def doOxTrustChanges(self, oxTrustPath): parser = MyLDIF(open(oxTrustPath, 'rb'), sys.stdout) parser.targetAttr = "oxTrustConfApplication" atr = parser.parse() oxTrustConfApplication = parser.lastEntry['oxTrustConfApplication'][0] oxTrustConfApplication = oxTrustConfApplication.replace( 'seam/resource/', '') parser.lastEntry['oxTrustConfApplication'][0] = oxTrustConfApplication base64Types = [ "oxTrustConfApplication", "oxTrustConfImportPerson", "oxTrustConfCacheRefresh" ] out = CreateLDIF(parser.lastDN, parser.getLastEntry(), base64_attrs=base64Types) newfile = oxTrustPath.replace('/oxtrust_config.ldif', '/oxtrust_config_new.ldif') # print (newfile) f = open(newfile, 'w') f.write(out) f.close() os.remove(oxTrustPath) os.rename(newfile, oxTrustPath)
def doClientsChangesForUMA2(self, clientPath): parser = MyLDIF(open(clientPath, 'rb'), sys.stdout) parser.parse() atr = parser.parse() newfile = clientPath.replace('/clients.ldif', '/clients_new.ldif') f = open(newfile, 'w') base64Types = [] for idx, val in enumerate(parser.entries): if 'displayName' in val: if val['displayName'][0] == 'Pasport Resource Server Client': parser.entries[idx]["oxAuthGrantType"] = ['client_credentials'] self.passport_rs_client_id = parser.entries[idx]["inum"][0] elif val['displayName'][0] == 'SCIM Resource Server Client': parser.entries[idx]["oxAuthGrantType"] = ['client_credentials'] self.scim_rs_client_id = parser.entries[idx]["inum"][0] elif val['displayName'][0] == 'Passport Requesting Party Client': parser.entries[idx]["oxAuthGrantType"] = ['client_credentials'] self.passport_rp_client_id = parser.entries[idx]["inum"][0] elif val['displayName'][0] == 'SCIM Requesting Party Client': parser.entries[idx]["oxAuthGrantType"] = ['client_credentials'] self.scim_rp_client_id = parser.entries[idx]["inum"][0] out = CreateLDIF(parser.getDNs()[idx], parser.entries[idx], base64_attrs=base64Types) f.write(out) f.close() os.remove(clientPath) os.rename(newfile, clientPath)
def doApplinceChanges(oxappliancesPath): parser = MyLDIF(open(oxappliancesPath, 'rb'), sys.stdout) parser.parse() base64Types = [] idpConfig = json.loads(parser.entries[0]['oxIDPAuthentication'][0]) idpConfig['name'] = None idpConfig['priority'] = 1 del idpConfig['version'] del idpConfig['level'] idpConfigJson = json.loads(idpConfig['config']) idpConfig['config'] = json.dumps(idpConfigJson, indent=4, sort_keys=True) parser.entries[0]['oxIDPAuthentication'][0] = json.dumps(idpConfig, indent=4, sort_keys=True) out = CreateLDIF(parser.lastDN, parser.getLastEntry(), base64_attrs=base64Types) newfile = oxappliancesPath.replace('/appliance.ldif', '/appliancenew.ldif') f = open(newfile, 'w') f.write(out) f.close() os.remove(oxappliancesPath) os.rename(newfile, oxappliancesPath)
def doOxTrustChanges(oxTrustPath): parser = MyLDIF(open(oxTrustPath, 'rb'), sys.stdout) parser.targetAttr = "oxTrustConfApplication" atr = parser.parse() oxTrustConfApplication = parser.lastEntry['oxTrustConfApplication'][0] oxTrustConfApplication = oxTrustConfApplication.replace( 'seam/resource/', '') parser.lastEntry['oxTrustConfApplication'][0] = oxTrustConfApplication oxTrustConfApplicationJson = json.loads(oxTrustConfApplication) oxTrustConfApplicationJson['ScimProperties'] = json.loads( '{"maxCount": "200"}') del oxTrustConfApplicationJson['loggingLevel'] del oxTrustConfApplicationJson['oxIncommonFlag'] del oxTrustConfApplicationJson['recaptchaSiteKey'] del oxTrustConfApplicationJson['recaptchaSecretKey'] parser.lastEntry['oxTrustConfApplication'][0] = json.dumps( oxTrustConfApplicationJson, indent=4, sort_keys=True) oxTrustConfCacheRefresh = parser.lastEntry['oxTrustConfCacheRefresh'][0] oxTrustConfCacheRefreshJson = json.loads(oxTrustConfCacheRefresh) oxTrustConfCacheRefreshJson['inumConfig'][ 'bindDN'] = oxTrustConfCacheRefreshJson['inumConfig'][ 'bindDN'].replace('cn=directory manager', 'cn=directory manager,o=site') oxTrustConfCacheRefreshJson[ 'snapshotFolder'] = '/var/ox/identity/cr-snapshots/' parser.lastEntry['oxTrustConfCacheRefresh'][0] = json.dumps( oxTrustConfCacheRefreshJson, indent=4, sort_keys=True) oxTrustConfImportPerson = [""] oxTrustConfImportPerson[0] = json.dumps( json.loads( '{ "mappings": [{ "ldapName": "uid", "displayName": "Username", "dataType": "string", "required": "true" }, { "ldapName": "givenName", "displayName": "First Name", "dataType": "string", "required": "true" }, { "ldapName": "sn", "displayName": "Last Name", "dataType": "string", "required": "true" }, { "ldapName": "mail", "displayName": "Email", "dataType": "string", "required": "true" }, { "ldapName": "userPassword", "displayName": "Password", "dataType": "string", "required": "false" }]}' )) parser.lastEntry['oxTrustConfImportPerson'] = oxTrustConfImportPerson[0] base64Types = [ "oxTrustConfApplication", "oxTrustConfImportPerson", "oxTrustConfCacheRefresh", "oxTrustConfImportPerson" ] out = CreateLDIF(parser.lastDN, parser.getLastEntry(), base64_attrs=base64Types) newfile = oxTrustPath.replace('/oxtrust_config.ldif', '/oxtrust_config_new.ldif') # print (newfile) f = open(newfile, 'w') f.write(out) f.close() os.remove(oxTrustPath) os.rename(newfile, oxTrustPath)
def handle(self, dn, entry): changed = False for attr in entry.keys(): if attr in json_attrs: json_object = json.loads(entry[attr][0]) for json_key in json_object.keys(): value = json_object[json_key] if type(value) == type([]): if len(value) == 1: value = value[0] if type(value) != type(unicode("")): continue if value.find(targetString) >= 0: json_object[json_key] = json_object[json_key].replace( targetString, replaceString) log("dn: %s\nattr: %s\nkey: %s\nvalue: %s\n" % (dn, attr, json_key, value)) new_json = json.dumps(json_object) old_value = {attr: entry[attr]} new_value = {attr: [new_json]} mod_list = ldap.modlist.modifyModlist(old_value, new_value) print CreateLDIF(dn, mod_list, [attr]) log("New JSON Object:\n %s" % new_json) else: updated = False updated_value = [] for value in entry[attr]: if value.find(targetString) >= 0: updated_value.append( value.replace(targetString, replaceString)) updated = True log("dn: %s\nattr: %s\nvalue: %s\n" % (dn, attr, value)) else: updated_value.append(value) if updated: old_value = {attr: entry[attr]} new_value = {attr: updated_value} mod_list = ldap.modlist.modifyModlist(old_value, new_value) print CreateLDIF(dn, mod_list)
def removeDeprecatedScripts(self, oxScriptPath): parser = MyLDIF(open(oxScriptPath, 'rb'), sys.stdout) parser.parse() base64Types = ["oxScript"] newfile = oxScriptPath.replace('/scripts.ldif', '/scripts_new.ldif') f = open(newfile, 'a') for idx, val in enumerate(parser.entries): if 'displayName' in val: if val['displayName'][0] != 'uma_authorization_policy': out = CreateLDIF(parser.getDNs()[idx], parser.entries[idx], base64_attrs=base64Types) f.write(out) f.close() os.remove(oxScriptPath) os.rename(newfile, oxScriptPath)
