def forwards(self, orm):
        datastore = get_kg27_datastore()
        if datastore is None:
            return
        for institute in orm.Institute.objects.iterator():
            name = str(institute.name.lower().replace(' ', ''))
            try:
                lgroup = datastore._groups().get(gidNumber=institute.gid)
            except datastore._group.DoesNotExist:
                try:
                    print("+++ insitute %s group gid=%s does not exist, "
                          "checking name=%s" %
                          (institute.name, institute.gid, institute.name))
                    lgroup = datastore._groups().get(cn=name)
                except datastore._group.DoesNotExist:
                    print("+++ institute %s creating group gid=%s name=%s" %
                          (institute.name, institute.gid, institute.name))
                    lgroup = datastore._groups().create(
                        gidNumber=institute.gid, cn=name)

            if not db.dry_run:
                group, c = orm['people.group'].objects.get_or_create(
                    name=lgroup.cn)
                institute.group = group
                institute.save()

                for member in lgroup.secondary_accounts.iterator():
                    person = orm['people.person'].objects.get(
                        user__username=member.uid)
                    person.groups.add(group)
    def forwards(self, orm):
        "Write your forwards methods here."
        # Note: Remember to use orm['appname.ModelName'] rather than "from appname.models..."
        if db.dry_run:
            return

        datastore = get_kg27_datastore()
        if datastore is None:
            return

        last_uid = None
        for obj in datastore._accounts():
            if last_uid is None or obj.uidNumber > last_uid:
                last_uid = obj.uidNumber
        if last_uid is not None:
            entry, created = orm['methods.counters'].objects.get_or_create(
                name="uidNumber", defaults={'count': last_uid + 1})
            if not created:
                entry.count = last_uid + 1
                entry.save()

        last_gid = None
        for obj in datastore._groups():
            if last_gid is None or obj.gidNumber > last_gid:
                last_gid = obj.gidNumber
        if last_gid is not None:
            entry, created = orm['methods.counters'].objects.get_or_create(
                name="gidNumber", defaults={'count': last_gid + 1})
            if not created:
                entry.count = last_gid + 1
                entry.save()
    def forwards(self, orm):
        datastore = get_kg27_datastore()
        if datastore is None:
            return
        for person in orm.person.objects.iterator():
            # check if the account is active or deleted
            # note we don't check date_deleted as date_deleted not always set
            if person.user.is_active:
                # Yes - Account is active.
                try:
                    # Try to find LDAP entry with same name as person username. If
                    # one exists, assume it is the same person.
                    p = datastore._accounts().get(uid=person.user.username)
                    person.login_enabled = not p.is_locked()
                except datastore._account.DoesNotExist:
                    # If we cannot find LDAP entry, assume this is because person
                    # has no access.
                    print(
                        "+++ person username=%s has no ldap entry; "
                        "disabling logins"
                        % person.username)
                    person.login_enabled = False

            else:
                # No - Account is deleted, obviously logins should be disabled.
                person.login_enabled = False

            # Save the updates to the person
            person.save()
Ejemplo n.º 4
0
    def forwards(self, orm):
        datastore = get_kg27_datastore()
        if datastore is None:
            return
        for person in orm.person.objects.iterator():
            # check if the account is active or deleted
            # note we don't check date_deleted as date_deleted not always set
            if person.user.is_active:
                # Yes - Account is active.
                try:
                    # Try to find LDAP entry with same name as person username. If
                    # one exists, assume it is the same person.
                    p = datastore._accounts().get(uid=person.user.username)
                    person.login_enabled = not p.is_locked()
                except datastore._account.DoesNotExist:
                    # If we cannot find LDAP entry, assume this is because person
                    # has no access.
                    print("+++ person username=%s has no ldap entry; "
                          "disabling logins" % person.username)
                    person.login_enabled = False

            else:
                # No - Account is deleted, obviously logins should be disabled.
                person.login_enabled = False

