def doOxTrustChanges(self, oxTrustPath):
parser = MyLDIF(open(oxTrustPath, 'rb'), sys.stdout)
parser.targetAttr = "oxTrustConfApplication"
atr = parser.parse()
oxTrustConfApplication = parser.lastEntry['oxTrustConfApplication'][0]
oxTrustConfApplication = oxTrustConfApplication.replace(
'seam/resource/', '')
parser.lastEntry['oxTrustConfApplication'][0] = oxTrustConfApplication
base64Types = [
"oxTrustConfApplication", "oxTrustConfImportPerson",
"oxTrustConfCacheRefresh"
]
out = CreateLDIF(parser.lastDN,
parser.getLastEntry(),
base64_attrs=base64Types)
newfile = oxTrustPath.replace('/oxtrust_config.ldif',
'/oxtrust_config_new.ldif')
# print (newfile)
f = open(newfile, 'w')
f.write(out)
f.close()
os.remove(oxTrustPath)
os.rename(newfile, oxTrustPath)
def doClientsChangesForUMA2(self, clientPath):
parser = MyLDIF(open(clientPath, 'rb'), sys.stdout)
parser.parse()
atr = parser.parse()
newfile = clientPath.replace('/clients.ldif', '/clients_new.ldif')
f = open(newfile, 'w')
base64Types = []
for idx, val in enumerate(parser.entries):
if 'displayName' in val:
if val['displayName'][0] == 'Pasport Resource Server Client':
parser.entries[idx]["oxAuthGrantType"] = ['client_credentials']
self.passport_rs_client_id = parser.entries[idx]["inum"][0]
elif val['displayName'][0] == 'SCIM Resource Server Client':
parser.entries[idx]["oxAuthGrantType"] = ['client_credentials']
self.scim_rs_client_id = parser.entries[idx]["inum"][0]
elif val['displayName'][0] == 'Passport Requesting Party Client':
parser.entries[idx]["oxAuthGrantType"] = ['client_credentials']
self.passport_rp_client_id = parser.entries[idx]["inum"][0]
elif val['displayName'][0] == 'SCIM Requesting Party Client':
parser.entries[idx]["oxAuthGrantType"] = ['client_credentials']
self.scim_rp_client_id = parser.entries[idx]["inum"][0]
out = CreateLDIF(parser.getDNs()[idx],
parser.entries[idx],
base64_attrs=base64Types)
f.write(out)
f.close()
os.remove(clientPath)
os.rename(newfile, clientPath)
def doApplinceChanges(oxappliancesPath):
parser = MyLDIF(open(oxappliancesPath, 'rb'), sys.stdout)
parser.parse()
base64Types = []
idpConfig = json.loads(parser.entries[0]['oxIDPAuthentication'][0])
idpConfig['name'] = None
idpConfig['priority'] = 1
del idpConfig['version']
del idpConfig['level']
idpConfigJson = json.loads(idpConfig['config'])
idpConfig['config'] = json.dumps(idpConfigJson, indent=4, sort_keys=True)
parser.entries[0]['oxIDPAuthentication'][0] = json.dumps(idpConfig,
indent=4,
sort_keys=True)
out = CreateLDIF(parser.lastDN,
parser.getLastEntry(),
base64_attrs=base64Types)
newfile = oxappliancesPath.replace('/appliance.ldif', '/appliancenew.ldif')
f = open(newfile, 'w')
f.write(out)
f.close()
os.remove(oxappliancesPath)
os.rename(newfile, oxappliancesPath)
def doOxTrustChanges(oxTrustPath):
parser = MyLDIF(open(oxTrustPath, 'rb'), sys.stdout)
parser.targetAttr = "oxTrustConfApplication"
atr = parser.parse()
oxTrustConfApplication = parser.lastEntry['oxTrustConfApplication'][0]
oxTrustConfApplication = oxTrustConfApplication.replace(
'seam/resource/', '')
parser.lastEntry['oxTrustConfApplication'][0] = oxTrustConfApplication