def doUmaResourcesChangesForUma2(self, UmaPath): scimClient = '' passportClient = '' inumOrg = self.inumOrg with open('/install/community-edition-setup/setup.properties.last', 'r') as f: content = f.readlines() for line in content: if 'scim_rp_client_id' in line: scimClient = line.replace("scim_rp_client_id=", "") elif 'passport_rp_client_id' in line: passportClient = line.replace("passport_rp_client_id=", "") parser = MyLDIF(open(UmaPath, 'rb'), sys.stdout) parser.parse() atr = parser.parse() newfile = UmaPath.replace('/uma.ldif', '/uma_new.ldif') f = open(newfile, 'w') base64Types = [] hostname = self.getOutput([self.hostname]).strip() for idx, val in enumerate(parser.entries): if 'displayName' in val: if len(val['oxId'][0]) > 1 and 'ou=resource_sets' in parser.getDNs()[idx]: parser.getDNs()[idx] = parser.getDNs()[idx].replace('inum=' + val['inum'][0], 'oxId=' + val['oxId'][0]).replace('resource_sets', 'resources') if val['oxId'][0] == 'scim_access': parser.entries[idx]["oxId"] = ['https://' + hostname + ' /oxauth/restv1/uma/scopes/scim_access'] elif val['oxId'][0] == 'passport_access': parser.entries[idx]["oxId"] = ['https://' + hostname + ' /oxauth/restv1/uma/scopes/passport_access'] if val['displayName'][0] == 'SCIM Resource Set': parser.entries[idx]["oxResource"] = ['https://' + hostname + ' /identity/restv1/scim/v1'] parser.entries[idx]['oxAssociatedClient'] = [ ('inum=' + scimClient + ',ou=clients,o=' + inumOrg + ",o=gluu").replace("\n", '')] elif val['displayName'][0] == 'Passport Resource Set': parser.entries[idx]["oxResource"] = ['https://' + hostname + ' /identity/restv1/passport/config'] parser.entries[idx]['oxAssociatedClient'] = [ ('inum=' + passportClient + ',ou=clients,o=' + inumOrg + ",o=gluu").replace("\n", '')] out = CreateLDIF(parser.getDNs()[idx], parser.entries[idx], base64_attrs=base64Types) f.write(out) f.close() os.remove(UmaPath) os.rename(newfile, UmaPath)
def removeDeprecatedScripts(self, oxScriptPath): parser = MyLDIF(open(oxScriptPath, 'rb'), sys.stdout) parser.parse() base64Types = ["oxScript"] newfile = oxScriptPath.replace('/scripts.ldif', '/scripts_new.ldif') f = open(newfile, 'a') for idx, val in enumerate(parser.entries): if 'inum' in val and val['inum'][0].endswith('2DAF.F995'): addMigratedData({ 'inum': val['inum'][0], 'gluuStatus': val['gluuStatus'][0] }) continue out = CreateLDIF(parser.getDNs()[idx], parser.entries[idx], base64_attrs=base64Types) f.write(out) f.close() os.remove(oxScriptPath) os.rename(newfile, oxScriptPath)
def doAttributeChange(self, attributePath): parser = MyLDIF(open(attributePath, 'rb'), sys.stdout) parser.parse() parser.parse() newfile = attributePath.replace('attributes.ldif', 'attributes_new.ldif') f = open(newfile, 'w') base64Types = [] for idx, val in enumerate(parser.entries): if 'inum' in val: if (val['gluuAttributeName'][0] == "gluuStatus"): print(parser.entries[idx]) parser.entries[idx]["displayName"] = ['User Status'] out = CreateLDIF(parser.getDNs()[idx], parser.entries[idx], base64_attrs=base64Types) f.write(out) f.close() os.remove(attributePath) os.rename(newfile, attributePath)
def dooxAuthChangesFor31(self, oxAuthPath): parser = MyLDIF(open(oxAuthPath, 'rb'), sys.stdout) parser.targetAttr = "oxAuthConfDynamic" atr = parser.parse() oxAuthConfDynamic = parser.lastEntry['oxAuthConfDynamic'][0] oxAuthConfDynamic = oxAuthConfDynamic.replace('seam/resource/', '') oxAuthConfDynamic = oxAuthConfDynamic.replace('restv1/oxauth/', 'restv1/') oxAuthConfDynamic = oxAuthConfDynamic.replace('restv1/uma-configuration', 'restv1/uma2-configuration') dataOxAuthConfDynamic = json.loads(oxAuthConfDynamic) dataOxAuthConfDynamic['grantTypesSupported'].append('password') dataOxAuthConfDynamic['grantTypesSupported'].append('client_credentials') dataOxAuthConfDynamic['grantTypesSupported'].append('refresh_token') dataOxAuthConfDynamic['grantTypesSupported'].append('urn:ietf:params:oauth:grant-type:uma-ticket') dataOxAuthConfDynamic['accessTokenLifetime'] = 300 dataOxAuthConfDynamic['sessionIdLifetime'] = 86400 dataOxAuthConfDynamic['enableClientGrantTypeUpdate'] = True dataOxAuthConfDynamic['externalLoggerConfiguration'] = "" dataOxAuthConfDynamic['httpLoggingEnabled'] = False