            # Save the updates to the person
            person.save()
    def forwards(self, orm):
        "Write your forwards methods here."
        datastore = get_kg27_datastore()
        if datastore is None:
            return
        for ua in orm.useraccount.objects.iterator():
            if ua.date_deleted is None:
                # Yes - Account is active.
                try:
                    # Try to find LDAP entry with same name as person username.
                    # If one exists, assume it is the same person.
                    p = datastore._accounts().get(uid=ua.username)
                    ua.login_enabled = not p.is_locked()
                except datastore._account.DoesNotExist:
                    # If we cannot find LDAP entry, assume this is because
                    # account has no access.
                    print(
                        "+++ account username=%s has no ldap entry; "
                        "disabling logins"
                        % ua.username)
                    ua.login_enabled = False

            else:
                # No - Account is deleted, obviously logins should be disabled.
                ua.login_enabled = False

            # Save the updates to the person
            ua.save()
Ejemplo n.º 6
0
    def forwards(self, orm):
        datastore = get_kg27_datastore()
        if datastore is None:
            return
        for person in orm.person.objects.iterator():
            # check if the account is active or deleted
            # note we don't check date_deleted as date_deleted not always set
            if person.user.is_active:
                # Yes - Account is active.
                try:
                    # Try to find LDAP entry with same name as person username. If
                    # one exists, assume it is the same person.
                    p = datastore._accounts().get(uid=person.user.username)
                    if p.userPassword is not None:
                        person.legacy_ldap_password = p.userPassword
                except datastore._account.DoesNotExist:
                    # If we cannot find LDAP entry, assume this is because person
                    # has no access.
                    print(
                        "+++ person username=%s has no ldap entry; "
                        "user's password will be invalid"
                        % person.username)
                    person.legacy_ldap_password = None

            else:
                # No - Account is deleted, obviously no legacy password
                person.legacy_ldap_password = None

            # Save the updates to the person
            person.save()
Ejemplo n.º 7
0
    def forwards(self, orm):
        "Write your forwards methods here."
        datastore = get_kg27_datastore()
        if datastore is None:
            return
        for ua in orm.useraccount.objects.iterator():
            if ua.date_deleted is None:
                # Yes - Account is active.
                try:
                    # Try to find LDAP entry with same name as person username.
                    # If one exists, assume it is the same person.
                    p = datastore._accounts().get(uid=ua.username)
                    ua.login_enabled = not p.is_locked()
                except datastore._account.DoesNotExist:
                    # If we cannot find LDAP entry, assume this is because
                    # account has no access.
                    print("+++ account username=%s has no ldap entry; "
                          "disabling logins" % ua.username)
                    ua.login_enabled = False

            else:
                # No - Account is deleted, obviously logins should be disabled.
                ua.login_enabled = False

            # Save the updates to the person
            ua.save()
    def forwards(self, orm):
        datastore = get_kg27_datastore()
        if datastore is None:
            return
        for institute in orm.Institute.objects.iterator():
            name = str(institute.name.lower().replace(' ', ''))
            try:
                lgroup = datastore._groups().get(gidNumber=institute.gid)
            except datastore._group.DoesNotExist:
                try:
                    print(
                        "+++ insitute %s group gid=%s does not exist, "
                        "checking name=%s"
                        % (institute.name, institute.gid, institute.name))
                    lgroup = datastore._groups().get(cn=name)
                except datastore._group.DoesNotExist:
                    print(
                        "+++ institute %s creating group gid=%s name=%s"
                        % (institute.name, institute.gid, institute.name))
                    lgroup = datastore._groups().create(gidNumber=institute.gid, cn=name)

            if not db.dry_run:
                group, c = orm['people.group'].objects.get_or_create(name=lgroup.cn)
                institute.group = group
                institute.save()

                for member in lgroup.secondary_accounts.iterator():
                    person = orm['people.person'].objects.get(user__username=member.uid)
                    person.groups.add(group)
Ejemplo n.º 9
0
    def forwards(self, orm):
        "Write your forwards methods here."
        # Note: Remember to use orm['appname.ModelName'] rather than "from appname.models..."
        if db.dry_run:
            return

        datastore = get_kg27_datastore()
        if datastore is None:
            return

        last_uid = None
        for obj in datastore._accounts():
            if last_uid is None or obj.uidNumber > last_uid:
                last_uid = obj.uidNumber
        if last_uid is not None:
            entry, created = orm["methods.counters"].objects.get_or_create(
                name="uidNumber", defaults={"count": last_uid + 1}
            )
            if not created:
                entry.count = last_uid + 1
                entry.save()

        last_gid = None
        for obj in datastore._groups():
            if last_gid is None or obj.gidNumber > last_gid:
                last_gid = obj.gidNumber
        if last_gid is not None:
            entry, created = orm["methods.counters"].objects.get_or_create(
                name="gidNumber", defaults={"count": last_gid + 1}
            )
            if not created:
                entry.count = last_gid + 1
                entry.save()
 def backwards(self, orm):
     datastore = get_kg27_datastore()
     if datastore is None:
         return
     for software in orm.SoftwarePackage.objects.iterator():
         lgroup = datastore._groups().get(cn=software.group.name)
         software.gid = lgroup.gidNumber
         software.save()
 def backwards(self, orm):
     datastore = get_kg27_datastore()
     if datastore is None:
         return
     for institute in orm.Institute.objects.iterator():
         lgroup = datastore._groups().get(cn=institute.group.name)
         institute.gid = lgroup.gidNumber
         institute.save()
 def backwards(self, orm):
     datastore = get_kg27_datastore()
     if datastore is None:
         return
     for institute in orm.Institute.objects.iterator():
         lgroup = datastore._groups().get(cn=institute.group.name)
         institute.gid = lgroup.gidNumber
         institute.save()
 def backwards(self, orm):
     datastore = get_kg27_datastore()
     if datastore is None:
         return
     for software in orm.SoftwarePackage.objects.iterator():
         lgroup = datastore._groups().get(cn=software.group.name)
         software.gid = lgroup.gidNumber
         software.save()
Ejemplo n.º 14
0
 def forwards(self, orm):
     datastore = get_kg27_datastore()
     if datastore is None:
         return
     for account in orm["machines.useraccount"].objects.filter(date_deleted__isnull=True):
         try:
             p = datastore._accounts().get(uid=account.username)
             if p.is_locked():
                 account.shell = account.previous_shell
             else:
                 account.shell = p.loginShell
             if not account.shell:
                 account.shell = "/bin/bash"
             account.save()
         except datastore._account.DoesNotExist:
             print("+++ account username=%s has no ldap entry; " "can't set account shell" % account.username)
             pass
    def forwards(self, orm):
        datastore = get_kg27_datastore()
        if datastore is None:
            return
        for software in orm.SoftwarePackage.objects.iterator():
            if software.gid is None:
                software.group = None
                software.save()
            else:
                lgroup = datastore._groups().get(gidNumber=software.gid)

                if not db.dry_run:
                    group, c = orm['people.group'].objects.get_or_create(name=lgroup.cn)
                    software.group = group
                    software.save()

                    for member in lgroup.secondary_accounts.iterator():
                        person = orm['people.person'].objects.get(user__username=member.uid)
                        person.groups.add(group)
Ejemplo n.º 16
0
 def forwards(self, orm):
     datastore = get_kg27_datastore()
     if datastore is None:
         return
     for account in orm['machines.useraccount'].objects.filter(
             date_deleted__isnull=True):
         try:
             p = datastore._accounts().get(uid=account.username)
             if p.is_locked():
                 account.shell = account.previous_shell
             else:
                 account.shell = p.loginShell
             if not account.shell:
                 account.shell = "/bin/bash"
             account.save()
         except datastore._account.DoesNotExist:
             print("+++ account username=%s has no ldap entry; "
                   "can't set account shell" % account.username)
             pass
    def forwards(self, orm):
        datastore = get_kg27_datastore()
        if datastore is None:
            return
        for software in orm.SoftwarePackage.objects.iterator():
            if software.gid is None:
                software.group = None
                software.save()
            else:
                lgroup = datastore._groups().get(gidNumber=software.gid)

                if not db.dry_run:
                    group, c = orm['people.group'].objects.get_or_create(
                        name=lgroup.cn)
                    software.group = group
                    software.save()

                    for member in lgroup.secondary_accounts.iterator():
                        person = orm['people.person'].objects.get(
                            user__username=member.uid)
                        person.groups.add(group)
Ejemplo n.º 18
0
    def handle_machine_category(self, mc, delete, dry_run):
        # if datastore name is not ldap, we are not interested
        if mc.datastore != "ldap":
            print(
                "machine category %s datastore %s is not LDAP; nothing to do"
                % (mc, mc.datastore))
            return