oxTrustConfApplicationJson = json.loads(oxTrustConfApplication)
oxTrustConfApplicationJson['ScimProperties'] = json.loads(
'{"maxCount": "200"}')
del oxTrustConfApplicationJson['loggingLevel']
del oxTrustConfApplicationJson['oxIncommonFlag']
del oxTrustConfApplicationJson['recaptchaSiteKey']
del oxTrustConfApplicationJson['recaptchaSecretKey']
parser.lastEntry['oxTrustConfApplication'][0] = json.dumps(
oxTrustConfApplicationJson, indent=4, sort_keys=True)
oxTrustConfCacheRefresh = parser.lastEntry['oxTrustConfCacheRefresh'][0]
oxTrustConfCacheRefreshJson = json.loads(oxTrustConfCacheRefresh)
oxTrustConfCacheRefreshJson['inumConfig'][
'bindDN'] = oxTrustConfCacheRefreshJson['inumConfig'][
'bindDN'].replace('cn=directory manager',
'cn=directory manager,o=site')
oxTrustConfCacheRefreshJson[
'snapshotFolder'] = '/var/ox/identity/cr-snapshots/'
parser.lastEntry['oxTrustConfCacheRefresh'][0] = json.dumps(
oxTrustConfCacheRefreshJson, indent=4, sort_keys=True)
oxTrustConfImportPerson = [""]
oxTrustConfImportPerson[0] = json.dumps(
json.loads(
'{ "mappings": [{ "ldapName": "uid", "displayName": "Username", "dataType": "string", "required": "true" }, { "ldapName": "givenName", "displayName": "First Name", "dataType": "string", "required": "true" }, { "ldapName": "sn", "displayName": "Last Name", "dataType": "string", "required": "true" }, { "ldapName": "mail", "displayName": "Email", "dataType": "string", "required": "true" }, { "ldapName": "userPassword", "displayName": "Password", "dataType": "string", "required": "false" }]}'
))
parser.lastEntry['oxTrustConfImportPerson'] = oxTrustConfImportPerson[0]
base64Types = [
"oxTrustConfApplication", "oxTrustConfImportPerson",
"oxTrustConfCacheRefresh", "oxTrustConfImportPerson"
]
out = CreateLDIF(parser.lastDN,
parser.getLastEntry(),
base64_attrs=base64Types)
newfile = oxTrustPath.replace('/oxtrust_config.ldif',
'/oxtrust_config_new.ldif')
# print (newfile)
f = open(newfile, 'w')
f.write(out)
f.close()
os.remove(oxTrustPath)
os.rename(newfile, oxTrustPath)
def handle(self, dn, entry):
changed = False
for attr in entry.keys():
if attr in json_attrs:
json_object = json.loads(entry[attr][0])
for json_key in json_object.keys():
value = json_object[json_key]
if type(value) == type([]):
if len(value) == 1:
value = value[0]
if type(value) != type(unicode("")):
continue
if value.find(targetString) >= 0:
json_object[json_key] = json_object[json_key].replace(
targetString, replaceString)
log("dn: %s\nattr: %s\nkey: %s\nvalue: %s\n" %
(dn, attr, json_key, value))
new_json = json.dumps(json_object)
old_value = {attr: entry[attr]}
new_value = {attr: [new_json]}
mod_list = ldap.modlist.modifyModlist(old_value, new_value)
print CreateLDIF(dn, mod_list, [attr])
log("New JSON Object:\n %s" % new_json)
else:
updated = False
updated_value = []
for value in entry[attr]:
if value.find(targetString) >= 0:
updated_value.append(
value.replace(targetString, replaceString))
updated = True
log("dn: %s\nattr: %s\nvalue: %s\n" %
(dn, attr, value))
else:
updated_value.append(value)
if updated:
old_value = {attr: entry[attr]}
new_value = {attr: updated_value}
mod_list = ldap.modlist.modifyModlist(old_value, new_value)