dataOxAuthConfDynamic['httpLoggingExludePaths'] = [] dataOxAuthConfDynamic['logClientIdOnClientAuthentication'] = True dataOxAuthConfDynamic['logClientNameOnClientAuthentication'] = False dataOxAuthConfDynamic['persistIdTokenInLdap'] = False dataOxAuthConfDynamic['persistRefreshTokenInLdap'] = True dataOxAuthConfDynamic['personCustomObjectClassList'] = ["gluuCustomPerson", "gluuPerson"] dataOxAuthConfDynamic['idTokenSigningAlgValuesSupported'].append("ES512") dataOxAuthConfDynamic['idTokenSigningAlgValuesSupported'].append("none") dataOxAuthConfDynamic['corsConfigurationFilters'] = [] dataCross = { 'corsAllowedHeaders': 'Origin,Authorization,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers', 'corsAllowedMethods': 'GET,POST,HEAD,OPTIONS', 'corsAllowedOrigins': '*', 'corsExposedHeaders': '', 'corsLoggingEnabled': False, 'corsPreflightMaxAge': 1800, 'corsRequestDecorate': True, 'corsSupportCredentials': True, 'filterName': 'CorsFilter'} dataOxAuthConfDynamic['corsConfigurationFilters'].append(dataCross) DynamicGrantTypeDefault = '["authorization_code","implicit","client_credentials","refresh_token","urn:ietf:params:oauth:grant-type:uma-ticket"]' dataOxAuthConfDynamic['dynamicGrantTypeDefault'] = (json.loads(DynamicGrantTypeDefault)) dataOxAuthConfDynamic['responseTypesSupported'] = [] dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["code"]')) dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["code","id_token"]')) dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["token"]')) dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["token","id_token"]')) dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["code","token","id_token"]')) dataOxAuthConfDynamic['responseTypesSupported'].append(json.loads('["id_token"]')) dataOxAuthConfDynamic['dynamicRegistrationCustomObjectClass'] = "" dataOxAuthConfDynamic['dynamicRegistrationCustomAttributes'] = ['oxAuthTrustedClient'] printOxAuthConfDynamic = json.dumps(dataOxAuthConfDynamic, indent=4, sort_keys=True) # print (printOxAuthConfDynamic) parser.lastEntry['oxAuthConfDynamic'][0] = printOxAuthConfDynamic dataOxAuthConfErrors = json.loads(parser.lastEntry['oxAuthConfErrors'][0]) grant = {'id': ("invalid_grant_and_session"), 'description': ( "he provided access token and session state are invalid or were issued to another client."), 'uri': (None)} session = {'id': ("session_not_passed"), 'description': ("The provided session state is empty."), 'uri': (None)} post_logout = {'id': ("post_logout_uri_not_passed"), 'description': ("The provided post logout uri is empty."), 'uri': (None)} post_logout_uri = {'id': ("post_logout_uri_not_associated_with_client"), 'description': ("The provided post logout uri is not associated with client."), 'uri': (None)} invalid_logout_uri = {'id': ("invalid_logout_uri"), 'description': ("The provided logout_uri is invalid."), 'uri': (None)} dataOxAuthConfErrors['endSession'].append(grant) dataOxAuthConfErrors['endSession'].append(session) dataOxAuthConfErrors['endSession'].append(post_logout) dataOxAuthConfErrors['endSession'].append(post_logout_uri) dataOxAuthConfErrors['endSession'].append(invalid_logout_uri) register = {'description': "Value of one or more claims_redirect_uris is invalid.", 'id': "invalid_claims_redirect_uri", 'uri': None} dataOxAuthConfErrors['register'].append(register) uma = {'description': "The provided session is invalid.", 'id': "invalid_session", 'uri': None} dataOxAuthConfErrors['uma'].append(uma) uma1 = {'description': 'Forbidden by policy (policy returned false).', 'id': "forbidden_by_policy", 'uri': None} dataOxAuthConfErrors['uma'].append(uma1) uma2 = {'description': 'The provided