Exemple #1
0
def ldap_sync(add_to_changelog, only_username):
    # Store time of the last sync. Don't store after sync since parallel
    # requests to e.g. the page hook would cause duplicate calculations
    file(g_ldap_sync_time_file, 'w').write('%s\n' % time.time())

    # Flush ldap related before each sync to have a caching only for the
    # current sync process
    global g_ldap_user_cache, g_ldap_group_cache
    g_ldap_user_cache = {}
    g_ldap_group_cache = {}

    start_time = time.time()

    ldap_connect()

    # Unused at the moment, always sync all users
    #filt = None
    #if only_username:
    #    filt = '(%s=%s)' % (ldap_user_id_attr(), only_username)

    import wato
    users      = load_users()
    ldap_users = ldap_get_users()

    # Remove users which are controlled by this connector but can not be found in
    # LDAP anymore
    for user_id, user in users.items():
        if user.get('connector') == 'ldap' and user_id not in ldap_users:
            del users[user_id] # remove the user
            wato.log_pending(wato.SYNCRESTART, None, "edit-users", _("LDAP Connector: Removed user %s" % user_id))

    for user_id, ldap_user in ldap_users.items():
        if user_id in users:
            user = copy.deepcopy(users[user_id])
            mode_create = False
        else:
            user = new_user_template('ldap')
            mode_create = True

        # Skip all users not controlled by this connector
        if user.get('connector') != 'ldap':
            continue

        # Gather config from convert functions of plugins
        for key, params in config.ldap_active_plugins.items():
            user.update(ldap_attribute_plugins[key]['convert'](params, user_id, ldap_user, user))

        if not mode_create and user == users[user_id]:
            continue # no modification. Skip this user.

        # Gather changed attributes for easier debugging
        if not mode_create:
            set_new, set_old = set(user.keys()), set(users[user_id].keys())
            intersect = set_new.intersection(set_old)
            added = set_new - intersect
            removed = set_old - intersect
            changed = set(o for o in intersect if users[user_id][o] != user[o])

        users[user_id] = user # Update the user record

        if mode_create:
            wato.log_pending(wato.SYNCRESTART, None, "edit-users",
                             _("LDAP Connector: Created user %s" % user_id))
        else:
            wato.log_pending(wato.SYNCRESTART, None, "edit-users",
                 _("LDAP Connector: Modified user %s (Added: %s, Removed: %s, Changed: %s)" %
                    (user_id, ', '.join(added), ', '.join(removed), ', '.join(changed))))

    duration = time.time() - start_time
    ldap_log('SYNC FINISHED - Duration: %0.3f sec' % duration)

    save_users(users)
Exemple #2
0
def ldap_sync(add_to_changelog, only_username):
    # Store time of the last sync. Don't store after sync since parallel
    # requests to e.g. the page hook would cause duplicate calculations
    file(g_ldap_sync_time_file, 'w').write('%s\n' % time.time())

    if not config.ldap_connection or not ldap_user_base_dn_configured():
        return # silently skip sync without configuration

    # Flush ldap related before each sync to have a caching only for the
    # current sync process
    global g_ldap_user_cache, g_ldap_group_cache
    g_ldap_user_cache = {}
    g_ldap_group_cache = {}

    start_time = time.time()

    ldap_log('  SYNC PLUGINS: %s' % ', '.join(config.ldap_active_plugins.keys()))

    # Unused at the moment, always sync all users
    #filt = None
    #if only_username:
    #    filt = '(%s=%s)' % (ldap_user_id_attr(), only_username)

    ldap_users = ldap_get_users()

    import wato
    users = load_users(lock = True)

    # Remove users which are controlled by this connector but can not be found in
    # LDAP anymore
    for user_id, user in users.items():
        if user.get('connector') == 'ldap' and user_id not in ldap_users:
            del users[user_id] # remove the user
            wato.log_pending(wato.SYNCRESTART, None, "edit-users",
                _("LDAP Connector: Removed user %s" % user_id), user_id = '')

    for user_id, ldap_user in ldap_users.items():
        if user_id in users:
            user = copy.deepcopy(users[user_id])
            mode_create = False
        else:
            user = new_user_template('ldap')
            mode_create = True

        # Skip all users not controlled by this connector
        if user.get('connector') != 'ldap':
            continue

        # Gather config from convert functions of plugins
        for key, params in config.ldap_active_plugins.items():
            user.update(ldap_attribute_plugins[key]['convert'](key, params or {}, user_id, ldap_user, user))

        if not mode_create and user == users[user_id]:
            continue # no modification. Skip this user.

