def handle_global(self, delete, dry_run):
try:
global_datastore = get_global_test_datastore(0)
assert isinstance(global_datastore, dldap.GlobalDataStore)
except IndexError:
global_datastore = None
if global_datastore is not None:
# we need to keep the people
person_base_dn = self.get_base(global_datastore,
'LDAP_PERSON_BASE')
pgroup_base_dn = self.get_base(global_datastore, 'LDAP_GROUP_BASE')
else:
# we need to destroy the people and keep the accounts
person_base_dn = None
pgroup_base_dn = None
# create the base dn
# note we do this even if --dry-run given, as otherwise
# we get confused if dn doesn't exist
if global_datastore is not None:
self.create_base(global_datastore, person_base_dn)
self.create_base(global_datastore, pgroup_base_dn)
def handle_global(self, delete, dry_run):
try:
global_datastore = get_global_test_datastore(0)
assert isinstance(global_datastore, dldap.GlobalDataStore)
except IndexError:
global_datastore = None
if global_datastore is not None:
# we need to keep the people
person_base_dn = self.get_base(
global_datastore, 'LDAP_PERSON_BASE')
pgroup_base_dn = self.get_base(
global_datastore, 'LDAP_GROUP_BASE')
else:
# we need to destroy the people and keep the accounts
person_base_dn = None
pgroup_base_dn = None
# create the base dn
# note we do this even if --dry-run given, as otherwise
# we get confused if dn doesn't exist
if global_datastore is not None:
self.create_base(global_datastore, person_base_dn)
self.create_base(global_datastore, pgroup_base_dn)
def handle(self, **options):
try:
global_datastore = get_global_test_datastore(0)
assert isinstance(global_datastore, dldap.GlobalDataStore)
except IndexError:
global_datastore = None
machine_category_datastore = get_machine_category_test_datastore(
"ldap", 0)
assert isinstance(
machine_category_datastore, dldap.MachineCategoryDataStore)
if options['ldif']:
ldif_writer = ldif.LDIFWriter(sys.stdout)
if global_datastore is not None:
# we have to move accounts to the account_base.
# no changes rquired for people.
account_base_dn = machine_category_datastore._accounts(
).get_base_dn()
split_account_base_dn = ldap.dn.str2dn(account_base_dn)
for p in global_datastore._people().filter(
objectClass='posixAccount'):
# Convert account to person, strip unwanted fields.
# This is better then calling person.save() as we get the
# password too.
new_person = global_datastore._create_person(dn=p.dn)
for i, _ in new_person.get_fields():
if i != "objectClass":
value = getattr(p, i)
setattr(new_person, i, value)
if options['ldif']:
# calculate fully qualified new DN.
split_dn = ldap.dn.str2dn(p.dn)
tmp = []
tmp.append(split_dn[0])
tmp.extend(split_account_base_dn)
new_dn = ldap.dn.dn2str(tmp)
# we can do move in ldif, so delete and add
entry = {'changetype': ['delete']}
ldif_writer.unparse(p.dn, entry)
# write person entry
if new_person.pwdAttribute is None:
new_person.pwdAttribute = 'userPassword'
new_person.unparse(
ldif_writer, None,
{'changetype': ['add']})
# write account entry
if p.pwdAttribute is None:
p.pwdAttribute = 'userPassword'
p.unparse(
ldif_writer, new_dn,
{'changetype': ['add']})
else:
# move account from person to accounts
print "moving account and creating person for %s" % p.dn
p.rename(new_base_dn=account_base_dn)
# write person entry, if not already existing
try:
new_person.save()
except machine_category_datastore._account.AlreadyExists:
pass
else:
# people not in LDAP, delete people without accounts.
for p in machine_category_datastore._accounts():