permission request is not valid.', 'id': "invalid_permission_request", 'uri': None} dataOxAuthConfErrors['uma'].append(uma2) uma3 = { 'description': 'The claims-gathering script name is not provided or otherwise failed to load script with this name(s).', 'id': "invalid_claims_gathering_script_name", 'uri': None} dataOxAuthConfErrors['uma'].append(uma3) uma4 = {'description': 'The provided ticket was not found at the AS.', 'id': "invalid_ticket", 'uri': None} dataOxAuthConfErrors['uma'].append(uma4) uma5 = {'description': 'The provided client_id is not valid.', 'id': "invalid_client_id", 'uri': None} dataOxAuthConfErrors['uma'].append(uma5) uma6 = {'description': 'The provided claims_redirect_uri is not valid.', 'id': "invalid_claims_redirect_uri", 'uri': None} dataOxAuthConfErrors['uma'].append(uma6) uma7 = { 'description': 'The claim token format is blank or otherwise not supported (supported format is http://openid.net/specs/openid-connect-core-1_0.html#IDToken).', 'id': "invalid_claims_redirect_uri", 'uri': None} dataOxAuthConfErrors['uma'].append(uma7) uma8 = { 'description': 'The claim token is not valid or unsupported. (If format is http://openid.net/specs/openid-connect-core-1_0.html#IDToken then claim token has to be ID Token).', 'id': "invalid_claim_token", 'uri': None} dataOxAuthConfErrors['uma'].append(uma8) uma9 = {'description': 'PCT is invalid (revoked, expired or does not exist anymore on AS)', 'id': "invalid_pct", 'uri': None} dataOxAuthConfErrors['uma'].append(uma9) uma10 = {'description': 'RPT is invalid (revoked, expired or does not exist anymore on AS)', 'id': "invalid_rpt", 'uri': None} dataOxAuthConfErrors['uma'].append(uma10) uma11 = { 'description': 'The provided grant_type valid does not equal to urn:ietf:params:oauth:grant-type:uma-ticket value which is required by UMA 2.', 'id': "invalid_grant_type", 'uri': None} dataOxAuthConfErrors['uma'].append(uma11) # printOxAuthConfErrors = json.dumps(dataOxAuthConfErrors, indent=4, sort_keys=True) # print (printOxAuthConfErrors) base64Types = ["oxAuthConfStatic", "oxAuthConfWebKeys", "oxAuthConfErrors", "oxAuthConfDynamic"] out = CreateLDIF(parser.lastDN, parser.getLastEntry(), base64_attrs=base64Types) newfile = oxAuthPath.replace('/oxauth_config.ldif', '/oxauth_config_new.ldif') # print (newfile) f = open(newfile, 'w') f.write(out) f.close() os.remove(oxAuthPath) os.rename(newfile, oxAuthPath)
def doOxTrustChanges(oxTrustPath): parser = MyLDIF(open(oxTrustPath, 'rb'), sys.stdout) parser.targetAttr = "oxTrustConfApplication" atr = parser.parse() oxTrustConfApplication = parser.lastEntry['oxTrustConfApplication'][0] oxTrustConfApplication = oxTrustConfApplication.replace( 'seam/resource/', '') parser.lastEntry['oxTrustConfApplication'][0] = oxTrustConfApplication oxTrustConfApplicationJson = json.loads(oxTrustConfApplication) oxTrustConfApplicationJson['clientBlackList'] = ["*.attacker.com/*"] oxTrustConfApplicationJson['clientWhiteList'] = ["*"] oxTrustConfApplicationJson[ 'idp3EncryptionCert'] = '/etc/certs/idp-encryption.crt' oxTrustConfApplicationJson[ 'idp3SigningCert'] = '/etc/certs/idp-signing.crt' oxTrustConfApplicationJson['organizationName'] = 'Gluu Inc.' oxTrustConfApplicationJson[ 'velocityLog'] = '/opt/gluu/jetty/identity/logs/velocity.log' oxTrustConfApplicationJson['personObjectClassDisplayNames'] = [ "gluuCustomPerson", "gluuPerson", "eduPerson" ] oxTrustConfApplicationJson['personObjectClassTypes'] = [ "gluuCustomPerson", "gluuPerson", "eduPerson" ] oxTrustConfApplicationJson['rptConnectionPoolCustomKeepAliveTimeout'] = 5 oxTrustConfApplicationJson['rptConnectionPoolDefaultMaxPerRoute'] = 20 oxTrustConfApplicationJson['rptConnectionPoolMaxTotal'] = 