Commit 7dcdae94 authored by Andrea Veri's avatar Andrea Veri

Drop redundant code and start making good use of the gnome_ldap_utils class

parent 2b4d369b
...@@ -19,7 +19,6 @@ class Gnome_ldap_utils: ...@@ -19,7 +19,6 @@ class Gnome_ldap_utils:
print >>sys.stderr, e print >>sys.stderr, e
sys.exit(1) sys.exit(1)
def get_group_from_ldap(self, group): def get_group_from_ldap(self, group):
import ldap.filter import ldap.filter
...@@ -39,7 +38,6 @@ class Gnome_ldap_utils: ...@@ -39,7 +38,6 @@ class Gnome_ldap_utils:
return members return members
def get_attributes_from_ldap(self, uid, attr): def get_attributes_from_ldap(self, uid, attr):
import ldap.filter import ldap.filter
...@@ -51,8 +49,11 @@ class Gnome_ldap_utils: ...@@ -51,8 +49,11 @@ class Gnome_ldap_utils:
else: else:
return None return None
def get_uids_from_group(self, group): def get_uids_from_group(self, group):
people = self.get_group_from_ldap(group) people = self.get_group_from_ldap(group)
return people return people
def replace_ldap_password(self, userid, password):
replace_password = [(ldap.MOD_REPLACE, 'userPassword', password)]
l.modify_s('uid=%s,%s' % (self.LDAP_USER_BASE, userid, replace_password)
\ No newline at end of file
#!/usr/bin/python #!/usr/bin/python
import ldap
import ldap.filter
import string import string
import smtplib import smtplib
import sys import sys
import os import os
import ldap.modlist as modlist
from email.MIMEText import MIMEText
LDAP_GROUP_BASE='cn=groups,cn=accounts,dc=gnome,dc=org'
LDAP_USER_BASE='cn=users,cn=accounts,dc=gnome,dc=org'
from email.MIMEText import MIMEText
from gnome_ldap_utils import *
execfile('/home/admin/secret/freeipa') execfile('/home/admin/secret/freeipa')
try: glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', ldap_password)
l = ldap.open('localhost')
l.simple_bind("cn=Directory Manager", ldap_password)
except ldap.LDAPError, e:
print >>sys.stderr, e
sys.exit(1)
def _parse_members_from_group(group):
filter = ldap.filter.filter_format('(&(objectClass=posixGroup)(cn=%s))', (group, ))
results = l.search_s(LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE, filter, ('member', ))
members = set()
for _, attr in results:
for userid in attr['member']:
splitentry = userid.split(',')
singleentry = splitentry[0]
splitteduid = singleentry.split('=')
uid = splitteduid[1]
members.add(uid)
return members
def _get_attributes_from_ldap(userid, attr):
filter = ldap.filter.filter_format('(uid=%s)', (userid, ))
results = l.search_s(LDAP_USER_BASE, ldap.SCOPE_SUBTREE, filter, ('uid', attr, ))
if len(results) > 0:
return results[0][1][attr][0]
else:
return None
def gen_passwd(length=12, chars=string.letters + string.digits): def gen_passwd(length=12, chars=string.letters + string.digits):
...@@ -76,10 +38,10 @@ def gen_passwd(length=12, chars=string.letters + string.digits): ...@@ -76,10 +38,10 @@ def gen_passwd(length=12, chars=string.letters + string.digits):
def check_existing_password(userid): def check_existing_password(userid):
accountsteam = _parse_members_from_group('accounts') accountsteam = glu.get_group_from_ldap('accounts')
sysadminteam = _parse_members_from_group('sysadmin') sysadminteam = glu.get_group_from_ldap('sysadmin')
if _get_attributes_from_ldap(userid, 'uid') == None: if glu.get_attributes_from_ldap(userid, 'uid') == None:
print 'The specified UID does not exist, please get in contact with the GNOME Accounts Team to know more' print 'The specified UID does not exist, please get in contact with the GNOME Accounts Team to know more'
sys.exit(1) sys.exit(1)
...@@ -91,14 +53,12 @@ def check_existing_password(userid): ...@@ -91,14 +53,12 @@ def check_existing_password(userid):
def update_password(userid): def update_password(userid):
getattr_name = _get_attributes_from_ldap(userid, 'cn') getattr_name = glu.get_attributes_from_ldap(userid, 'cn')
getattr_mail = _get_attributes_from_ldap(userid, 'mail') getattr_mail = glu.get_attributes_from_ldap(userid, 'mail')
newpassword = {'userPassword': gen_passwd()} newpassword = {'userPassword': gen_passwd()}
replace_password = [(ldap.MOD_REPLACE, 'userPassword', newpassword['userPassword'])] glu.replace_ldap_password(userid, newpassword['userPassword'])
l.modify_s('uid=%s,cn=users,cn=accounts,dc=gnome,dc=org' % userid, replace_password)
send_password_to_user(getattr_name, getattr_mail, newpassword['userPassword']) send_password_to_user(getattr_name, getattr_mail, newpassword['userPassword'])
...@@ -129,4 +89,4 @@ the GNOME Accounts Team""" % (name, password) ...@@ -129,4 +89,4 @@ the GNOME Accounts Team""" % (name, password)
print "ERROR: I wasn't able to send the email correctly, please check /var/log/maillog!" print "ERROR: I wasn't able to send the email correctly, please check /var/log/maillog!"
my_userid = os.getenv('SUDO_USER') my_userid = os.getenv('SUDO_USER')
check_existing_password(my_userid) check_existing_password(my_userid)
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment