd), shell=False)
  900. try:
  901. os.waitpid(p.pid, 0)[1]
  902. except:
  903. pass
  904.  
  905.  
  906. def main():
  907. parser = OptionParser()
  908. parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, help="set DEBUG true")
  909. parser.add_option("-l", "--ldapid", dest="ldapid", action="store", help="Test LDAP connector ID")
  910. parser.add_option("--connectorid", dest="connectorid", action="store", help="Synchronize connector ID")
  911. parser.add_option("--SetLdapOgid", dest="SetLdapOgid", action="store_true", default=False, help="Setting LdapOgids of existing users and groups in case that are missing ...")
  912. (options, args) = parser.parse_args(sys.argv[1:])
  913.  
  914. log_handler = init_LOGGER()
  915. # print options
  916. debug = options.debug
  917. connectorID = None
  918. check_only = False
  919. partly_successful_flag = False
  920. user_counter = 0
  921.  
  922. # Check if python-ldap up to date, or ldap paged search will fail
  923. ldap_version = tuple(int(i) for i in ldap.__version__.split("."))
  924. if ldap_version < (2, 4):
  925. LOGGER("python-ldap module version is lover than 2.4,"
  926. "update needed.", log_handler)
  927. sys.exit(1)
  928.  
  929. try:
  930. with open("/usr/local/pineapp/x700/etc/PA_ALLOWED_USERS", "r") as allowed_users_file:
  931. max_allowed_users = allowed_users_file.read()
  932. try:
  933. max_allowed_users = int(max_allowed_users)
  934. except:
  935. LOGGER("illegal file contents (expected int)", log_handler)
  936. # if we can't read max users consider we have unlimited license
  937. max_allowed_users = 0
  938. except IOError:
  939. LOGGER("Allowed users file does not exists", log_handler)
  940. # if we can't read max users consider we have unlimited license
  941. max_allowed_users = 0
  942.  
  943. if options.ldapid:
  944. try:
  945. connectorID = int(options.ldapid)
  946. check_only = True
  947. except:
  948. print("Connector ID should be integer!")
  949. sys.exit(1)
  950. elif options.connectorid:
  951. try:
  952. connectorID = int(options.connectorid)
  953. except:
  954. print("Connector ID should be integer!")
  955. sys.exit(1)
  956.  
  957. if options.ldapid and options.connectorid:
  958. print("Test and synchronize commands cannot be used together. Please choose one only.")
  959. sys.exit(1)
  960. if debug:
  961. debugLog = ''
  962. LOGGER("START", log_handler)
  963.  
  964. sql = paDB(log_handler)
  965. if connectorID:
  966. sql.get_connector(connectorID)
  967. else:
  968. sql.get_connectors()
  969.  
  970. if len(sql.connectors) == 0:
  971. print("Connector with ID %s wasn't found." % connectorID)
  972. sys.exit(1)
  973.  
  974. # some backuped schema may not contain column `ldap_ogid`, try to add it
  975. if not sql.ldap_ogid_exists():
  976. LOGGER(
  977. "Missing `ldap_ogid` in policy schema, adding...", log_handler)
  978. if not sql.add_ldap_ogid_column():
  979. sys.exit(1)
  980.  
  981. cix = 0
  982. for connector in sql.connectors:
  983. pldap = paLdap(connector, fields, log_handler)
  984. if check_only:
  985. # pldap.connect()
  986. pldap.disconnect()
  987. sys.exit(0)
  988. ldap_memberShip = {}
  989. LOGGER("Synchronizing against LDAP (%s)" % (pldap.server), log_handler)
  990.  
  991. user_count = pldap.get_connector_users()
  992. pldap.get_connector_groups()
  993.  
  994. ldap_objects = {}
  995. if max_allowed_users == 0:
  996. ldap_objects.update(pldap.users)
  997. elif user_counter + user_count <= max_allowed_users:
  998. # in case when connector user count is lower than
  999. # max_users
  1000. ldap_objects.update(pldap.users)
  1001. user_counter += user_count
  1002. elif user_counter < max_allowed_users < user_counter + user_count:
  1003. # in case when max_users limit is not yet used and
  1004. # connector has another chunk of objects
  1005. for key, user in pldap.users.items():
  1006. if user_counter == max_allowed_users:
  1007. partly_successful_flag = True
  1008. break
  1009. ldap_objects.update({key: user})
  1010. user_counter += 1
  1011. else:
  1012. partly_successful_flag = True
  1013.  
