示例#1
0
def generate_all(fname):
    """Generate user + group LDIF to fname. 

    @type fname: str
    @param fname: The file where the ldif data will be written
    """
    logger.debug("Generating ldif into %s", fname)

    out = ldif_outfile("ORG", fname)
    out.write(container_entry_string("ORG"))

    helper = LDIFHelper(logger)

    logger.debug("Generating user ldif...")
    out.write(container_entry_string("USER"))
    for user in helper.yield_users():
        dn = user["dn"][0]
        del user["dn"]
        out.write(entry_string(dn, user, False))
    end_ldif_outfile("USER", out, out)

    logger.debug("Generating group ldif...")
    out.write(container_entry_string("GROUP"))
    for group in helper.yield_groups():
        dn = group["dn"][0]
        del group["dn"]
        out.write(entry_string(dn, group, False))
    end_ldif_outfile("GROUP", out)
    logger.debug("Done with group ldif (all done)")
示例#2
0
def generate_all(fname):
    """Write user + group LDIF to fname."""
    out = ldif_outfile("ORG", fname)
    logger.debug('writing to %r', out)

    out.write(container_entry_string("ORG"))

    helper = LDIFHelper(logger.getChild('LDIFHelper'))

    logger.info("Generating user ldif...")
    out.write(container_entry_string("USER"))
    for user in helper.yield_users():
        dn = user["dn"][0]
        del user["dn"]
        out.write(entry_string(dn, user, False))
    end_ldif_outfile("USER", out, out)

    logger.debug("Generating group ldif...")
    out.write(container_entry_string("GROUP"))
    for group in helper.yield_groups():
        dn = group["dn"][0]
        del group["dn"]
        out.write(entry_string(dn, group, False))
    end_ldif_outfile("GROUP", out)
示例#3
0
    def update_retained_trait(self):
        """ Finds and returns users that have either been retained from or
        exported to LDAP since the last run.

        Uses the LDIFHelper from ldap_notifier to figure out which users
        are eligible for export, then compares this to account traits and
        actual LDAP state.

        Prepares four sets of account_ids:
            all_exported - All users eligible for LDAP export
            not_exported - All users NOT eligible for LDAP export
            now_exported - Users that
                1. are eligible for LDAP export
                2. does have trait 'retained' (NOT previously exported)
                3. currently exists in LDAP
            now_retained - Users that
                1. are NOT eligible for LDAP export
                2. does NOT have trait 'retained' (previously exported)
                3. currently NOT in LDAP
        """
        co = Factory.get('Constants')(self.db)
        ac = Factory.get('Account')(self.db)

        # For DEBUG - log timing
        debug_times = [
            time(),
        ]

        def _add_debug_time(text):
            debug_times.append(time())
            if text:
                self.logger.debug("Time (%0.2f s) %s",
                                  debug_times[-1] - debug_times[-2], text)

        # First we need to find all the changes
        helper = LDIFHelper(self.logger)
        exported_names = set([user['uid'][0] for user in helper.yield_users()])
        _add_debug_time('Dummy LDAP export')

        all_accounts = ac.list_names(co.account_namespace)
        _add_debug_time("Fetched all accounts")

        has_trait = set(t['entity_id']
                        for t in ac.list_traits(code=co.trait_user_retained,
                                                fetchall=True))

        # New exports: Was exported, and has 'retained' trait
        self.all_exported = set(a['entity_id'] for a in all_accounts
                                if a['entity_name'] in exported_names)
        new_exports = self.all_exported.intersection(has_trait)
        self.now_exported = set()

        # New retainees, wasn't exported, and doesn't have trait
        self.not_exported = set(
            a['entity_id'] for a in all_accounts).difference(self.all_exported)
        new_retainees = self.not_exported.difference(has_trait)
        self.now_retained = set()

        _add_debug_time('Prepared sets')

