def area_user_exec(v_areaname, v_area):
dbconn = MysqlOper()
adconn = AdOper()
processed_user = dbconn.dbmanyquery('select userid,userorg from idm_user_handle '
'where userhandled > 9 and userareaid = %s', v_area)
for userobj in processed_user:
adfilterstr = f'(&(objectClass=person)(sAMAccountName={userobj[0].lower()})(!(userAccountControl=514)))'
adquery = adconn.adquery('ou=融创集团,dc=SUNAC,dc=local', adfilterstr)
if adquery:
for aduserobj in adconn.adconn.response:
pre_userorg = aduserobj['dn']
l_userorg = pre_userorg.split(',')
userobjcn = l_userorg[0]
userobjou = ','.join(l_userorg[1:])
if userobjou != userobj[1]:
res_admodify = adconn.admove(pre_userorg, userobjcn, userobj[1])
if res_admodify:
dbconn.dbonemod('update idm_user_handle set pre_userorg=%s,userhandled=1 '
'where userid = %s', pre_userorg, userobj[0])
infolog_user('AD信息--区域"%s" 已移动到新OU的用户:%s' % (v_areaname, userobj[0]))
else:
dbconn.dbonemod('update idm_user_handle set pre_userorg=%s,userhandled=10 '
'where userid=%s', pre_userorg, userobj[0])
errlog_user('AD信息--区域"%s" 移动OU失败的用户:%s' % (v_areaname, userobj[0]))
else:
dbconn.dbonemod('update idm_user_handle set pre_userorg=%s,userhandled=2 '
'where userid = %s', pre_userorg, userobj[0])
infolog_user('AD信息--区域"%s" 已存在的用户:%s' % (v_areaname, userobj[0]))
else:
pre_userorg = 'no ad user'
dbconn.dbonemod('update idm_user_handle set pre_userorg=%s,userhandled=0 '
'where userid = %s', pre_userorg, userobj[0])
errlog_user('AD信息--区域"%s" 没有创建的无效用户:%s' % (v_areaname, userobj[0]))
adconn.adclose()
dbconn.dbclose()
def area_org_exec(v_areaname, v_area):
# 绑定Mysql数据库
dbconn = MysqlOper()
adconn = AdOper()
t_maxorglevel = dbconn.dbonequery('select max(organlevel) from idm_org_handle where organhandled > 9 '
'and areaid=%s', v_area)
t_minorglevel = dbconn.dbonequery('select min(organlevel) from idm_org_handle where organhandled > 9 '
'and areaid=%s', v_area)
maxorglevel = t_maxorglevel[0]
minorglevel = t_minorglevel[0]
try:
if maxorglevel is not None:
while minorglevel <= maxorglevel:
t_resorg = dbconn.dbmanyquery(
'select organnumber, organname, organparentno, organdep, pre_orgdep, organhandled '
'from idm_org_handle where organlevel = %s and organhandled > 9 and areaid = %s',
minorglevel, v_area)
if len(t_resorg) > 0:
for orgobject in t_resorg:
adfilter = '(distinguishedName=' + orgobject[3] + ')'
res_adquery = adconn.adquery('ou=融创集团,dc=SUNAC,dc=local', adfilter)
if res_adquery:
dbconn.dbonemod('update idm_org_handle set organhandled = 2 '
'where organnumber = %s ', (orgobject[0]))
infolog_org('AD信息--组织已存在:%s' % orgobject[3])
else:
if orgobject[5] in [10, 11]:
res_ouadd = adconn.adadd(orgobject[3], 'organizationalUnit')
if res_ouadd:
dbconn.dbonemod('update idm_org_handle set organhandled = 1 '
'where organnumber = %s ', (orgobject[0]))
infolog_org('AD信息--创建成功的OU:%s' % (orgobject[3]))
else:
errlog_org('AD信息--创建失败的OU:%s' % (orgobject[3]))
dbconn.dbonemod('update idm_org_handle set organhandled = 10 '
'where organnumber = %s ', (orgobject[0]))
elif orgobject[5] == 12:
res_ourename = adconn.adrename(orgobject[4], 'OU=' + orgobject[1])
if res_ourename:
dbconn.dbonemod('update idm_org_handle set organhandled = 1 '
'where organnumber = %s ', (orgobject[0]))
infolog_org('AD信息--重命名成功的OU:%s' % (orgobject[3]))
else:
