def handle_global(self, delete, dry_run): try: global_datastore = get_global_test_datastore(0) assert isinstance(global_datastore, dldap.GlobalDataStore) except IndexError: global_datastore = None if global_datastore is not None: # we need to keep the people person_base_dn = self.get_base(global_datastore, 'LDAP_PERSON_BASE') pgroup_base_dn = self.get_base(global_datastore, 'LDAP_GROUP_BASE') else: # we need to destroy the people and keep the accounts person_base_dn = None pgroup_base_dn = None # create the base dn # note we do this even if --dry-run given, as otherwise # we get confused if dn doesn't exist if global_datastore is not None: self.create_base(global_datastore, person_base_dn) self.create_base(global_datastore, pgroup_base_dn)
def handle_global(self, delete, dry_run): try: global_datastore = get_global_test_datastore(0) assert isinstance(global_datastore, dldap.GlobalDataStore) except IndexError: global_datastore = None if global_datastore is not None: # we need to keep the people person_base_dn = self.get_base( global_datastore, 'LDAP_PERSON_BASE') pgroup_base_dn = self.get_base( global_datastore, 'LDAP_GROUP_BASE') else: # we need to destroy the people and keep the accounts person_base_dn = None pgroup_base_dn = None # create the base dn # note we do this even if --dry-run given, as otherwise # we get confused if dn doesn't exist if global_datastore is not None: self.create_base(global_datastore, person_base_dn) self.create_base(global_datastore, pgroup_base_dn)
def handle(self, **options): try: global_datastore = get_global_test_datastore(0) assert isinstance(global_datastore, dldap.GlobalDataStore) except IndexError: global_datastore = None machine_category_datastore = get_machine_category_test_datastore( "ldap", 0) assert isinstance( machine_category_datastore, dldap.MachineCategoryDataStore) if options['ldif']: ldif_writer = ldif.LDIFWriter(sys.stdout) if global_datastore is not None: # we have to move accounts to the account_base. # no changes rquired for people. account_base_dn = machine_category_datastore._accounts( ).get_base_dn() split_account_base_dn = ldap.dn.str2dn(account_base_dn) for p in global_datastore._people().filter( objectClass='posixAccount'): # Convert account to person, strip unwanted fields. # This is better then calling person.save() as we get the # password too. new_person = global_datastore._create_person(dn=p.dn) for i, _ in new_person.get_fields(): if i != "objectClass": value = getattr(p, i) setattr(new_person, i, value) if options['ldif']: # calculate fully qualified new DN. split_dn = ldap.dn.str2dn(p.dn) tmp = [] tmp.append(split_dn[0]) tmp.extend(split_account_base_dn) new_dn = ldap.dn.dn2str(tmp) # we can do move in ldif, so delete and add entry = {'changetype': ['delete']} ldif_writer.unparse(p.dn, entry) # write person entry if new_person.pwdAttribute is None: new_person.pwdAttribute = 'userPassword' new_person.unparse( ldif_writer, None, {'changetype': ['add']}) # write account entry if p.pwdAttribute is None: p.pwdAttribute = 'userPassword' p.unparse( ldif_writer, new_dn, {'changetype': ['add']}) else: # move account from person to accounts print "moving account and creating person for %s" % p.dn p.rename(new_base_dn=account_base_dn) # write person entry, if not already existing try: new_person.save() except machine_category_datastore._account.AlreadyExists: pass else: # people not in LDAP, delete people without accounts. for p in machine_category_datastore._accounts(): # If there are no accounts for this person, then delete # the LDAP entry. ua = Account.objects.filter( username=p.uid, date_deleted__isnull=True) if ua.count() == 0 and 'posixAccount' not in p.objectClass: if options['ldif']: entry = {'changetype': ['delete']} ldif_writer.unparse(p.dn, entry) else: print "deleting %s" % p.dn p.delete()
def handle_machine_category(self, mc, delete, dry_run): # if datastore name is not ldap, we are not interested if mc.datastore != "ldap": print( "machine category %s datastore %s is not LDAP; nothing to do" % (mc, mc.datastore)) return # retreive the LDAP datastores kg27_datastore = get_kg27_datastore() if kg27_datastore is None: print("KG27_DATASTORE not set; nothing to do") return try: global_datastore = get_global_test_datastore(0) assert isinstance(global_datastore, dldap.GlobalDataStore) except IndexError: global_datastore = None machine_category_datastore = get_machine_category_test_datastore( mc.datastore, 0) assert isinstance( machine_category_datastore, dldap.MachineCategoryDataStore) # get the base dn kg27_account_dn = self.get_base(kg27_datastore, 'LDAP_ACCOUNT_BASE') kg27_group_dn = self.get_base(kg27_datastore, 'LDAP_GROUP_BASE') if global_datastore is not None: # we need to keep the people person_base_dn = self.get_base( global_datastore, 'LDAP_PERSON_BASE') pgroup_base_dn = self.get_base( global_datastore, 'LDAP_GROUP_BASE') else: # we need to destroy the people and keep the accounts person_base_dn = None pgroup_base_dn = None account_base_dn = self.get_base( machine_category_datastore, 'LDAP_ACCOUNT_BASE') agroup_base_dn = self.get_base( machine_category_datastore, 'LDAP_GROUP_BASE') # create the base dn # note we do this even if --dry-run given, as otherwise # we get confused if dn doesn't exist self.create_base(machine_category_datastore, account_base_dn) self.create_base(machine_category_datastore, agroup_base_dn) # sanity check assert pgroup_base_dn != agroup_base_dn assert person_base_dn != account_base_dn # process kg27 people/accounts for p in kg27_datastore._accounts() \ .base_dn(kg27_account_dn): delete_this = delete # if this is an account, copy to new place if 'posixAccount' in p.objectClass: # this was an account; then there was no person in LDAP # copy account to correct place try: dst = machine_category_datastore._accounts().get(uid=p.uid) if _eq(p.dn, dst.dn): delete_this = False if 'posixAccount' not in dst.objectClass: delete_this = False # This shouldn't normally ever happen. if dry_run: print( "Conflicting person exists, would delete " "person %s " % dst.dn) else: print( "Conflicting person exists, deleting " "person %s " % dst.dn) dst.delete() raise machine_category_datastore._person.DoesNotExist except machine_category_datastore._account.DoesNotExist: new_account = machine_category_datastore._create_account() for i, _ in new_account.get_fields(): if i != "objectClass": value = getattr(p, i) setattr(new_account, i, value) if dry_run: print( "Would copy account %s to account %s" % (p.dn, account_base_dn)) else: new_account.save() print( "Copying account %s to account %s" % (p.dn, new_account.dn)) # all kg27 entries are persons, copy person to correct place if global_datastore is not None: if 'posixAccount' in p.objectClass: # we are looking at an account, we need to get the person account = Account.objects.get( username=p.uid, machine_category=mc) person = Person.objects.get(account=account) uid = person.username else: # we are looking at a person, we already have the uid uid = p.uid # Create person, if required. This is better then calling # person.save() as we get the password too. try: dst = global_datastore._people().get(uid=uid) if _eq(p.dn, dst.dn): delete_this = False if 'posixAccount' in dst.objectClass: delete_this = False if dry_run: print( "Conflicting account exists, would delete " "account %s " % dst.dn) else: print( "Conflicting account exists, deleting " "account %s " % dst.dn) dst.delete() raise global_datastore._person.DoesNotExist except global_datastore._person.DoesNotExist: new_person = global_datastore._create_person() for i, _ in new_person.get_fields(): if i != "objectClass": value = getattr(p, i) setattr(new_person, i, value) if dry_run: print( "Would copy account %s to person %s" % (p.dn, person_base_dn)) else: new_person.save() print( "Copying account %s to person %s" % (p.dn, new_person.dn)) if delete_this: if dry_run: print("Would delete %s" % p.dn) else: print("deleting %s" % p.dn) p.delete() # process groups for g in kg27_datastore._groups() \ .base_dn(kg27_group_dn): delete_this = delete if global_datastore is not None: try: dst = global_datastore._groups().get(cn=g.cn) if _eq(g.dn, dst.dn): delete_this = False except global_datastore._group.DoesNotExist: new_group = global_datastore._create_group() for i, _ in new_group.get_fields(): if i != "objectClass": value = getattr(g, i) setattr(new_group, i, value) if dry_run: print("Would copy group %s to %s" % (g.dn, pgroup_base_dn)) else: new_group.save() print("Copying group %s to %s" % (g.dn, new_group.dn)) try: dst = machine_category_datastore._groups().get(cn=g.cn) if _eq(g.dn, dst.dn): delete_this = False except machine_category_datastore._group.DoesNotExist: new_group = machine_category_datastore._create_group() for i, _ in new_group.get_fields(): if i != "objectClass": value = getattr(g, i) setattr(new_group, i, value) if dry_run: print("Would copy group %s to %s" % (g.dn, agroup_base_dn)) else: new_group.save() print("Copying group %s to %s" % (g.dn, new_group.dn)) if delete_this: if dry_run: print("Would delete %s" % g.dn) else: print("deleting %s" % g.dn) g.delete()
def handle_machine_category(self, mc, delete, dry_run): # if datastore name is not ldap, we are not interested if mc.datastore != "ldap": print( "machine category %s datastore %s is not LDAP; nothing to do" % (mc, mc.datastore)) return # retreive the LDAP datastores kg27_datastore = get_kg27_datastore() if kg27_datastore is None: print("KG27_DATASTORE not set; nothing to do") return try: global_datastore = get_global_test_datastore(0) assert isinstance(global_datastore, dldap.GlobalDataStore) except IndexError: global_datastore = None machine_category_datastore = get_machine_category_test_datastore( mc.datastore, 0) assert isinstance(machine_category_datastore, dldap.MachineCategoryDataStore) # get the base dn kg27_account_dn = self.get_base(kg27_datastore, 'LDAP_ACCOUNT_BASE') kg27_group_dn = self.get_base(kg27_datastore, 'LDAP_GROUP_BASE') if global_datastore is not None: # we need to keep the people person_base_dn = self.get_base(global_datastore, 'LDAP_PERSON_BASE') pgroup_base_dn = self.get_base(global_datastore, 'LDAP_GROUP_BASE') else: # we need to destroy the people and keep the accounts person_base_dn = None pgroup_base_dn = None account_base_dn = self.get_base(machine_category_datastore, 'LDAP_ACCOUNT_BASE') agroup_base_dn = self.get_base(machine_category_datastore, 'LDAP_GROUP_BASE') # create the base dn # note we do this even if --dry-run given, as otherwise # we get confused if dn doesn't exist self.create_base(machine_category_datastore, account_base_dn) self.create_base(machine_category_datastore, agroup_base_dn) # sanity check assert pgroup_base_dn != agroup_base_dn assert person_base_dn != account_base_dn # process kg27 people/accounts for p in kg27_datastore._accounts() \ .base_dn(kg27_account_dn): delete_this = delete # if this is an account, copy to new place if 'posixAccount' in p.objectClass: # this was an account; then there was no person in LDAP # copy account to correct place try: dst = machine_category_datastore._accounts().get(uid=p.uid) if _eq(p.dn, dst.dn): delete_this = False if 'posixAccount' not in dst.objectClass: delete_this = False # This shouldn't normally ever happen. if dry_run: print("Conflicting person exists, would delete " "person %s " % dst.dn) else: print("Conflicting person exists, deleting " "person %s " % dst.dn) dst.delete() raise machine_category_datastore._person.DoesNotExist except machine_category_datastore._account.DoesNotExist: new_account = machine_category_datastore._create_account() for i, _ in new_account.get_fields(): if i != "objectClass": value = getattr(p, i) setattr(new_account, i, value) if dry_run: print("Would copy account %s to account %s" % (p.dn, account_base_dn)) else: new_account.save() print("Copying account %s to account %s" % (p.dn, new_account.dn)) # all kg27 entries are persons, copy person to correct place if global_datastore is not None: if 'posixAccount' in p.objectClass: # we are looking at an account, we need to get the person account = Account.objects.get(username=p.uid, machine_category=mc) person = Person.objects.get(account=account) uid = person.username else: # we are looking at a person, we already have the uid uid = p.uid # Create person, if required. This is better then calling # person.save() as we get the password too. try: dst = global_datastore._people().get(uid=uid) if _eq(p.dn, dst.dn): delete_this = False if 'posixAccount' in dst.objectClass: delete_this = False if dry_run: print("Conflicting account exists, would delete " "account %s " % dst.dn) else: print("Conflicting account exists, deleting " "account %s " % dst.dn) dst.delete() raise global_datastore._person.DoesNotExist except global_datastore._person.DoesNotExist: new_person = global_datastore._create_person() for i, _ in new_person.get_fields(): if i != "objectClass": value = getattr(p, i) setattr(new_person, i, value) if dry_run: print("Would copy account %s to person %s" % (p.dn, person_base_dn)) else: new_person.save() print("Copying account %s to person %s" % (p.dn, new_person.dn)) if delete_this: if dry_run: print("Would delete %s" % p.dn) else: print("deleting %s" % p.dn) p.delete() # process groups for g in kg27_datastore._groups() \ .base_dn(kg27_group_dn): delete_this = delete if global_datastore is not None: try: dst = global_datastore._groups().get(cn=g.cn) if _eq(g.dn, dst.dn): delete_this = False except global_datastore._group.DoesNotExist: new_group = global_datastore._create_group() for i, _ in new_group.get_fields(): if i != "objectClass": value = getattr(g, i) setattr(new_group, i, value) if dry_run: print("Would copy group %s to %s" % (g.dn, pgroup_base_dn)) else: new_group.save() print("Copying group %s to %s" % (g.dn, new_group.dn)) try: dst = machine_category_datastore._groups().get(cn=g.cn) if _eq(g.dn, dst.dn): delete_this = False except machine_category_datastore._group.DoesNotExist: new_group = machine_category_datastore._create_group() for i, _ in new_group.get_fields(): if i != "objectClass": value = getattr(g, i) setattr(new_group, i, value) if dry_run: print("Would copy group %s to %s" % (g.dn, agroup_base_dn)) else: new_group.save() print("Copying group %s to %s" % (g.dn, new_group.dn)) if delete_this: if dry_run: print("Would delete %s" % g.dn) else: print("deleting %s" % g.dn) g.delete()