  1014. ldap_objects.update(pldap.groups)
  1015.  
  1016. sql.get_objects(connector["ldap_id"])
  1017. sql_objects = {}
  1018. sql_objects.update(sql.objects)
  1019.  
  1020. if options.SetLdapOgid:
  1021.  
  1022. cix += 1
  1023. for o in sql.InitialSqlObjects:
  1024. for k, v in ldap_objects.items():
  1025. if o.has_key("user_dn"):
  1026. if ldap_objects[k]["obj_dn"] == o["user_dn"]:
  1027. log = sql.set_ldapogid(k, o["user_dn"], 0, debug)
  1028. if log.has_key("log") and not debug:
  1029. LOGGER(log["log"], log_handler)
  1030.  
  1031. if debug:
  1032. LOGGER(log["debug"], log_handler)
  1033. else:
  1034. if ldap_objects[k]["obj_dn"] == o["group_dn"]:
  1035. log = sql.set_ldapogid(k, o["group_dn"], 1, debug)
  1036. if log.has_key("log") and not debug:
  1037. LOGGER(log["log"], log_handler)
  1038.  
  1039. if debug:
  1040. LOGGER(log["debug"], log_handler)
  1041.  
  1042. if cix == len(sql.connectors):
  1043. sql.db.commit()
  1044. LOGGER("\n\nLdapOgids were fixed please run sync again without \"--SetLdapOgid\" option", log_handler)
  1045. sys.exit()
  1046. else:
  1047. continue
  1048.  
  1049. for k, v in sql_objects.items():
  1050. if not ldap_objects.has_key(k):
  1051. log = sql.del_object(sql_objects[k], debug)
  1052.  
  1053. if log.has_key("log") and not debug:
  1054. LOGGER(log["log"], log_handler)
  1055.  
  1056. if debug:
  1057. LOGGER(log["debug"], log_handler)
  1058.  
  1059. for k, v in ldap_objects.items():
  1060. if not sql_objects.has_key(k):
  1061. log = sql.add_object(ldap_objects[k], k, connector["ldap_id"], debug, ldap_objects[k]["isgroup"])
  1062.  
  1063. if log.has_key("log") and not debug:
  1064. LOGGER(log["log"], log_handler)
  1065.  
  1066. if debug:
  1067. if log.has_key("debug"):
  1068. LOGGER(log["debug"], log_handler)
  1069.  
  1070. else:
  1071. log = sql.update_object(ldap_objects[k], k, connector["ldap_id"], debug, ldap_objects[k]["isgroup"])
  1072.  
  1073. if log.has_key("log") and not debug:
  1074. LOGGER(log["log"], log_handler)
  1075.  
  1076. if debug:
  1077. if log.has_key("debug"):
  1078. LOGGER(log["debug"], log_handler)
  1079.  
  1080. ### Building LDAP Group and User memberships
  1081. if ldap_objects[k]["isgroup"]:
  1082. if ldap_objects[k].has_key("member"):
  1083. ldap_memberShip[ldap_objects[k]["obj_dn"]] = ldap_objects[k]["member"]
  1084. else:
  1085. if ldap_objects[k].has_key("memberOf"):
  1086. for groupDN in list(ldap_objects[k]["memberOf"]):
  1087. if ldap_memberShip.has_key(groupDN):
  1088. ldap_memberShip[groupDN].add(ldap_objects[k]["obj_dn"])
  1089.  
  1090. else:
  1091. tmp_set = set()
  1092. tmp_set.add(ldap_objects[k]["obj_dn"])
  1093. ldap_memberShip[groupDN] = tmp_set
  1094.  
  1095. sql.build_DN2OID(connector["ldap_id"])
  1096. sql.buid_membership()
  1097.  