        # retreive the LDAP datastores
        kg27_datastore = get_kg27_datastore()
        if kg27_datastore is None:
            print("KG27_DATASTORE not set; nothing to do")
            return
        try:
            global_datastore = get_global_test_datastore(0)
            assert isinstance(global_datastore, dldap.GlobalDataStore)
        except IndexError:
            global_datastore = None
        machine_category_datastore = get_machine_category_test_datastore(
            mc.datastore, 0)
        assert isinstance(
            machine_category_datastore, dldap.MachineCategoryDataStore)

        # get the base dn
        kg27_account_dn = self.get_base(kg27_datastore, 'LDAP_ACCOUNT_BASE')
        kg27_group_dn = self.get_base(kg27_datastore, 'LDAP_GROUP_BASE')

        if global_datastore is not None:
            # we need to keep the people
            person_base_dn = self.get_base(
                global_datastore, 'LDAP_PERSON_BASE')
            pgroup_base_dn = self.get_base(
                global_datastore, 'LDAP_GROUP_BASE')
        else:
            # we need to destroy the people and keep the accounts
            person_base_dn = None
            pgroup_base_dn = None

        account_base_dn = self.get_base(
            machine_category_datastore, 'LDAP_ACCOUNT_BASE')
        agroup_base_dn = self.get_base(
            machine_category_datastore, 'LDAP_GROUP_BASE')

        # create the base dn
        # note we do this even if --dry-run given, as otherwise
        # we get confused if dn doesn't exist
        self.create_base(machine_category_datastore, account_base_dn)
        self.create_base(machine_category_datastore, agroup_base_dn)

        # sanity check
        assert pgroup_base_dn != agroup_base_dn
        assert person_base_dn != account_base_dn

        # process kg27 people/accounts
        for p in kg27_datastore._accounts() \
                .base_dn(kg27_account_dn):

            delete_this = delete

            # if this is an account, copy to new place
            if 'posixAccount' in p.objectClass:
                # this was an account; then there was no person in LDAP

                # copy account to correct place
                try:
                    dst = machine_category_datastore._accounts().get(uid=p.uid)
                    if _eq(p.dn, dst.dn):
                        delete_this = False
                    if 'posixAccount' not in dst.objectClass:
                        delete_this = False

                        # This shouldn't normally ever happen.
                        if dry_run:
                            print(
                                "Conflicting person exists, would delete "
                                "person %s " % dst.dn)
                        else:
                            print(
                                "Conflicting person exists, deleting "
                                "person %s " % dst.dn)
                            dst.delete()
                        raise machine_category_datastore._person.DoesNotExist
                except machine_category_datastore._account.DoesNotExist:
                    new_account = machine_category_datastore._create_account()
                    for i, _ in new_account.get_fields():
                        if i != "objectClass":
                            value = getattr(p, i)
                            setattr(new_account, i, value)

                    if dry_run:
                        print(
                            "Would copy account %s to account %s"
                            % (p.dn, account_base_dn))
                    else:
                        new_account.save()
                        print(
                            "Copying account %s to account %s"
                            % (p.dn, new_account.dn))

            # all kg27 entries are persons, copy person to correct place
            if global_datastore is not None:
                if 'posixAccount' in p.objectClass:
                    # we are looking at an account, we need to get the person
                    account = Account.objects.get(
                        username=p.uid, machine_category=mc)
                    person = Person.objects.get(account=account)
                    uid = person.username
                else:
                    # we are looking at a person, we already have the uid
                    uid = p.uid

                # Create person, if required.  This is better then calling
                # person.save() as we get the password too.
                try:
                    dst = global_datastore._people().get(uid=uid)
                    if _eq(p.dn, dst.dn):
                        delete_this = False
                    if 'posixAccount' in dst.objectClass:
                        delete_this = False
                        if dry_run:
                            print(
                                "Conflicting account exists, would delete "
                                "account %s " % dst.dn)
                        else:
                            print(
                                "Conflicting account exists, deleting "
                                "account %s " % dst.dn)
                            dst.delete()
                        raise global_datastore._person.DoesNotExist

                except global_datastore._person.DoesNotExist:
                    new_person = global_datastore._create_person()
                    for i, _ in new_person.get_fields():
                        if i != "objectClass":
                            value = getattr(p, i)
                            setattr(new_person, i, value)

                    if dry_run:
                        print(
                            "Would copy account %s to person %s"
                            % (p.dn, person_base_dn))
                    else:
                        new_person.save()
                        print(
                            "Copying account %s to person %s"
                            % (p.dn, new_person.dn))

            if delete_this:
                if dry_run:
                    print("Would delete %s" % p.dn)
                else:
                    print("deleting %s" % p.dn)
                    p.delete()