print CreateLDIF(dn, mod_list)
def removeDeprecatedScripts(self, oxScriptPath):
parser = MyLDIF(open(oxScriptPath, 'rb'), sys.stdout)
parser.parse()
base64Types = ["oxScript"]
newfile = oxScriptPath.replace('/scripts.ldif', '/scripts_new.ldif')
f = open(newfile, 'a')
for idx, val in enumerate(parser.entries):
if 'displayName' in val:
if val['displayName'][0] != 'uma_authorization_policy':
out = CreateLDIF(parser.getDNs()[idx], parser.entries[idx], base64_attrs=base64Types)
f.write(out)
f.close()
os.remove(oxScriptPath)
os.rename(newfile, oxScriptPath)
def doUmaResourcesChangesForUma2(self, UmaPath):
scimClient = ''
passportClient = ''
inumOrg = self.inumOrg
with open('/install/community-edition-setup/setup.properties.last', 'r') as f:
content = f.readlines()
for line in content:
if 'scim_rp_client_id' in line:
scimClient = line.replace("scim_rp_client_id=", "")
elif 'passport_rp_client_id' in line:
passportClient = line.replace("passport_rp_client_id=", "")
parser = MyLDIF(open(UmaPath, 'rb'), sys.stdout)
parser.parse()
atr = parser.parse()
newfile = UmaPath.replace('/uma.ldif', '/uma_new.ldif')
f = open(newfile, 'w')
base64Types = []
hostname = self.getOutput([self.hostname]).strip()
for idx, val in enumerate(parser.entries):
if 'displayName' in val:
if len(val['oxId'][0]) > 1 and 'ou=resource_sets' in parser.getDNs()[idx]:
parser.getDNs()[idx] = parser.getDNs()[idx].replace('inum=' + val['inum'][0],
'oxId=' + val['oxId'][0]).replace('resource_sets',
'resources')
if val['oxId'][0] == 'scim_access':
parser.entries[idx]["oxId"] = ['https://' + hostname + ' /oxauth/restv1/uma/scopes/scim_access']
elif val['oxId'][0] == 'passport_access':
parser.entries[idx]["oxId"] = ['https://' + hostname + ' /oxauth/restv1/uma/scopes/passport_access']
if val['displayName'][0] == 'SCIM Resource Set':
parser.entries[idx]["oxResource"] = ['https://' + hostname + ' /identity/restv1/scim/v1']
parser.entries[idx]['oxAssociatedClient'] = [
('inum=' + scimClient + ',ou=clients,o=' + inumOrg + ",o=gluu").replace("\n", '')]
elif val['displayName'][0] == 'Passport Resource Set':
parser.entries[idx]["oxResource"] = ['https://' + hostname + ' /identity/restv1/passport/config']
parser.entries[idx]['oxAssociatedClient'] = [
('inum=' + passportClient + ',ou=clients,o=' + inumOrg + ",o=gluu").replace("\n", '')]
out = CreateLDIF(parser.getDNs()[idx], parser.entries[idx], base64_attrs=base64Types)
f.write(out)
f.close()
os.remove(UmaPath)
os.rename(newfile, UmaPath)
def removeDeprecatedScripts(self, oxScriptPath):
parser = MyLDIF(open(oxScriptPath, 'rb'), sys.stdout)
parser.parse()
base64Types = ["oxScript"]
newfile = oxScriptPath.replace('/scripts.ldif', '/scripts_new.ldif')
f = open(newfile, 'a')
for idx, val in enumerate(parser.entries):
if 'inum' in val and val['inum'][0].endswith('2DAF.F995'):
addMigratedData({
'inum': val['inum'][0],
'gluuStatus': val['gluuStatus'][0]
})
continue
out = CreateLDIF(parser.getDNs()[idx],
parser.entries[idx],
base64_attrs=base64Types)
f.write(out)
f.close()
os.remove(oxScriptPath)
os.rename(newfile, oxScriptPath)
def doAttributeChange(self, attributePath):
parser = MyLDIF(open(attributePath, 'rb'), sys.stdout)