errlog_org('AD信息--重命名失败的OU:%s' % (orgobject[3]))
dbconn.dbonemod('update idm_org_handle set organhandled = 10 '
'where organnumber = %s ', (orgobject[0]))
elif orgobject[5] == 13:
orgparent = dbconn.dbonequery('select organdep from idm_org_handle '
'where organnumber = %s ', (orgobject[2]))
res_oumove = adconn.admove(orgobject[4], 'OU=' + orgobject[1], orgparent[0])
if res_oumove:
dbconn.dbonemod('update idm_org_handle set organhandled = 1 '
'where organnumber = %s ', (orgobject[0]))
infolog_org('AD信息--移动成功的OU:%s' % (orgobject[3]))
else:
errlog_org('AD信息--移动失败的OU:%s' % (orgobject[3]))
dbconn.dbonemod('update idm_org_handle set organhandled = 10 '
'where organnumber = %s ', (orgobject[0]))
else:
infolog_org('AD信息--无预定义动作')
dbconn.dbonemod('update dic_idm_org set orghandled = 3 '
'where organnumber = %s ', (orgobject[0]))
else:
infolog_org('AD信息--区域"%s" 没有需要处理的OU' % v_areaname)
minorglevel += 1
else:
infolog_org('AD信息--区域"%s" 没有新增需要处理的OU' % v_areaname)
except Exception as e:
errlog_org(repr(e))
finally:
adconn.adclose()
dbconn.dbclose()
def area_user_handle(v_areaname, v_area, levelnum):
dbconn = MysqlOper()
userhandlenum = dbconn.dbonequery(
'select count(0) from idm_user_handle where userareaid = %s', v_area)
if userhandlenum[0] == 0:
user_basic = dbconn.dbmanyquery(
'select userid, username, userdeptno, userorg, userupdate, '
'usercreate, useremptype, userstatus, userareaid '
'from idm_user_data where userareaid = %s', v_area)
else:
user_incdate = dbconn.dbonequery(
'select max(userupdate) from idm_user_handle '
'where userareaid = %s', v_area)
user_basic = dbconn.dbmanyquery(
'select userid, username, userdeptno, userorg, userupdate, '
'usercreate, useremptype, userstatus, userareaid from idm_user_data '
'where userupdate > %s and userareaid = %s', user_incdate[0],
v_area)
if len(user_basic) > 0:
l_userinfo = []
for userinfo in user_basic:
l_userorgou = []
userid = userinfo[0]
username = userinfo[1]
userdeptno = userinfo[2]
userupdate = userinfo[4]
usercreate = userinfo[5]
useremptype = userinfo[6]
userstatus = userinfo[7]
userareaid = userinfo[8]
l_userorg = userinfo[3].split('_')
v_userorglevel = len(l_userorg)
if v_userorglevel >= levelnum:
userorglevel = levelnum
else:
userorglevel = v_userorglevel
for index in range(userorglevel):
if l_userorg[index] == '融创中国':
l_userorg[index] = '融创集团'
l_userorgou.append('OU=' + l_userorg[index])
else:
l_userorgou.append('OU=' + l_userorg[index])
l_userorgou.reverse()
userorg = (','.join(l_userorgou) + ',DC=SUNAC,DC=local')
# 判断条件不够,可以加上 用户如果没有变化 就不需要
if userstatus == 'Active' and useremptype == 'Full-Time':
if userhandlenum[0] == 0:
userhandled = 11
else:
res_userhandle = dbconn.dbonequery(
'select userid, userorg, userhandled from idm_user_handle '
'where userid = %s', userid)
if res_userhandle is not None and res_userhandle[
1] == userorg and res_userhandle[2] in (1, 2):
userhandled = 7
else:
userhandled = 11
else:
userhandled = 0
t_userobj = (userid, username, userdeptno, userorg, userupdate,
usercreate, useremptype, userstatus, userareaid,
userhandled)
l_userinfo.append(t_userobj)
res_insert = dbconn.dbmanyinsert(
'replace into idm_user_handle(userid,username,userdeptno,userorg,'
'userupdate,usercreate,useremptype,userstatus,userareaid,userhandled) '