        # Gather changed attributes for easier debugging
        if not mode_create:
            set_new, set_old = set(user.keys()), set(users[user_id].keys())
            intersect = set_new.intersection(set_old)
            added = set_new - intersect
            removed = set_old - intersect
            changed = set(o for o in intersect if users[user_id][o] != user[o])

        users[user_id] = user # Update the user record

        if mode_create:
            wato.log_pending(wato.SYNCRESTART, None, "edit-users",
                             _("LDAP Connector: Created user %s" % user_id), user_id = '')
        else:
            details = []
            if added:
                details.append(_('Added: %s') % ', '.join(added))
            if removed:
                details.append(_('Removed: %s') % ', '.join(removed))

            # Ignore password changes from ldap - do not log them. For now.
            if 'ldap_pw_last_changed' in changed:
                changed.remove('ldap_pw_last_changed')
            if 'serial' in changed:
                changed.remove('serial')

            if changed:
                details.append(('Changed: %s') % ', '.join(changed))

            if details:
                wato.log_pending(wato.SYNCRESTART, None, "edit-users",
                     _("LDAP Connector: Modified user %s (%s)") % (user_id, ', '.join(details)),
                     user_id = '')

    duration = time.time() - start_time
    ldap_log('SYNC FINISHED - Duration: %0.3f sec' % duration)

    # delete the fail flag file after successful sync
    try:
        os.unlink(g_ldap_sync_fail_file)
    except OSError:
        pass

    save_users(users)
Exemple #3
0
def ldap_sync(add_to_changelog, only_username):
    # Store time of the last sync. Don't store after sync since parallel
    # requests to e.g. the page hook would cause duplicate calculations
    file(g_ldap_sync_time_file, 'w').write('%s\n' % time.time())

    # Flush ldap related before each sync to have a caching only for the
    # current sync process
    global g_ldap_user_cache, g_ldap_group_cache
    g_ldap_user_cache = {}
    g_ldap_group_cache = {}

    start_time = time.time()

    ldap_connect()

    # Unused at the moment, always sync all users
    #filt = None
    #if only_username:
    #    filt = '(%s=%s)' % (ldap_user_id_attr(), only_username)

    import wato
    users = load_users()
    ldap_users = ldap_get_users()

    # Remove users which are controlled by this connector but can not be found in
    # LDAP anymore
    for user_id, user in users.items():
        if user.get('connector') == 'ldap' and user_id not in ldap_users:
            del users[user_id]  # remove the user
            wato.log_pending(wato.SYNCRESTART, None, "edit-users",
                             _("LDAP Connector: Removed user %s" % user_id))

    for user_id, ldap_user in ldap_users.items():
        if user_id in users:
            user = copy.deepcopy(users[user_id])
            mode_create = False
        else:
            user = new_user_template('ldap')
            mode_create = True

        # Skip all users not controlled by this connector
        if user.get('connector') != 'ldap':
            continue

        # Gather config from convert functions of plugins
        for key, params in config.ldap_active_plugins.items():
            user.update(ldap_attribute_plugins[key]['convert'](params, user_id,
                                                               ldap_user,
                                                               user))

        if not mode_create and user == users[user_id]:
            continue  # no modification. Skip this user.

        # Gather changed attributes for easier debugging
        if not mode_create:
            set_new, set_old = set(user.keys()), set(users[user_id].keys())
            intersect = set_new.intersection(set_old)
            added = set_new - intersect
            removed = set_old - intersect
            changed = set(o for o in intersect if users[user_id][o] != user[o])

        users[user_id] = user  # Update the user record

        if mode_create:
            wato.log_pending(wato.SYNCRESTART, None, "edit-users",
                             _("LDAP Connector: Created user %s" % user_id))
        else:
            wato.log_pending(
                wato.SYNCRESTART, None, "edit-users",
                _("LDAP Connector: Modified user %s (Added: %s, Removed: %s, Changed: %s)"
                  % (user_id, ', '.join(added), ', '.join(removed),
                     ', '.join(changed))))

    duration = time.time() - start_time
    ldap_log('SYNC FINISHED - Duration: %0.3f sec' % duration)

    save_users(users)