parser.parse()
parser.parse()
newfile = attributePath.replace('attributes.ldif', 'attributes_new.ldif')
f = open(newfile, 'w')
base64Types = []
for idx, val in enumerate(parser.entries):
if 'inum' in val:
if (val['gluuAttributeName'][0] == "gluuStatus"):
print(parser.entries[idx])
parser.entries[idx]["displayName"] = ['User Status']
out = CreateLDIF(parser.getDNs()[idx],
parser.entries[idx],
base64_attrs=base64Types)
f.write(out)
f.close()
os.remove(attributePath)
os.rename(newfile, attributePath)
def dooxAuthChangesFor31(self, oxAuthPath):
parser = MyLDIF(open(oxAuthPath, 'rb'), sys.stdout)
parser.targetAttr = "oxAuthConfDynamic"
atr = parser.parse()
oxAuthConfDynamic = parser.lastEntry['oxAuthConfDynamic'][0]
oxAuthConfDynamic = oxAuthConfDynamic.replace('seam/resource/', '')
oxAuthConfDynamic = oxAuthConfDynamic.replace('restv1/oxauth/', 'restv1/')
oxAuthConfDynamic = oxAuthConfDynamic.replace('restv1/uma-configuration', 'restv1/uma2-configuration')
dataOxAuthConfDynamic = json.loads(oxAuthConfDynamic)
dataOxAuthConfDynamic['grantTypesSupported'].append('password')
dataOxAuthConfDynamic['grantTypesSupported'].append('client_credentials')
dataOxAuthConfDynamic['grantTypesSupported'].append('refresh_token')
dataOxAuthConfDynamic['grantTypesSupported'].append('urn:ietf:params:oauth:grant-type:uma-ticket')
dataOxAuthConfDynamic['accessTokenLifetime'] = 300
dataOxAuthConfDynamic['sessionIdLifetime'] = 86400
dataOxAuthConfDynamic['enableClientGrantTypeUpdate'] = True
dataOxAuthConfDynamic['externalLoggerConfiguration'] = ""
dataOxAuthConfDynamic['httpLoggingEnabled'] = False
dataOxAuthConfDynamic['httpLoggingExludePaths'] = []
dataOxAuthConfDynamic['logClientIdOnClientAuthentication'] = True
dataOxAuthConfDynamic['logClientNameOnClientAuthentication'] = False
dataOxAuthConfDynamic['persistIdTokenInLdap'] = False
dataOxAuthConfDynamic['persistRefreshTokenInLdap'] = True
dataOxAuthConfDynamic['personCustomObjectClassList'] = ["gluuCustomPerson", "gluuPerson"]
dataOxAuthConfDynamic['idTokenSigningAlgValuesSupported'].append("ES512")
dataOxAuthConfDynamic['idTokenSigningAlgValuesSupported'].append("none")
dataOxAuthConfDynamic['corsConfigurationFilters'] = []
dataCross = {
'corsAllowedHeaders': 'Origin,Authorization,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers',
'corsAllowedMethods': 'GET,POST,HEAD,OPTIONS', 'corsAllowedOrigins': '*', 'corsExposedHeaders': '',
'corsLoggingEnabled': False, 'corsPreflightMaxAge': 1800, 'corsRequestDecorate': True,
'corsSupportCredentials': True, 'filterName': 'CorsFilter'}
dataOxAuthConfDynamic['corsConfigurationFilters'].append(dataCross)
DynamicGrantTypeDefault = '["authorization_code","implicit","client_credentials","refresh_token","urn:ietf:params:oauth:grant-type:uma-ticket"]'
dataOxAuthConfDynamic['dynamicGrantTypeDefault'] = (json.loads(DynamicGrantTypeDefault))
dataOxAuthConfDynamic['responseTypesSupported'] = []
dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["code"]'))
dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["code","id_token"]'))
dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["token"]'))
dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["token","id_token"]'))
dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["code","token","id_token"]'))
dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["id_token"]'))
dataOxAuthConfDynamic['dynamicRegistrationCustomObjectClass'] = ""
dataOxAuthConfDynamic['dynamicRegistrationCustomAttributes'] = ['oxAuthTrustedClient']
printOxAuthConfDynamic = json.dumps(dataOxAuthConfDynamic, indent=4, sort_keys=True)
# print (printOxAuthConfDynamic)
parser.lastEntry['oxAuthConfDynamic'][0] = printOxAuthConfDynamic
dataOxAuthConfErrors = json.loads(parser.lastEntry['oxAuthConfErrors'][0])
grant = {'id': ("invalid_grant_and_session"), 'description': (
"he provided access token and session state are invalid or were issued to another client."), 'uri': (None)}
session = {'id': ("session_not_passed"), 'description': ("The provided session state is empty."), 'uri': (None)}
post_logout = {'id': ("post_logout_uri_not_passed"), 'description': ("The provided post logout uri is empty."),
'uri': (None)}
post_logout_uri = {'id': ("post_logout_uri_not_associated_with_client"),
'description': ("The provided post logout uri is not associated with client."), 'uri': (None)}
invalid_logout_uri = {'id': ("invalid_logout_uri"), 'description': ("The provided logout_uri is invalid."),
'uri': (None)}
dataOxAuthConfErrors['endSession'].append(grant)
dataOxAuthConfErrors['endSession'].append(session)
dataOxAuthConfErrors['endSession'].append(post_logout)
dataOxAuthConfErrors['endSession'].append(post_logout_uri)
dataOxAuthConfErrors['endSession'].append(invalid_logout_uri)
register = {'description': "Value of one or more claims_redirect_uris is invalid.",
'id': "invalid_claims_redirect_uri", 'uri': None}
dataOxAuthConfErrors['register'].append(register)
uma = {'description': "The provided session is invalid.", 'id': "invalid_session", 'uri': None}
dataOxAuthConfErrors['uma'].append(uma)
uma1 = {'description': 'Forbidden by policy (policy returned false).', 'id': "forbidden_by_policy", 'uri': None}
dataOxAuthConfErrors['uma'].append(uma1)
uma2 = {'description': 'The provided permission request is not valid.', 'id': "invalid_permission_request",
'uri': None}
dataOxAuthConfErrors['uma'].append(uma2)
uma3 = {
'description': 'The claims-gathering script name is not provided or otherwise failed to load script with this name(s).',
'id': "invalid_claims_gathering_script_name", 'uri': None}
dataOxAuthConfErrors['uma'].append(uma3)
uma4 = {'description': 'The provided ticket was not found at the AS.', 'id': "invalid_ticket", 'uri': None}
dataOxAuthConfErrors['uma'].append(uma4)
uma5 = {'description': 'The provided client_id is not valid.', 'id': "invalid_client_id", 'uri': None}
dataOxAuthConfErrors['uma'].append(uma5)
uma6 = {'description': 'The provided claims_redirect_uri is not valid.', 'id': "invalid_claims_redirect_uri",
'uri': None}
dataOxAuthConfErrors['uma'].append(uma6)
uma7 = {
'description': 'The claim token format is blank or otherwise not supported (supported format is http://openid.net/specs/openid-connect-core-1_0.html#IDToken).',
'id': "invalid_claims_redirect_uri", 'uri': None}
dataOxAuthConfErrors['uma'].append(uma7)