200 oxTrustConfApplicationJson['rptConnectionPoolUseConnectionPooling'] = True oxTrustConfApplicationJson['rptConnectionPoolValidateAfterInactivity'] = 10 oxTrustConfApplicationJson['ScimProperties'] = json.loads( '{"maxCount": "200"}') oxTrustConfApplicationJson[ 'shibboleth3FederationRootDir'] = "/opt/shibboleth-federation" oxTrustConfApplicationJson['shibboleth3IdpRootDir'] = "/opt/shibboleth-idp" oxTrustConfApplicationJson[ 'shibboleth3SpConfDir'] = '/opt/shibboleth-idp/sp' oxTrustConfApplicationJson['shibbolethVersion'] = 'v3' oxTrustConfApplicationJson['ldifStore'] = "/var/ox/identity/removed" oxTrustConfApplicationJson['personCustomObjectClass'] = 'gluuCustomPerson' try: del oxTrustConfApplicationJson['umaClientKeyId'] del oxTrustConfApplicationJson['umaClientKeyStoreFile'] del oxTrustConfApplicationJson['umaResourceId'] del oxTrustConfApplicationJson['umaScope'] del oxTrustConfApplicationJson['umaClientId'] del oxTrustConfApplicationJson['shibboleth2SpConfDir'] del oxTrustConfApplicationJson['shibboleth2IdpRootDir'] del oxTrustConfApplicationJson['shibboleth2FederationRootDir'] del oxTrustConfApplicationJson[ 'schemaAddObjectClassWithoutAttributeTypesDefinition'] del oxTrustConfApplicationJson[ 'schemaAddObjectClassWithAttributeTypesDefinition'] del oxTrustConfApplicationJson['schemaAddAttributeDefinition'] del oxTrustConfApplicationJson['recaptchaSiteKey'] del oxTrustConfApplicationJson['recaptchaSecretKey'] del oxTrustConfApplicationJson['oxAuthUserInfo'] del oxTrustConfApplicationJson['oxAuthTokenValidationUrl'] del oxTrustConfApplicationJson['oxAuthTokenUrl'] del oxTrustConfApplicationJson['oxAuthRegisterUrl'] del oxTrustConfApplicationJson['oxAuthEndSessionUrl'] del oxTrustConfApplicationJson['oxAuthLogoutUrl'] del oxTrustConfApplicationJson['oxAuthAuthorizeUrl'] del oxTrustConfApplicationJson['mysqlPassword'] del oxTrustConfApplicationJson['mysqlUrl'] del oxTrustConfApplicationJson['mysqlUser'] del oxTrustConfApplicationJson['authMode'] del oxTrustConfApplicationJson['umaClientKeyStorePassword'] except: logging.debug("Error") parser.lastEntry['oxTrustConfApplication'][0] = json.dumps( oxTrustConfApplicationJson, indent=4, sort_keys=True) oxTrustConfCacheRefresh = parser.lastEntry['oxTrustConfCacheRefresh'][0] oxTrustConfCacheRefreshJson = json.loads(oxTrustConfCacheRefresh) oxTrustConfCacheRefreshJson['inumConfig'][ 'bindDN'] = oxTrustConfCacheRefreshJson['inumConfig'][ 'bindDN'].replace('cn=directory manager', 'cn=directory manager,o=site') oxTrustConfCacheRefreshJson[ 'snapshotFolder'] = '/var/ox/identity/cr-snapshots/' parser.lastEntry['oxTrustConfCacheRefresh'][0] = json.dumps( oxTrustConfCacheRefreshJson, indent=4, sort_keys=True) parser.lastEntry['oxTrustConfImportPerson'] = [ json.dumps( json.loads( '{ "mappings": [{ "ldapName": "uid", "displayName": "Username", "dataType": "string", "required": "true" }, { "ldapName": "givenName", "displayName": "First Name", "dataType": "string", "required": "true" }, { "ldapName": "sn", "displayName": "Last Name", "dataType": "string", "required": "true" }, { "ldapName": "mail", "displayName": "Email", "dataType": "string", "required": "true" }, { "ldapName": "userPassword", "displayName": "Password", "dataType": "string", "required": "false" }]}' )) ] base64Types = [ "oxTrustConfApplication", "oxTrustConfImportPerson", "oxTrustConfCacheRefresh", "oxTrustConfImportPerson" ] out = CreateLDIF(parser.lastDN, parser.getLastEntry(), base64_attrs=base64Types) newfile = oxTrustPath.replace('/oxtrust_config.ldif', '/oxtrust_config_new.ldif') # print (newfile) f = open(newfile, 'w') f.write(out) f.close() os.remove(oxTrustPath) os.rename(newfile, oxTrustPath)