def renew_user(self, uid, num_terms=None):
"Renews the user 'uid' for the current term, or a number of terms."
if num_terms is None:
num_terms = 1
if num_terms > 3:
debug('Warning: I can only renew a member for up to 3 terms at a '
'time! I will renew for the maximum possible number.')
term = 3
if num_terms < 1:
error("Your number of terms doesn't make any sense! You said: %s" %
num_terms)
return
terms = []
for num in range(num_terms):
terms.append(
get_term(datetime.date.today() +
relativedelta(months=(num * 4))))
for term in terms:
try:
debug('Renewing user for term ' + term)
verbose('dn: uid=%s,ou=People,%s' % (uid, BASE))
ml = [(ldap.MOD_ADD, 'term', term)]
verbose('modlist: ' + str(ml))
self.ldap_wics.modify_s('uid=%s,ou=People,%s' % (uid, BASE),
ml)
except:
print_exc(sys.exc_info())
error('Failed to renew user for term ' + term + '!')
def add_user_to_group(self, gid, uid):
'''
Adds a user to an LDAP group.
gid: the group to add the user to
uid: the user to add to the group
'''
try:
debug('Adding user to group...')
verbose('dn: cn=%s,ou=Group,%s' % (gid, BASE))
ml = [(ldap.MOD_ADD, 'uniqueMember',
'uid=%s,ou=People,%s' % (uid, BASE))]
verbose('modlist: ' + str(ml))
self.ldap_wics.modify_s('cn=%s,ou=Group,%s' % (gid, BASE), ml)
except:
print_exc(sys.exc_info())
error('Failed to add user to group!')
def remove_user_from_group(self, gid, uid):
'''
Removes a user from an LDAP group.
gid: the group to remove the user from
uid: the user to remove from the group
'''
try:
debug('Removing user from group...')
verbose('dn: cn=%s,ou=Group,%s' % (gid, BASE))
ml = [(ldap.MOD_DELETE, 'uniqueMember',
'uid=%s,ou=People,%s' % (uid, BASE))]
verbose('modlist: ' + str(ml))
self.ldap_wics.modify_s('cn=%s,ou=Group,%s' % (gid, BASE), ml)
except:
print_exc(sys.exc_info())
error('Failed to remove user from group!')
def add_group(self, gid, desc):
'''
Adds a group to the LDAP database.
gid: the unique group id for our new group
desc: a longer, descriptive name for the group
'''
self.lock('cn=nextgid,ou=Group,' + BASE, 'cn=inuse')
nextgid = self.ldap_wics.search_s('cn=inuse,ou=Group,' + BASE,
ldap.SCOPE_BASE)
nextgid = nextgid[0][1]
next_gid = int(nextgid['gidNumber'][0])
attrs = {
'cn': gid,
'objectClass': ['group', 'posixGroup', 'top'],
'gidNumber': str(next_gid),
'description': desc,
}
try:
self.ldap_wics.modify_s(
'cn=inuse,ou=Group,' + BASE,
[(ldap.MOD_REPLACE, 'gidNumber', str(next_gid + 1))])
debug('Adding group...')
verbose('dn: cn=%s,ou=Group,%s' % (gid, BASE))
ml = modlist.addModlist(attrs)
verbose('modlist: ' + str(ml))
self.ldap_wics.add_s('cn=%s,ou=Group,%s' % (gid, BASE), ml)
except:
print_exc(sys.exc_info())
error('Failed to add group!')
# Reset GID before unlocking
self.ldap_wics.modify_s(
'cn=inuse,ou=Group,' + BASE,
[(ldap.MOD_REPLACE, 'gidNumber', str(next_gid))])
finally:
self.unlock('cn=inuse,ou=Group,' + BASE, 'cn=nextgid')
def add_user(self, uid, username):
'''
Adds a user to the LDAP database.
uid: the unique user id for our new user
username: the user's full name
'''
self.lock('uid=nextuid,ou=People,' + BASE, 'uid=inuse')
nextuid = self.ldap_wics.search_s('uid=inuse,ou=People,' + BASE,
ldap.SCOPE_BASE)
nextuid_obj = nextuid[0][1]
next_uid = int(nextuid_obj['uidNumber'][0])
next_gid = int(nextuid_obj['gidNumber'][0])
if next_uid != next_gid:
# This isn't enforced at the schema level but close enough
raise ldap.OBJECT_CLASS_VIOLATION(
"UID and GID on nextuid are out of sync. Tell the sysadmin!")
current_term = get_term()
attrs_user = {
# 'uid': uid,
'cn':
username,
'objectClass':
['account', 'member', 'posixAccount', 'shadowAccount', 'top'],
'homeDirectory':
'/home/' + uid,
'loginShell':
'/bin/bash',
'uidNumber':
str(next_uid),
'gidNumber':
str(next_gid),
'term':
current_term,
# 'program': program, TODO: add query to uwldap for autocompletion
# 'cn': name,
}
attrs_grp = {
'cn': uid,
'objectClass': ['group', 'posixGroup', 'top'],
'gidNumber': str(next_gid),
}
try:
self.ldap_wics.modify_s(
'uid=inuse,ou=People,' + BASE,
[(ldap.MOD_REPLACE, 'uidNumber', str(next_uid + 1)),
(ldap.MOD_REPLACE, 'gidNumber', str(next_gid + 1))])
debug('Adding user...')
verbose('dn: uid=%s,ou=People,%s' % (uid, BASE))
ml = modlist.addModlist(attrs_user)
verbose('modlist: ' + str(ml))
self.ldap_wics.add_s('uid=%s,ou=People,%s' % (uid, BASE), ml)
debug("Adding user's group...")
verbose('dn: cn=%s,ou=Group,%s' % (uid, BASE))
ml = modlist.addModlist(attrs_grp)
verbose('modlist: ' + str(ml))
self.ldap_wics.add_s('cn=%s,ou=Group,%s' % (uid, BASE), ml)
except:
print_exc(sys.exc_info())
error('Failed to add user!')
# Reset UID/GID before unlocking
self.ldap_wics.modify_s(
'uid=inuse,ou=People,' + BASE,
[(ldap.MOD_REPLACE, 'uidNumber', str(next_uid)),
(ldap.MOD_REPLACE, 'gidNumber', str(next_gid))])
finally:
self.unlock('uid=inuse,ou=People,' + BASE, 'uid=nextuid')