uma8 = {
'description': 'The claim token is not valid or unsupported. (If format is http://openid.net/specs/openid-connect-core-1_0.html#IDToken then claim token has to be ID Token).',
'id': "invalid_claim_token", 'uri': None}
dataOxAuthConfErrors['uma'].append(uma8)
uma9 = {'description': 'PCT is invalid (revoked, expired or does not exist anymore on AS)', 'id': "invalid_pct",
'uri': None}
dataOxAuthConfErrors['uma'].append(uma9)
uma10 = {'description': 'RPT is invalid (revoked, expired or does not exist anymore on AS)', 'id': "invalid_rpt",
'uri': None}
dataOxAuthConfErrors['uma'].append(uma10)
uma11 = {
'description': 'The provided grant_type valid does not equal to urn:ietf:params:oauth:grant-type:uma-ticket value which is required by UMA 2.',
'id': "invalid_grant_type", 'uri': None}
dataOxAuthConfErrors['uma'].append(uma11)
# printOxAuthConfErrors = json.dumps(dataOxAuthConfErrors, indent=4, sort_keys=True)
# print (printOxAuthConfErrors)
base64Types = ["oxAuthConfStatic", "oxAuthConfWebKeys", "oxAuthConfErrors", "oxAuthConfDynamic"]
out = CreateLDIF(parser.lastDN, parser.getLastEntry(), base64_attrs=base64Types)
newfile = oxAuthPath.replace('/oxauth_config.ldif', '/oxauth_config_new.ldif')
# print (newfile)
f = open(newfile, 'w')
f.write(out)
f.close()
os.remove(oxAuthPath)
os.rename(newfile, oxAuthPath)
def doOxTrustChanges(oxTrustPath):
parser = MyLDIF(open(oxTrustPath, 'rb'), sys.stdout)
parser.targetAttr = "oxTrustConfApplication"
atr = parser.parse()
oxTrustConfApplication = parser.lastEntry['oxTrustConfApplication'][0]
oxTrustConfApplication = oxTrustConfApplication.replace(
'seam/resource/', '')
parser.lastEntry['oxTrustConfApplication'][0] = oxTrustConfApplication
oxTrustConfApplicationJson = json.loads(oxTrustConfApplication)
oxTrustConfApplicationJson['clientBlackList'] = ["*.attacker.com/*"]
oxTrustConfApplicationJson['clientWhiteList'] = ["*"]
oxTrustConfApplicationJson[
'idp3EncryptionCert'] = '/etc/certs/idp-encryption.crt'
oxTrustConfApplicationJson[
'idp3SigningCert'] = '/etc/certs/idp-signing.crt'
oxTrustConfApplicationJson['organizationName'] = 'Gluu Inc.'
oxTrustConfApplicationJson[
'velocityLog'] = '/opt/gluu/jetty/identity/logs/velocity.log'
oxTrustConfApplicationJson['personObjectClassDisplayNames'] = [
"gluuCustomPerson", "gluuPerson", "eduPerson"
]
oxTrustConfApplicationJson['personObjectClassTypes'] = [
"gluuCustomPerson", "gluuPerson", "eduPerson"
]
oxTrustConfApplicationJson['rptConnectionPoolCustomKeepAliveTimeout'] = 5
oxTrustConfApplicationJson['rptConnectionPoolDefaultMaxPerRoute'] = 20
oxTrustConfApplicationJson['rptConnectionPoolMaxTotal'] = 200
oxTrustConfApplicationJson['rptConnectionPoolUseConnectionPooling'] = True
oxTrustConfApplicationJson['rptConnectionPoolValidateAfterInactivity'] = 10
oxTrustConfApplicationJson['ScimProperties'] = json.loads(
'{"maxCount": "200"}')
oxTrustConfApplicationJson[
'shibboleth3FederationRootDir'] = "/opt/shibboleth-federation"
oxTrustConfApplicationJson['shibboleth3IdpRootDir'] = "/opt/shibboleth-idp"
oxTrustConfApplicationJson[
'shibboleth3SpConfDir'] = '/opt/shibboleth-idp/sp'
oxTrustConfApplicationJson['shibbolethVersion'] = 'v3'