  1098. for groupDN, members in sql.memberShip.items():
  1099. if ldap_memberShip.has_key(groupDN):
  1100. if len(members.difference(ldap_memberShip[groupDN])):
  1101. isgroup = False
  1102. for member in list(members.difference(ldap_memberShip[groupDN])):
  1103. if sql.user_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
  1104. # LOGGER("Removing user (%s) from group (%s)" % (member, sql.group_DN2OID[groupDN]), log_handler)
  1105. LOGGER("Removing user [%s](OID: %s) to group [%s](GID: %s)" % (member, sql.user_DN2OID[member],
  1106. groupDN, sql.group_DN2OID[groupDN]), log_handler)
  1107. sql.del_object2group(sql.user_DN2OID[member], sql.group_DN2OID[groupDN], isgroup, debug)
  1108. if sql.group_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
  1109. isgroup = True
  1110. # LOGGER("Removing group (%s) from group (%s)" % (member, sql.group_DN2OID[groupDN]), log_handler)
  1111. LOGGER("Removing group [%s](GID: %s) from group [%s](GID: %s)" % (member, sql.group_DN2OID[member],
  1112. groupDN, sql.group_DN2OID[groupDN]), log_handler)
  1113. sql.del_object2group(sql.group_DN2OID[member], sql.group_DN2OID[groupDN], isgroup, debug)
  1114.  
  1115. for groupDN, members in ldap_memberShip.items():
  1116. if not sql.memberShip.has_key(groupDN):
  1117. for member in list(members):
  1118. isgroup = False
  1119. if sql.user_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
  1120. # LOGGER("Adding User(DN): %s to group (%s) " % (sql.user_DN2OID[member],sql.group_DN2OID[groupDN]),log_handler)
  1121. LOGGER("Adding User(DN): [%s](OID: %s) to group [%s](GID: %s)" % (member, sql.user_DN2OID[member],
  1122. groupDN, sql.group_DN2OID[groupDN]), log_handler)
  1123. sql.add_object2group(sql.user_DN2OID[member], sql.group_DN2OID[groupDN], isgroup, debug)
  1124. if sql.group_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
  1125. isgroup = True
  1126. # LOGGER("Adding Group(DN): %s to group (%s) " % (sql.group_DN2OID[member],sql.group_DN2OID[groupDN]),log_handler)
  1127. LOGGER("Adding Group(DN): [%s](GID: %s) to group [%s](GID: %s)" % (member, sql.group_DN2OID[member],
  1128. groupDN, sql.group_DN2OID[groupDN]), log_handler)
  1129. sql.add_object2group(sql.group_DN2OID[member], sql.group_DN2OID[groupDN], isgroup, debug)
  1130. else:
  1131. if len(members.difference(sql.memberShip[groupDN])):
  1132. for member in list(members.difference(sql.memberShip[groupDN])):
  1133. isgroup = False
  1134. if sql.user_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
  1135. # LOGGER("Adding (update) User(DN): %s to group (%s) " % (member,sql.group_DN2OID[groupDN]),log_handler)
  1136. LOGGER("Adding (update) User(DN): [%s](OID: %s) to group [%s](GID: %s)" % (member, sql.user_DN2OID[member],
  1137. groupDN, sql.group_DN2OID[groupDN]), log_handler)
  1138. sql.add_object2group(sql.user_DN2OID[member], sql.group_DN2OID[groupDN], isgroup, debug)
  1139. if sql.group_DN2OID.has_key(member) and sql.group_DN2OID.has_key(groupDN):
  1140. isgroup = True
  1141. # LOGGER("Adding (update) Group(DN): %s to group (%s) " % (member,sql.group_DN2OID[groupDN]),log_handler)
  1142. LOGGER("Adding (update) Group(DN): [%s](GID: %s) to group [%s](GID: %s)" % (member, sql.group_DN2OID[member],
  1143. groupDN, sql.group_DN2OID[groupDN]), log_handler)
  1144. sql.add_object2group(sql.group_DN2OID[member], sql.group_DN2OID[groupDN], isgroup, debug)
  1145.  
  1146. sql.db.commit()
  1147. for cmd in DbInc.PostSyncActions["CMDS"]:
  1148. runsystemcmd(cmd, debug, log_handler)
  1149.  
  1150. if debug:
  1151. LOGGER("END", log_handler)
  1152.  
  1153. if partly_successful_flag:
  1154. sys.exit(11)
  1155.  
  1156.  
  1157. if __name__ == "__main__":
  1158. sys.exit(main())
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!