def create_access(self):
user_mail = self.conf.get('main','client_mail')
unix_user = self.conf.get('access','unix_user')
unix_pass = self.conf.get('access','unix_pass')
unix_group = self.conf.get('access','unix_group')
ldap_user = self.conf.get('access','ldap_user')
ldap_pass = self.conf.get('access','ldap_pass')
ldap_group = self.conf.get('access','ldap_group')
if CONF_MAP('ldap','enabled') and self.conf.get('access','ldap_to_apply'):
self.ask_domain_admin()
if ldap_user and not ldap.user_exists(ldap_user):
ldap.create_user(ldap_user, user_mail, ldap_pass)
if ldap_group and not ldap.group_exists(ldap_group):
ldap.create_group(ldap_group)
if ldap_user and ldap_group and not ldap.is_member_of(ldap_user, ldap_group):
ldap.user_to_group(ldap_user, ldap_group)
if CONF_MAP('unix','enabled'):
if unix_user and not unix.user_exists(unix_user):
unix.create_user(unix_user, user_mail, unix_pass)
if unix_group and not unix.group_exists(unix_group):
unix.create_group(unix_group)
if unix_user and unix_group and not unix.is_member_of(unix_user , unix_group):
unix.user_to_group(unix_user, unix_group)
if __name__ == '__main__':
site_name = "${site_name}"
site_path = "${site_path}"
ldap_group = "${ldap_group}"
ldap_dev_team = CONF_MAP('site','ldap_dev_team')
unix_group = "${unix_group}"
pam_user = os.getenv('PAM_USER')
site_home_path = "/home/%s/%s" % (pam_user, site_name)
is_member = False
if ldap_group:
is_member |= ldap.is_member_of(pam_user,ldap_group)
if ldap_dev_team:
is_member |= ldap.is_member_of(pam_user,ldap_dev_team,'')
#L.info("%s, is_member:%s of %s" % (pam_user,is_member,ldap_dev_team))
if unix_group:
is_member |= unix.is_member_of(pam_user,unix_group)
if is_member:
files.mkdir(site_home_path)
files.chown(site_home_path)
cmd_list = [
'mount --bind %s %s' % (site_path, site_home_path),
]
if not files.contains("/proc/mounts", site_home_path):
core.exec_cmd_list(cmd_list)