oxTrustConfApplicationJson['ldifStore'] = "/var/ox/identity/removed"
oxTrustConfApplicationJson['personCustomObjectClass'] = 'gluuCustomPerson'
try:
del oxTrustConfApplicationJson['umaClientKeyId']
del oxTrustConfApplicationJson['umaClientKeyStoreFile']
del oxTrustConfApplicationJson['umaResourceId']
del oxTrustConfApplicationJson['umaScope']
del oxTrustConfApplicationJson['umaClientId']
del oxTrustConfApplicationJson['shibboleth2SpConfDir']
del oxTrustConfApplicationJson['shibboleth2IdpRootDir']
del oxTrustConfApplicationJson['shibboleth2FederationRootDir']
del oxTrustConfApplicationJson[
'schemaAddObjectClassWithoutAttributeTypesDefinition']
del oxTrustConfApplicationJson[
'schemaAddObjectClassWithAttributeTypesDefinition']
del oxTrustConfApplicationJson['schemaAddAttributeDefinition']
del oxTrustConfApplicationJson['recaptchaSiteKey']
del oxTrustConfApplicationJson['recaptchaSecretKey']
del oxTrustConfApplicationJson['oxAuthUserInfo']
del oxTrustConfApplicationJson['oxAuthTokenValidationUrl']
del oxTrustConfApplicationJson['oxAuthTokenUrl']
del oxTrustConfApplicationJson['oxAuthRegisterUrl']
del oxTrustConfApplicationJson['oxAuthEndSessionUrl']
del oxTrustConfApplicationJson['oxAuthLogoutUrl']
del oxTrustConfApplicationJson['oxAuthAuthorizeUrl']
del oxTrustConfApplicationJson['mysqlPassword']
del oxTrustConfApplicationJson['mysqlUrl']
del oxTrustConfApplicationJson['mysqlUser']
del oxTrustConfApplicationJson['authMode']
del oxTrustConfApplicationJson['umaClientKeyStorePassword']
except:
logging.debug("Error")
parser.lastEntry['oxTrustConfApplication'][0] = json.dumps(
oxTrustConfApplicationJson, indent=4, sort_keys=True)
oxTrustConfCacheRefresh = parser.lastEntry['oxTrustConfCacheRefresh'][0]
oxTrustConfCacheRefreshJson = json.loads(oxTrustConfCacheRefresh)
oxTrustConfCacheRefreshJson['inumConfig'][
'bindDN'] = oxTrustConfCacheRefreshJson['inumConfig'][
'bindDN'].replace('cn=directory manager',
'cn=directory manager,o=site')
oxTrustConfCacheRefreshJson[
'snapshotFolder'] = '/var/ox/identity/cr-snapshots/'
parser.lastEntry['oxTrustConfCacheRefresh'][0] = json.dumps(
oxTrustConfCacheRefreshJson, indent=4, sort_keys=True)
parser.lastEntry['oxTrustConfImportPerson'] = [
json.dumps(
json.loads(
'{ "mappings": [{ "ldapName": "uid", "displayName": "Username", "dataType": "string", "required": "true" }, { "ldapName": "givenName", "displayName": "First Name", "dataType": "string", "required": "true" }, { "ldapName": "sn", "displayName": "Last Name", "dataType": "string", "required": "true" }, { "ldapName": "mail", "displayName": "Email", "dataType": "string", "required": "true" }, { "ldapName": "userPassword", "displayName": "Password", "dataType": "string", "required": "false" }]}'
))
]
base64Types = [
"oxTrustConfApplication", "oxTrustConfImportPerson",
"oxTrustConfCacheRefresh", "oxTrustConfImportPerson"
]
out = CreateLDIF(parser.lastDN,
parser.getLastEntry(),
base64_attrs=base64Types)
newfile = oxTrustPath.replace('/oxtrust_config.ldif',
'/oxtrust_config_new.ldif')
# print (newfile)
f = open(newfile, 'w')
f.write(out)
f.close()
os.remove(oxTrustPath)
os.rename(newfile, oxTrustPath)