        # THEN we need to verify their state against LDAP, and mirror that
        # state in Cerebrum
        for account_id in new_exports:
            ac.clear()
            ac.find(account_id)
            if self.verify_ldap(ac.account_name):
                ac.delete_trait(co.trait_user_retained)
                self.now_exported.add(account_id)
            # Else, user won't be in (verified) new export set, will retry next
            # time the script runs
        _add_debug_time("Verified new exports with LDAP")
        self.logger.debug(
            "%d of the %d exported users were"
            " previously retained", len(self.now_exported),
            len(self.all_exported))

        for account_id in new_retainees:
            ac.clear()
            ac.find(account_id)
            verify = self.verify_ldap(ac.account_name)
            if verify is False:
                ac.populate_trait(co.trait_user_retained, numval=0)
                ac.write_db()
                self.now_retained.add(account_id)
            # Else, user won't be in (verified) new retainee set, will retry
            # next time the script runs
        _add_debug_time("Verified new retainees with LDAP")
        self.logger.debug(
            "%d of the %d retained users were"
            " previously exported", len(self.now_retained),
            len(self.not_exported))

        if self.dryrun:
            self.db.rollback()
        else:
            self.db.commit()
示例#4
0
    def update_retained_trait(self):
        """ Finds and returns users that have either been retained from or
        exported to LDAP since the last run.

        Uses the LDIFHelper from ldap_notifier to figure out which users
        are eligible for export, then compares this to account traits and actual
        LDAP state.

        Prepares four sets of account_ids:
            all_exported - All users eligible for LDAP export
            not_exported - All users NOT eligible for LDAP export
            now_exported - Users that
                1. are eligible for LDAP export
                2. does have trait 'retained' (NOT previously exported)
                3. currently exists in LDAP
            now_retained - Users that
                1. are NOT eligible for LDAP export
                2. does NOT have trait 'retained' (previously exported)
                3. currently NOT in LDAP
        """
        co = Factory.get("Constants")(self.db)
        ac = Factory.get("Account")(self.db)

        # For DEBUG - log timing
        debug_times = [time()]

        def _add_debug_time(text):
            debug_times.append(time())
            if text:
                self.logger.debug("Time (%0.2f s) %s" % (debug_times[-1] - debug_times[-2], text))

        # First we need to find all the changes
        helper = LDIFHelper(self.logger)
        exported_names = set([user["uid"][0] for user in helper.yield_users()])
        _add_debug_time("Dummy LDAP export")

        all_accounts = ac.list_names(co.account_namespace)
        _add_debug_time("Fetched all accounts")

        has_trait = set(t["entity_id"] for t in ac.list_traits(code=co.trait_user_retained, fetchall=True))

        # New exports: Was exported, and has 'retained' trait
        self.all_exported = set(a["entity_id"] for a in all_accounts if a["entity_name"] in exported_names)
        new_exports = self.all_exported.intersection(has_trait)
        self.now_exported = set()

        # New retainees, wasn't exported, and doesn't have trait
        self.not_exported = set(a["entity_id"] for a in all_accounts).difference(self.all_exported)
        new_retainees = self.not_exported.difference(has_trait)
        self.now_retained = set()

        _add_debug_time("Prepared sets")

        # THEN we need to verify their state against LDAP, and mirror that
        # state in Cerebrum
        for account_id in new_exports:
            ac.clear()
            ac.find(account_id)
            if self.verify_ldap(ac.account_name):
                ac.delete_trait(co.trait_user_retained)
                self.now_exported.add(account_id)
            # Else, user won't be in (verified) new export set, will retry next
            # time the script runs
        _add_debug_time("Verified new exports with LDAP")
        self.logger.debug(
            "%d of the %d exported users were previously retained" % (len(self.now_exported), len(self.all_exported))
        )

        for account_id in new_retainees:
            ac.clear()
            ac.find(account_id)
            verify = self.verify_ldap(ac.account_name)
            if verify is False:
                ac.populate_trait(co.trait_user_retained, numval=0)
                ac.write_db()
                self.now_retained.add(account_id)
            # Else, user won't be in (verified) new retainee set, will retry
            # next time the script runs
        _add_debug_time("Verified new retainees with LDAP")
        self.logger.debug(
            "%d of the %d retained users were previously exported" % (len(self.now_retained), len(self.not_exported))
        )

        if self.dryrun:
            self.db.rollback()
        else:
            self.db.commit()