'values(%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)', l_userinfo)
if res_insert:
infolog_user('IDM信息--区域"%s" 已处理用户原始数据信息:%s条' %
(v_areaname, len(user_basic)))
else:
infolog_user('IDM信息--区域"%s" 没有新的用户需要做处理' % v_areaname)
dbconn.dbclose()
def area_org_handle(v_areaname, v_area, levelnum):
dbconn = MysqlOper()
orghandlenum = dbconn.dbonequery('select count(0) from idm_org_handle where areaid = %s', v_area)
if orghandlenum[0] == 0:
org_basic = dbconn.dbmanyquery('select organnumber,organname,organparentno,organupdate,organcreate,'
'organdep,organstatus,areaid from idm_org_data where areaid = %s', v_area)
else:
org_incdate = dbconn.dbonequery('select max(organupdate) from idm_org_handle '
'where areaid = %s', v_area)
org_basic = dbconn.dbmanyquery('select organnumber,organname,organparentno,organupdate,organcreate,'
'organdep,organstatus,areaid from idm_org_data '
'where organupdate > %s and areaid = %s', org_incdate[0], v_area)
if len(org_basic) > 0:
l_orginfo = []
for objbasicorg in org_basic:
l_orglongnamestr = []
organnumber = objbasicorg[0]
organname = objbasicorg[1]
organparentno = objbasicorg[2]
organupdate = objbasicorg[3]
organcreate = objbasicorg[4]
organstatus = objbasicorg[6]
areaid = objbasicorg[7]
organdisplayname = objbasicorg[5]
if organdisplayname is not None:
l_orglongname = organdisplayname.split('_')
organlevel = len(l_orglongname)
for index in range(organlevel):
if l_orglongname[index] == '融创中国':
l_orglongname[index] = '融创集团'
l_orglongnamestr.append('OU=' + l_orglongname[index])
else:
l_orglongnamestr.append('OU=' + l_orglongname[index])
l_orglongnamestr.reverse()
organdep = (','.join(l_orglongnamestr) + ',DC=SUNAC,DC=local')
else:
organdep = 'no idm organization'
organlevel = 0
if organdisplayname is not None and organdisplayname.startswith('融创中国') \
and organstatus == 'Active':
obj_idmorg = dbconn.dbonequery(
'select organnumber, organname, organparentno, organdep, organhandled from idm_org_handle '
'where organnumber = %s ', organnumber)
if organlevel > levelnum:
pre_orgparentno = "not required pre org num"
pre_orgdep = "not required pre org"
organhandled = 6
elif obj_idmorg is None:
pre_orgparentno = "no pre Organization Num"
pre_orgdep = "no pre Organization"
organhandled = 11
else:
pre_orgparentno = obj_idmorg[2]
pre_orgdep = obj_idmorg[3]
if obj_idmorg[4] == 11:
organhandled = 11
elif organname != obj_idmorg[1] and organparentno == pre_orgparentno:
organhandled = 12
elif organname == obj_idmorg[1] and organparentno != pre_orgparentno:
organhandled = 13
elif organname == obj_idmorg[1] and organparentno == pre_orgparentno \
and organdep != pre_orgdep:
organhandled = 5
else:
organhandled = 3
else:
organhandled = 0
pre_orgparentno = "Error pre Organization Num"
pre_orgdep = "Error pre Organization"
orgobject = (organnumber, organname, organparentno, organupdate, organcreate,
organdep, organlevel, organstatus, pre_orgparentno, pre_orgdep, organhandled, areaid)
l_orginfo.append(orgobject)
res_insert = dbconn.dbmanyinsert('replace into idm_org_handle(organnumber,organname,organparentno,organupdate,'
'organcreate,organdep,organlevel,organstatus,pre_orgparentno,pre_orgdep,'
'organhandled,areaid) values (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)', l_orginfo)
if res_insert:
infolog_org('IDM信息--区域"%s" 已处理组织原始数据信息:%s条' % (v_areaname, len(org_basic)))