# If there are no accounts for this person, then delete
# the LDAP entry.
ua = Account.objects.filter(
username=p.uid, date_deleted__isnull=True)
if ua.count() == 0 and 'posixAccount' not in p.objectClass:
if options['ldif']:
entry = {'changetype': ['delete']}
ldif_writer.unparse(p.dn, entry)
else:
print "deleting %s" % p.dn
p.delete()
def handle_machine_category(self, mc, delete, dry_run):
# if datastore name is not ldap, we are not interested
if mc.datastore != "ldap":
print(
"machine category %s datastore %s is not LDAP; nothing to do"
% (mc, mc.datastore))
return
# retreive the LDAP datastores
kg27_datastore = get_kg27_datastore()
if kg27_datastore is None:
print("KG27_DATASTORE not set; nothing to do")
return
try:
global_datastore = get_global_test_datastore(0)
assert isinstance(global_datastore, dldap.GlobalDataStore)
except IndexError:
global_datastore = None
machine_category_datastore = get_machine_category_test_datastore(
mc.datastore, 0)
assert isinstance(
machine_category_datastore, dldap.MachineCategoryDataStore)
# get the base dn
kg27_account_dn = self.get_base(kg27_datastore, 'LDAP_ACCOUNT_BASE')
kg27_group_dn = self.get_base(kg27_datastore, 'LDAP_GROUP_BASE')
if global_datastore is not None:
# we need to keep the people
person_base_dn = self.get_base(
global_datastore, 'LDAP_PERSON_BASE')
pgroup_base_dn = self.get_base(
global_datastore, 'LDAP_GROUP_BASE')
else:
# we need to destroy the people and keep the accounts
person_base_dn = None
pgroup_base_dn = None
account_base_dn = self.get_base(
machine_category_datastore, 'LDAP_ACCOUNT_BASE')
agroup_base_dn = self.get_base(
machine_category_datastore, 'LDAP_GROUP_BASE')
# create the base dn
# note we do this even if --dry-run given, as otherwise
# we get confused if dn doesn't exist
self.create_base(machine_category_datastore, account_base_dn)
self.create_base(machine_category_datastore, agroup_base_dn)
# sanity check
assert pgroup_base_dn != agroup_base_dn
assert person_base_dn != account_base_dn
# process kg27 people/accounts
for p in kg27_datastore._accounts() \
.base_dn(kg27_account_dn):
delete_this = delete
# if this is an account, copy to new place
if 'posixAccount' in p.objectClass:
# this was an account; then there was no person in LDAP
# copy account to correct place
try:
dst = machine_category_datastore._accounts().get(uid=p.uid)
if _eq(p.dn, dst.dn):
delete_this = False
if 'posixAccount' not in dst.objectClass:
delete_this = False
# This shouldn't normally ever happen.
if dry_run:
print(
"Conflicting person exists, would delete "
"person %s " % dst.dn)
else:
print(
"Conflicting person exists, deleting "
"person %s " % dst.dn)
dst.delete()
raise machine_category_datastore._person.DoesNotExist
except machine_category_datastore._account.DoesNotExist:
new_account = machine_category_datastore._create_account()
for i, _ in new_account.get_fields():
if i != "objectClass":
value = getattr(p, i)
setattr(new_account, i, value)
if dry_run:
print(
"Would copy account %s to account %s"
% (p.dn, account_base_dn))
else:
new_account.save()
print(
"Copying account %s to account %s"
% (p.dn, new_account.dn))
# all kg27 entries are persons, copy person to correct place
if global_datastore is not None:
if 'posixAccount' in p.objectClass:
# we are looking at an account, we need to get the person
account = Account.objects.get(
username=p.uid, machine_category=mc)
person = Person.objects.get(account=account)
uid = person.username
else:
# we are looking at a person, we already have the uid
uid = p.uid
# Create person, if required. This is better then calling
# person.save() as we get the password too.
try:
dst = global_datastore._people().get(uid=uid)
if _eq(p.dn, dst.dn):
delete_this = False
if 'posixAccount' in dst.objectClass:
delete_this = False
if dry_run:
print(
"Conflicting account exists, would delete "
"account %s " % dst.dn)
else:
print(
"Conflicting account exists, deleting "
"account %s " % dst.dn)
dst.delete()
raise global_datastore._person.DoesNotExist
except global_datastore._person.DoesNotExist:
new_person = global_datastore._create_person()
for i, _ in new_person.get_fields():
if i != "objectClass":
value = getattr(p, i)
setattr(new_person, i, value)
if dry_run:
print(
"Would copy account %s to person %s"
% (p.dn, person_base_dn))
else:
new_person.save()
print(
"Copying account %s to person %s"
% (p.dn, new_person.dn))
if delete_this:
if dry_run:
print("Would delete %s" % p.dn)
else:
print("deleting %s" % p.dn)
p.delete()
# process groups
for g in kg27_datastore._groups() \
.base_dn(kg27_group_dn):
delete_this = delete
if global_datastore is not None:
try:
dst = global_datastore._groups().get(cn=g.cn)
if _eq(g.dn, dst.dn):
delete_this = False
except global_datastore._group.DoesNotExist:
new_group = global_datastore._create_group()
for i, _ in new_group.get_fields():
if i != "objectClass":
value = getattr(g, i)
setattr(new_group, i, value)
if dry_run:
print("Would copy group %s to %s"
% (g.dn, pgroup_base_dn))
else:
new_group.save()
print("Copying group %s to %s" % (g.dn, new_group.dn))
try:
dst = machine_category_datastore._groups().get(cn=g.cn)
if _eq(g.dn, dst.dn):
delete_this = False
except machine_category_datastore._group.DoesNotExist:
new_group = machine_category_datastore._create_group()
for i, _ in new_group.get_fields():
if i != "objectClass":
value = getattr(g, i)
setattr(new_group, i, value)
if dry_run:
print("Would copy group %s to %s" % (g.dn, agroup_base_dn))
else:
new_group.save()
print("Copying group %s to %s" % (g.dn, new_group.dn))
if delete_this:
if dry_run:
print("Would delete %s" % g.dn)
else:
print("deleting %s" % g.dn)
g.delete()
def handle_machine_category(self, mc, delete, dry_run):
# if datastore name is not ldap, we are not interested
if mc.datastore != "ldap":
print(
"machine category %s datastore %s is not LDAP; nothing to do" %
(mc, mc.datastore))
return
# retreive the LDAP datastores
kg27_datastore = get_kg27_datastore()
if kg27_datastore is None:
print("KG27_DATASTORE not set; nothing to do")
return
try:
global_datastore = get_global_test_datastore(0)
assert isinstance(global_datastore, dldap.GlobalDataStore)
except IndexError:
global_datastore = None
machine_category_datastore = get_machine_category_test_datastore(
mc.datastore, 0)
assert isinstance(machine_category_datastore,
dldap.MachineCategoryDataStore)
# get the base dn
kg27_account_dn = self.get_base(kg27_datastore, 'LDAP_ACCOUNT_BASE')
kg27_group_dn = self.get_base(kg27_datastore, 'LDAP_GROUP_BASE')
if global_datastore is not None:
# we need to keep the people
person_base_dn = self.get_base(global_datastore,
'LDAP_PERSON_BASE')
pgroup_base_dn = self.get_base(global_datastore, 'LDAP_GROUP_BASE')
else:
# we need to destroy the people and keep the accounts
person_base_dn = None
pgroup_base_dn = None
account_base_dn = self.get_base(machine_category_datastore,
'LDAP_ACCOUNT_BASE')
agroup_base_dn = self.get_base(machine_category_datastore,
'LDAP_GROUP_BASE')
# create the base dn
# note we do this even if --dry-run given, as otherwise
# we get confused if dn doesn't exist
self.create_base(machine_category_datastore, account_base_dn)
self.create_base(machine_category_datastore, agroup_base_dn)
# sanity check
assert pgroup_base_dn != agroup_base_dn
assert person_base_dn != account_base_dn
# process kg27 people/accounts
for p in kg27_datastore._accounts() \
.base_dn(kg27_account_dn):
delete_this = delete
# if this is an account, copy to new place
if 'posixAccount' in p.objectClass:
# this was an account; then there was no person in LDAP
# copy account to correct place
try:
dst = machine_category_datastore._accounts().get(uid=p.uid)
if _eq(p.dn, dst.dn):
delete_this = False
if 'posixAccount' not in dst.objectClass:
delete_this = False
# This shouldn't normally ever happen.
if dry_run:
print("Conflicting person exists, would delete "
"person %s " % dst.dn)
else:
print("Conflicting person exists, deleting "
"person %s " % dst.dn)
dst.delete()
raise machine_category_datastore._person.DoesNotExist
except machine_category_datastore._account.DoesNotExist:
new_account = machine_category_datastore._create_account()
for i, _ in new_account.get_fields():
if i != "objectClass":
value = getattr(p, i)
setattr(new_account, i, value)
if dry_run:
print("Would copy account %s to account %s" %
(p.dn, account_base_dn))
else:
new_account.save()
print("Copying account %s to account %s" %
(p.dn, new_account.dn))
# all kg27 entries are persons, copy person to correct place
if global_datastore is not None:
if 'posixAccount' in p.objectClass:
# we are looking at an account, we need to get the person
account = Account.objects.get(username=p.uid,
machine_category=mc)
person = Person.objects.get(account=account)
uid = person.username
else:
# we are looking at a person, we already have the uid
uid = p.uid
# Create person, if required. This is better then calling
# person.save() as we get the password too.
try:
dst = global_datastore._people().get(uid=uid)
if _eq(p.dn, dst.dn):
delete_this = False
if 'posixAccount' in dst.objectClass:
delete_this = False
if dry_run:
print("Conflicting account exists, would delete "
"account %s " % dst.dn)
else:
print("Conflicting account exists, deleting "
"account %s " % dst.dn)
dst.delete()
raise global_datastore._person.DoesNotExist
except global_datastore._person.DoesNotExist:
new_person = global_datastore._create_person()
for i, _ in new_person.get_fields():
if i != "objectClass":
value = getattr(p, i)
setattr(new_person, i, value)
if dry_run:
print("Would copy account %s to person %s" %
(p.dn, person_base_dn))
else:
new_person.save()
print("Copying account %s to person %s" %
(p.dn, new_person.dn))
if delete_this:
if dry_run:
print("Would delete %s" % p.dn)
else:
print("deleting %s" % p.dn)
p.delete()
# process groups
for g in kg27_datastore._groups() \
.base_dn(kg27_group_dn):
delete_this = delete
if global_datastore is not None:
try:
dst = global_datastore._groups().get(cn=g.cn)
if _eq(g.dn, dst.dn):
delete_this = False
except global_datastore._group.DoesNotExist:
new_group = global_datastore._create_group()
for i, _ in new_group.get_fields():
if i != "objectClass":
value = getattr(g, i)
setattr(new_group, i, value)
if dry_run:
print("Would copy group %s to %s" %
(g.dn, pgroup_base_dn))
else:
new_group.save()
print("Copying group %s to %s" % (g.dn, new_group.dn))
try:
dst = machine_category_datastore._groups().get(cn=g.cn)
if _eq(g.dn, dst.dn):
delete_this = False
except machine_category_datastore._group.DoesNotExist:
new_group = machine_category_datastore._create_group()
for i, _ in new_group.get_fields():
if i != "objectClass":
value = getattr(g, i)
setattr(new_group, i, value)
if dry_run:
print("Would copy group %s to %s" % (g.dn, agroup_base_dn))
else:
new_group.save()
print("Copying group %s to %s" % (g.dn, new_group.dn))
if delete_this:
if dry_run:
print("Would delete %s" % g.dn)
else:
print("deleting %s" % g.dn)
g.delete()