        # process groups
        for g in kg27_datastore._groups() \
                .base_dn(kg27_group_dn):

            delete_this = delete

            if global_datastore is not None:
                try:
                    dst = global_datastore._groups().get(cn=g.cn)
                    if _eq(g.dn, dst.dn):
                        delete_this = False
                except global_datastore._group.DoesNotExist:
                    new_group = global_datastore._create_group()
                    for i, _ in new_group.get_fields():
                        if i != "objectClass":
                            value = getattr(g, i)
                            setattr(new_group, i, value)

                    if dry_run:
                        print("Would copy group %s to %s"
                              % (g.dn, pgroup_base_dn))
                    else:
                        new_group.save()
                        print("Copying group %s to %s" % (g.dn, new_group.dn))

            try:
                dst = machine_category_datastore._groups().get(cn=g.cn)
                if _eq(g.dn, dst.dn):
                    delete_this = False
            except machine_category_datastore._group.DoesNotExist:
                new_group = machine_category_datastore._create_group()
                for i, _ in new_group.get_fields():
                    if i != "objectClass":
                        value = getattr(g, i)
                        setattr(new_group, i, value)

                if dry_run:
                    print("Would copy group %s to %s" % (g.dn, agroup_base_dn))
                else:
                    new_group.save()
                    print("Copying group %s to %s" % (g.dn, new_group.dn))

            if delete_this:
                if dry_run:
                    print("Would delete %s" % g.dn)
                else:
                    print("deleting %s" % g.dn)
                    g.delete()
Ejemplo n.º 19
0
    def handle_machine_category(self, mc, delete, dry_run):
        # if datastore name is not ldap, we are not interested
        if mc.datastore != "ldap":
            print(
                "machine category %s datastore %s is not LDAP; nothing to do" %
                (mc, mc.datastore))
            return

        # retreive the LDAP datastores
        kg27_datastore = get_kg27_datastore()
        if kg27_datastore is None:
            print("KG27_DATASTORE not set; nothing to do")
            return
        try:
            global_datastore = get_global_test_datastore(0)
            assert isinstance(global_datastore, dldap.GlobalDataStore)
        except IndexError:
            global_datastore = None
        machine_category_datastore = get_machine_category_test_datastore(
            mc.datastore, 0)
        assert isinstance(machine_category_datastore,
                          dldap.MachineCategoryDataStore)

        # get the base dn
        kg27_account_dn = self.get_base(kg27_datastore, 'LDAP_ACCOUNT_BASE')
        kg27_group_dn = self.get_base(kg27_datastore, 'LDAP_GROUP_BASE')

        if global_datastore is not None:
            # we need to keep the people
            person_base_dn = self.get_base(global_datastore,
                                           'LDAP_PERSON_BASE')
            pgroup_base_dn = self.get_base(global_datastore, 'LDAP_GROUP_BASE')
        else:
            # we need to destroy the people and keep the accounts
            person_base_dn = None
            pgroup_base_dn = None

        account_base_dn = self.get_base(machine_category_datastore,
                                        'LDAP_ACCOUNT_BASE')
        agroup_base_dn = self.get_base(machine_category_datastore,
                                       'LDAP_GROUP_BASE')

        # create the base dn
        # note we do this even if --dry-run given, as otherwise
        # we get confused if dn doesn't exist
        self.create_base(machine_category_datastore, account_base_dn)
        self.create_base(machine_category_datastore, agroup_base_dn)

        # sanity check
        assert pgroup_base_dn != agroup_base_dn
        assert person_base_dn != account_base_dn

        # process kg27 people/accounts
        for p in kg27_datastore._accounts() \
                .base_dn(kg27_account_dn):

            delete_this = delete

            # if this is an account, copy to new place
            if 'posixAccount' in p.objectClass:
                # this was an account; then there was no person in LDAP

