def generate_all(fname): """Generate user + group LDIF to fname. @type fname: str @param fname: The file where the ldif data will be written """ logger.debug("Generating ldif into %s", fname) out = ldif_outfile("ORG", fname) out.write(container_entry_string("ORG")) helper = LDIFHelper(logger) logger.debug("Generating user ldif...") out.write(container_entry_string("USER")) for user in helper.yield_users(): dn = user["dn"][0] del user["dn"] out.write(entry_string(dn, user, False)) end_ldif_outfile("USER", out, out) logger.debug("Generating group ldif...") out.write(container_entry_string("GROUP")) for group in helper.yield_groups(): dn = group["dn"][0] del group["dn"] out.write(entry_string(dn, group, False)) end_ldif_outfile("GROUP", out) logger.debug("Done with group ldif (all done)")
def generate_all(fname): """Write user + group LDIF to fname.""" out = ldif_outfile("ORG", fname) logger.debug('writing to %r', out) out.write(container_entry_string("ORG")) helper = LDIFHelper(logger.getChild('LDIFHelper')) logger.info("Generating user ldif...") out.write(container_entry_string("USER")) for user in helper.yield_users(): dn = user["dn"][0] del user["dn"] out.write(entry_string(dn, user, False)) end_ldif_outfile("USER", out, out) logger.debug("Generating group ldif...") out.write(container_entry_string("GROUP")) for group in helper.yield_groups(): dn = group["dn"][0] del group["dn"] out.write(entry_string(dn, group, False)) end_ldif_outfile("GROUP", out)
def update_retained_trait(self): """ Finds and returns users that have either been retained from or exported to LDAP since the last run. Uses the LDIFHelper from ldap_notifier to figure out which users are eligible for export, then compares this to account traits and actual LDAP state. Prepares four sets of account_ids: all_exported - All users eligible for LDAP export not_exported - All users NOT eligible for LDAP export now_exported - Users that 1. are eligible for LDAP export 2. does have trait 'retained' (NOT previously exported) 3. currently exists in LDAP now_retained - Users that 1. are NOT eligible for LDAP export 2. does NOT have trait 'retained' (previously exported) 3. currently NOT in LDAP """ co = Factory.get('Constants')(self.db) ac = Factory.get('Account')(self.db) # For DEBUG - log timing debug_times = [ time(), ] def _add_debug_time(text): debug_times.append(time()) if text: self.logger.debug("Time (%0.2f s) %s", debug_times[-1] - debug_times[-2], text) # First we need to find all the changes helper = LDIFHelper(self.logger) exported_names = set([user['uid'][0] for user in helper.yield_users()]) _add_debug_time('Dummy LDAP export') all_accounts = ac.list_names(co.account_namespace) _add_debug_time("Fetched all accounts") has_trait = set(t['entity_id'] for t in ac.list_traits(code=co.trait_user_retained, fetchall=True)) # New exports: Was exported, and has 'retained' trait self.all_exported = set(a['entity_id'] for a in all_accounts if a['entity_name'] in exported_names) new_exports = self.all_exported.intersection(has_trait) self.now_exported = set() # New retainees, wasn't exported, and doesn't have trait self.not_exported = set( a['entity_id'] for a in all_accounts).difference(self.all_exported) new_retainees = self.not_exported.difference(has_trait) self.now_retained = set() _add_debug_time('Prepared sets') # THEN we need to verify their state against LDAP, and mirror that # state in Cerebrum for account_id in new_exports: ac.clear() ac.find(account_id) if self.verify_ldap(ac.account_name): ac.delete_trait(co.trait_user_retained) self.now_exported.add(account_id) # Else, user won't be in (verified) new export set, will retry next # time the script runs _add_debug_time("Verified new exports with LDAP") self.logger.debug( "%d of the %d exported users were" " previously retained", len(self.now_exported), len(self.all_exported)) for account_id in new_retainees: ac.clear() ac.find(account_id) verify = self.verify_ldap(ac.account_name) if verify is False: ac.populate_trait(co.trait_user_retained, numval=0) ac.write_db() self.now_retained.add(account_id) # Else, user won't be in (verified) new retainee set, will retry # next time the script runs _add_debug_time("Verified new retainees with LDAP") self.logger.debug( "%d of the %d retained users were" " previously exported", len(self.now_retained), len(self.not_exported)) if self.dryrun: self.db.rollback() else: self.db.commit()
def update_retained_trait(self): """ Finds and returns users that have either been retained from or exported to LDAP since the last run. Uses the LDIFHelper from ldap_notifier to figure out which users are eligible for export, then compares this to account traits and actual LDAP state. Prepares four sets of account_ids: all_exported - All users eligible for LDAP export not_exported - All users NOT eligible for LDAP export now_exported - Users that 1. are eligible for LDAP export 2. does have trait 'retained' (NOT previously exported) 3. currently exists in LDAP now_retained - Users that 1. are NOT eligible for LDAP export 2. does NOT have trait 'retained' (previously exported) 3. currently NOT in LDAP """ co = Factory.get("Constants")(self.db) ac = Factory.get("Account")(self.db) # For DEBUG - log timing debug_times = [time()] def _add_debug_time(text): debug_times.append(time()) if text: self.logger.debug("Time (%0.2f s) %s" % (debug_times[-1] - debug_times[-2], text)) # First we need to find all the changes helper = LDIFHelper(self.logger) exported_names = set([user["uid"][0] for user in helper.yield_users()]) _add_debug_time("Dummy LDAP export") all_accounts = ac.list_names(co.account_namespace) _add_debug_time("Fetched all accounts") has_trait = set(t["entity_id"] for t in ac.list_traits(code=co.trait_user_retained, fetchall=True)) # New exports: Was exported, and has 'retained' trait self.all_exported = set(a["entity_id"] for a in all_accounts if a["entity_name"] in exported_names) new_exports = self.all_exported.intersection(has_trait) self.now_exported = set() # New retainees, wasn't exported, and doesn't have trait self.not_exported = set(a["entity_id"] for a in all_accounts).difference(self.all_exported) new_retainees = self.not_exported.difference(has_trait) self.now_retained = set() _add_debug_time("Prepared sets") # THEN we need to verify their state against LDAP, and mirror that # state in Cerebrum for account_id in new_exports: ac.clear() ac.find(account_id) if self.verify_ldap(ac.account_name): ac.delete_trait(co.trait_user_retained) self.now_exported.add(account_id) # Else, user won't be in (verified) new export set, will retry next # time the script runs _add_debug_time("Verified new exports with LDAP") self.logger.debug( "%d of the %d exported users were previously retained" % (len(self.now_exported), len(self.all_exported)) ) for account_id in new_retainees: ac.clear() ac.find(account_id) verify = self.verify_ldap(ac.account_name) if verify is False: ac.populate_trait(co.trait_user_retained, numval=0) ac.write_db() self.now_retained.add(account_id) # Else, user won't be in (verified) new retainee set, will retry # next time the script runs _add_debug_time("Verified new retainees with LDAP") self.logger.debug( "%d of the %d retained users were previously exported" % (len(self.now_retained), len(self.not_exported)) ) if self.dryrun: self.db.rollback() else: self.db.commit()