Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /usr/bin/env python3
- import os
- import yaml
- import munch
- import ldap3
- import logging
- import passlib.hash
- import passlib.utils
- import envelopes
- import datetime
- LDAP_USER = 'cn=automaticum,ou=services,dc=maglab,dc=space'
- LDAP_PASS = ''
- MEMBERS_PATH = '/home/jali/jali/members'
- USER_BASE_DN = 'ou=users,dc=maglab,dc=space'
- GROUP_BASE_DN = 'ou=groups,dc=maglab,dc=space'
- USER_DN = 'cn={},' + USER_BASE_DN
- GROUP_DN = 'cn=members,' + GROUP_BASE_DN
- MAIL_HOST = 'mx2.open-mail.net'
- MAIL_PORT = 587
- MAIL_USER = 'vorstand@maglab.space'
- MAIL_PASS = ''
- MAIL_FROM = 'Vorstand <vorstand@maglab.space>'
- MAIL_COPY = 'Vorstand <vorstand@maglab.space>'
- MAIL_SUBJ = 'Dein mag.lab Account wurde angelegt'
- MAIL_TEXT = u'''\
- Hallo {nick},
- dein mag.lab Account wurde angelegt. Du kannst den Account benutzen um dich an
- den Diensten des Hackerpsace anzumelden. Weitere Informationen über den
- Benutzer-Account kannst du im Wiki[1] einsehen.
- Benutzer: {nick}
- Password: {password}
- Das Passwort wurde generiert und muss vor der ersten Verwendung geändert
- werden. Hierfür verwende bitte folgenden Link:
- https://ldap.maglab.space/
- Viel Spass und Willkommen im Verein.
- [1] https://wiki.maglab.space/wiki/Account
- '''
- def loadMembers():
- for path in os.listdir(MEMBERS_PATH):
- with open(os.path.join(MEMBERS_PATH, path), 'r') as f:
- member = munch.munchify(yaml.load(f))
- member.exists = False
- member.member = False
- yield member
- def sendMail(member):
- envelope = envelopes.Envelope(
- to_addr = (member.email, member.nick),
- from_addr = MAIL_FROM,
- bcc_addr = MAIL_COPY,
- subject = MAIL_SUBJ,
- text_body = MAIL_TEXT.format(**member.toDict()),
- )
- envelope.headers['Date'] = str(datetime.datetime.now())
- envelope.send(host=MAIL_HOST, port=MAIL_PORT, login=MAIL_USER, password=MAIL_PASS, tls=True)
- if __name__ == '__main__':
- logging.basicConfig(level=logging.DEBUG)
- members = {member.nick: member for member in loadMembers()}
- with ldap3.Connection(ldap3.Server("ldap", 636, use_ssl=True),
- user=LDAP_USER,
- password=LDAP_PASS,
- auto_bind=True,
- raise_exceptions=True,
- return_empty_attributes=True) as conn:
- conn.search(USER_BASE_DN,
- '(objectClass=inetOrgPerson)',
- attributes=['cn', 'memberOf'])
- for entry in conn.entries:
- if entry.cn.value not in members:
- logging.debug('Found non-member entry: %s - ignoring', entry.cn)
- continue
- members[entry.cn.value].exists = True
- try:
- members[entry.cn.value].member = GROUP_DN in entry.memberOf
- except AttributeError:
- pass
- for member in members.values():
- logging.debug('Processing member: %s', member.nick)
- dn = USER_DN.format(member.nick)
- if member.states[-1].member:
- if not member.exists:
- logging.debug('Member is active but does not exists - creating entry')
- password = passlib.utils.generate_password(size=24)
- password_hash = passlib.hash.ldap_salted_sha1.hash(password)
- sn, gn = member.name.rsplit(' ', 1)
- conn.add(dn, 'inetOrgPerson', {
- 'sn': sn,
- 'givenName': gn,
- 'mail': member.email or '',
- 'userPassword': password_hash,
- 'pwdReset': 'TRUE',
- })
- member.password = password
- sendMail(member)
- if not member.member:
- logging.debug('Member is active but not part of group - adding')
- conn.modify(GROUP_DN, {
- 'uniqueMember': [
- (ldap3.MODIFY_ADD, [dn])
- ]
- })
- else:
- if member.member:
- logging.debug('Member is no longer active but still part of group - removing')
- conn.modify(GROUP_DN, {
- 'uniqueMember': [
- (ldap3.MODIFY_DELETE, [dn])
- ]
- })
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
