Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import sys
- import optparse
- import ldap
- from suds.client import Client
- from vidyo_disabler_config import LDAP_HOST, LDAP_USER, LDAP_PASS, VIDYO_API, VIDYO_USER, VIDYO_PASS, VIDYO_EXCEPTIONS
- def get_all_ldap_users(ldap_conn, verbose):
- # For vidyo, we basically care about all human users in LDAP, regardless of which org they are in, since I think
- # community members could have vidyo accounts, as well as moco and mofo staff. We only need their e-mail address.
- # Doing one query and gathering *all* 3000+ users into a giant list is far less expensive than checking each of the
- # 1400+ users from vidyo individually
- all_users = ldap_conn.search_s(
- 'dc=mozilla',
- ldap.SCOPE_SUBTREE,
- '(&(objectClass=inetOrgPerson)(!(employeeType=DISABLED))(|(o:dn:=org)(o:dn:=com)(o:dn:=net)))',
- attrlist=['mail'])
- ldap_users = []
- for user in all_users:
- ldap_users.append(user[1]['mail'][0])
- if verbose:
- print "LDAP users:"
- print ldap_users
- return ldap_users
- def get_vidyo_users(vidyo_client, verbose):
- # The getMembers method of the API returns both the total number of users
- # as well as up to 200 users at a time. Here's my attempt at a simple
- # pagination fix in order to get all the users. First, we make a call asking for just
- # a single user, so that we can also get the total number of users, which is returned
- # in every call.
- Filter=vidyo_client.factory.create('Filter')
- Filter.limit = 1
- total_accounts = vidyo_client.service.getMembers(Filter).total
- # Now that we know the total number of users in vidyo, we can form a simple
- # while loop to grab 200 at a time, which is the max limit that the API will
- # return at once. So start at 0 position, then increment the position by 200
- # at the end of each iteration, while subtracting 200, so we loop until there
- # none left.
- Filter.limit = 200
- Filter.start = 0
- member_dict = {}
- while total_accounts > 0:
- resp = vidyo_client.service.getMembers(Filter)
- for member in resp.member:
- # It seems that human LDAP users have name and emailAddress set to the same
- # thing. Non-human accounts, like conference rooms and such don't seem to have
- # that similarity, and we probably don't care about those anyway, so to make
- # things easy, let's only look at users where the "name" attribute is identical
- # to emailAddress attribute.
- if member.name == member.emailAddress:
- member_dict[member.name] = member.memberID
- total_accounts -= 200
- Filter.start += 200
- # We care about the member.name (username/email) for comparing to LDAP, but
- # we need the memberID in order to delete a user, so we return a dict with both
- if verbose:
- print "vidyo users:"
- print member_dict
- return member_dict
- def delete_vidyo_member(vidyo_client, member, member_id, commit):
- print "deleting %s" % member
- if commit:
- # fix me. For testing and initial review, don't actually delete yet
- print "for real"
- #vidyo_client.service.deleteMember(member_id)
- def main(prog_args = None):
- if prog_args is None:
- prog_args = sys.argv
- # command line options. For Cron usage, we probably want only --commit.
- # For debug purposes, --verbose is more helpful
- parser = optparse.OptionParser()
- parser.usage = "Script to generate LDAP groups from search filters"
- parser.add_option ('-v', '--verbose',
- action='store_true',
- default=False,
- dest = 'verbose',
- help='verbose output')
- parser.add_option ('--commit',
- action='store_true',
- default=False,
- dest='commit',
- help='run script in commit mode')
- options, args = parser.parse_args(sys.argv[1:])
- commit = options.commit
- verbose = options.verbose
- # Using suds, initialize a SOAP client for the vidyo portal. Apparently it only
- # works with username and password.
- vidyo_client = Client(VIDYO_API, username=VIDYO_USER, password=VIDYO_PASS)
- # Main LDAP connection. This is used to get users from LDAP
- ldap_conn = ldap.initialize('ldap://%s' % LDAP_HOST)
- ldap_conn.start_tls_s()
- ldap_conn.simple_bind_s(LDAP_USER, LDAP_PASS)
- # We pretty much just need a list active users from vidyo and a list of
- # active users from LDAP in order to compare
- all_ldap_users = get_all_ldap_users(ldap_conn, verbose)
- all_vidyo_users = get_vidyo_users(vidyo_client, verbose)
- # For vidyo users, we get a dict back, because we want to display the e-mail
- # address of the user, but the deleteMember method needs the memberID.
- # Iterate through the email/memberid pairs checking each user against active
- # LDAP users, and if not found, and not in the exceptions list, delete.
- for k, v in all_vidyo_users.items():
- if k not in all_ldap_users:
- if k not in VIDYO_EXCEPTIONS:
- delete_vidyo_member(vidyo_client, k, v, commit)
- if __name__ == "__main__":
- main()
Add Comment
Please, Sign In to add comment