else:
infolog_org('IDM信息--区域"%s" 没有新的组织需要做处理' % v_areaname)
dbconn.dbclose()
def area_comp_exec(v_areaname, v_area):
adconn = AdOper()
dbconn = MysqlOper()
t_areainfo = dbconn.dbmanyquery(
'select areadn from sum_inf_area '
'where status = 1 and parentid =%s order by parentid', v_area)
# 创建区域定义的计算机OU
for obj_area in t_areainfo:
adfilter = '(distinguishedName=' + obj_area[0] + ')'
querycompou = adconn.adquery('OU=融创集团,DC=SUNAC,DC=local', adfilter)
if querycompou:
pass
else:
resadou = adconn.adadd(obj_area[0], 'organizationalUnit')
if resadou:
infolog_comp(f'AD信息--区域计算机OU创建成功,{obj_area[0]}')
# 查询computers OU下的以当前区域代码为前缀的计算机
adcompprefix = dbconn.dbonequery(
'select compprefix, areaname from sum_inf_area where areaid = %s',
v_area)
adconn.adattrquery('CN=Computers,DC=SUNAC,DC=local',
f"(&(objectClass=computer)(name={adcompprefix[0]}*))",
'name')
t_adcomp = dbconn.dbmanyquery(
'select compprefix, areadn, areacode, areaname from sum_inf_area '
'where parentid = %s and status = 1 order by compprefix desc', v_area)
resadconn = adconn.adconn.response
if len(resadconn) > 0:
# 循环当前区域的主机,归类到对应的OU下
for_compmove(v_areaname, resadconn, t_adcomp)
else:
pass
# 将单个区域下computer OU下的计算机账号归类
adconn.adattrquery(
f"OU=computers,OU={adcompprefix[1]},OU=融创集团,DC=SUNAC,DC=local",
f"(&(objectClass=computer)(name={adcompprefix[0]}*))", 'name')
t_adcomp1 = dbconn.dbmanyquery(
'select compprefix, areadn, areacode, areaname from sum_inf_area '
'where parentid = %s and status = 1 order by compprefix desc', v_area)
resadconn1 = adconn.adconn.response
if len(resadconn1) > 0:
for_compmove(v_areaname, resadconn1, t_adcomp1)
else:
pass
# 查询单个区域下的计算机OU组是否有变更计算机账号,并做相应归类
t_areaou = dbconn.dbmanyquery(
'select areacode,compprefix,areadn from sum_inf_area '
'where parentid = %s and status = 1', v_area)
p_areaou = dbconn.dbonequery(
'select areacode from sum_inf_area where areaid = %s', v_area)
t_adcomp2 = dbconn.dbmanyquery(
'select compprefix, areadn, areacode, areaname from sum_inf_area '
'where status = 1 and parentid<>0 order by compprefix desc')
for areaou in t_areaou:
adconn.adattrquery(areaou[2],
f"(&(objectClass=computer)(!(name={areaou[1]}*)))",
'name')
resadconn2 = adconn.adconn.response
if len(resadconn2) > 0:
for_compmove(v_areaname, resadconn2, t_adcomp2)
else:
pass
adconn.adclose()
dbconn.dbclose()
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from app.adorg.idm_org_inc import area_org_inc
from app.adorg.idm_org_handle import area_org_handle
from app.adorg.ad_org_exec import area_org_exec
from app.aduser.idm_user_inc import area_user_inc
from app.aduser.idm_user_handle import area_user_handle
from app.aduser.ad_user_exec import area_user_exec
from libs.connect import MysqlOper
from app.adcomp.ad_comp_exec import area_comp_exec
dbconn = MysqlOper()
areainfo = dbconn.dbmanyquery(
'select areaname, areaid, adorglevel '
'from sum_inf_area where parentid = 0 '
'and compprefix in ("BJ","JT","HZ","HB","HN","XN","DN")')
if __name__ == '__main__':
# 执行IDM组织数据增量同步
area_org_inc()
# 执行IDM用户数据增量同步
area_user_inc()
for objarea in areainfo:
# 执行区域组织数据过滤处理
area_org_handle(objarea[0], objarea[1], objarea[2])
# 区域组织数据根据定制规则进行处理
area_org_exec(objarea[0], objarea[1])
# 执行区域用户组织数据过滤处理
area_user_handle(objarea[0], objarea[1], objarea[2])