                # copy account to correct place
                try:
                    dst = machine_category_datastore._accounts().get(uid=p.uid)
                    if _eq(p.dn, dst.dn):
                        delete_this = False
                    if 'posixAccount' not in dst.objectClass:
                        delete_this = False

                        # This shouldn't normally ever happen.
                        if dry_run:
                            print("Conflicting person exists, would delete "
                                  "person %s " % dst.dn)
                        else:
                            print("Conflicting person exists, deleting "
                                  "person %s " % dst.dn)
                            dst.delete()
                        raise machine_category_datastore._person.DoesNotExist
                except machine_category_datastore._account.DoesNotExist:
                    new_account = machine_category_datastore._create_account()
                    for i, _ in new_account.get_fields():
                        if i != "objectClass":
                            value = getattr(p, i)
                            setattr(new_account, i, value)

                    if dry_run:
                        print("Would copy account %s to account %s" %
                              (p.dn, account_base_dn))
                    else:
                        new_account.save()
                        print("Copying account %s to account %s" %
                              (p.dn, new_account.dn))

            # all kg27 entries are persons, copy person to correct place
            if global_datastore is not None:
                if 'posixAccount' in p.objectClass:
                    # we are looking at an account, we need to get the person
                    account = Account.objects.get(username=p.uid,
                                                  machine_category=mc)
                    person = Person.objects.get(account=account)
                    uid = person.username
                else:
                    # we are looking at a person, we already have the uid
                    uid = p.uid

                # Create person, if required.  This is better then calling
                # person.save() as we get the password too.
                try:
                    dst = global_datastore._people().get(uid=uid)
                    if _eq(p.dn, dst.dn):
                        delete_this = False
                    if 'posixAccount' in dst.objectClass:
                        delete_this = False
                        if dry_run:
                            print("Conflicting account exists, would delete "
                                  "account %s " % dst.dn)
                        else:
                            print("Conflicting account exists, deleting "
                                  "account %s " % dst.dn)
                            dst.delete()
                        raise global_datastore._person.DoesNotExist

                except global_datastore._person.DoesNotExist:
                    new_person = global_datastore._create_person()
                    for i, _ in new_person.get_fields():
                        if i != "objectClass":
                            value = getattr(p, i)
                            setattr(new_person, i, value)

                    if dry_run:
                        print("Would copy account %s to person %s" %
                              (p.dn, person_base_dn))
                    else:
                        new_person.save()
                        print("Copying account %s to person %s" %
                              (p.dn, new_person.dn))

            if delete_this:
                if dry_run:
                    print("Would delete %s" % p.dn)
                else:
                    print("deleting %s" % p.dn)
                    p.delete()

        # process groups
        for g in kg27_datastore._groups() \
                .base_dn(kg27_group_dn):

            delete_this = delete

            if global_datastore is not None:
                try:
                    dst = global_datastore._groups().get(cn=g.cn)
                    if _eq(g.dn, dst.dn):
                        delete_this = False
                except global_datastore._group.DoesNotExist:
                    new_group = global_datastore._create_group()
                    for i, _ in new_group.get_fields():
                        if i != "objectClass":
                            value = getattr(g, i)
                            setattr(new_group, i, value)

                    if dry_run:
                        print("Would copy group %s to %s" %
                              (g.dn, pgroup_base_dn))
                    else:
                        new_group.save()
                        print("Copying group %s to %s" % (g.dn, new_group.dn))

            try:
                dst = machine_category_datastore._groups().get(cn=g.cn)
                if _eq(g.dn, dst.dn):
                    delete_this = False
            except machine_category_datastore._group.DoesNotExist:
                new_group = machine_category_datastore._create_group()
                for i, _ in new_group.get_fields():
                    if i != "objectClass":
                        value = getattr(g, i)
                        setattr(new_group, i, value)

                if dry_run:
                    print("Would copy group %s to %s" % (g.dn, agroup_base_dn))
                else:
                    new_group.save()
                    print("Copying group %s to %s" % (g.dn, new_group.dn))

            if delete_this:
                if dry_run:
                    print("Would delete %s" % g.dn)
                else:
                    print("deleting %s" % g.dn)
                    g.delete()