Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
@stolpeo
stolpeo committed Dec 17, 2024
1 parent 5af1657 commit 270e1d6
Show file tree
Hide file tree
Showing 5 changed files with 60 additions and 3 deletions.
5 changes: 4 additions & 1 deletion adminsec/tasks.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ def _sync_ldap(write=False, verbose=False, ldapcon=None):
first_name = userinfo.givenName
last_name = userinfo.sn
mail = userinfo.mail
name = userinfo.displayName
disabled = True

if userAccountControl:
Expand All @@ -78,7 +79,9 @@ def _sync_ldap(write=False, verbose=False, ldapcon=None):
if uid:
user.uid = uid[0]

user.name = " ".join([user.first_name, user.last_name])
if name:
user.name = name[0]

user.is_active = not disabled

if user.hpcuser_user.exists():
Expand Down
7 changes: 7 additions & 0 deletions utils/cli/hpc_access_cli/ldap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ def load_users(self) -> List[LdapUser]:
raise ValueError(f"Missing LDAP attribute uid for {entry.entry_dn}")
sn = attribute_as_str(entry.sn)
given_name = attribute_as_str(entry.givenName)
display_name = attribute_as_str(entry.displayName)
home_directory = attribute_as_str(entry.homeDirectory)
if not home_directory:
raise ValueError(f"Missing LDAP attribute homeDirectory for {entry.entry_dn}")
Expand All @@ -123,6 +124,7 @@ def load_users(self) -> List[LdapUser]:
sn=sn,
mail=attribute_as_str(entry.mail),
given_name=given_name,
display_name=display_name,
uid_number=uid_number,
gid_number=gid_number,
home_directory=home_directory,
Expand All @@ -149,6 +151,11 @@ def _user_op_create(self, user: LdapUser, dry_run: bool):
"uid": user.uid,
"uidNumber": user.uid_number,
"homeDirectory": user.home_directory,
"mail": user.mail,
"telephoneNumber": user.telephone_number,
"loginShell": user.login_shell,
"gidNumber": user.gid_number,
"displayName": user.display_name,
}
if user.sn:
user_data["sn"] = user.sn
Expand Down
48 changes: 46 additions & 2 deletions utils/cli/hpc_access_cli/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,8 +129,52 @@ def sync_data(
comparison = TargetStateComparison(settings.hpc_access, src_state, dst_state)
operations = comparison.run()
# console_err.print_json(data=operations.model_dump(mode="json"))
for user_op in operations.ldap_user_ops:
console_err.print_json(data=user_op.model_dump(mode="json"))
with open("ldap_user_disable.ldif", "w") as fh_disable, open("ldap_user_create.ldif", ) as fh_create, open("ldap_user_update.ldif", "w") as fh_update:
for user_op in operations.ldap_user_ops:
data = user_op.model_dump(mode="json")
if data["operation"] == "CREATE":
console_err.log(f"create user {data['name']}")
fh_create.write(f"dn: {data["user"]['dn']}\n")
fh_create.write("changetype: add\n")
fh_create.write("objectClass: inetOrgPerson\n")
fh_create.write("objectClass: posixAccount\n")
fh_create.write("objectClass: ldapPublicKey\n")
fh_create.write("objectClass: bih-expireDates\n")
fh_create.write("objectClass: top\n")
fh_create.write(f"cn: {data['user']['cn']}\n")
fh_create.write(f"gidNumber: {data['user']['gidNumber']}\n")
fh_create.write(f"homeDirectory: {data['user']['homeDirectory']}\n")
fh_create.write(f"sn: {data['user']['sn']}\n")
fh_create.write(f"uid: {data['user']['uid']}\n")
fh_create.write(f"uidNumber: {data['user']['uidNumber']}\n")
if data["user"]["givenName"]:
fh_create.write(f"givenName: {data['user']['givenName']}\n")
if data["user"]["loginShell"]:
fh_create.write(f"loginShell: {data['user']['loginShell']}\n")
if data["user"]["mail"]:
fh_create.write(f"mail: {data['user']['mail']}\n")
if data["user"]["telephoneNumber"]:
fh_create.write(f"telephoneNumber: {data['user']['telephoneNumber']}\n")
fh_create.write("\n")

elif data["operation"] == "UPDATE":
console_err.log(f"update user {data['name']}")
for key, value in data["diff"].items():
fh_update.write(f"dn: {data["user"]['dn']}\n")
fh_update.write("changetype: modify\n")
if not value:
fh_update.write(f"delete: {key}\n")
else:
fh_update.write(f"replace: {key}\n")
fh_update.write(f"{key}: {value}\n")
fh_update.write("\n")

elif data["operation"] == "DISABLE":
console_err.log(f"disable user {data['name']}")
fh_disable.write(f"dn: {data["user"]["dn"]}\n")
fh_disable.write("changetype: modify\n")
fh_disable.write("replace: login_shell\n")
fh_disable.write("login_shell: /usr/sbin/nologin\n\n")
# connection = LdapConnection(settings.ldap_hpc)
# console_err.log(f"applying LDAP group operations now, dry_run={dry_run}")
# for group_op in operations.ldap_group_ops:
Expand Down
2 changes: 2 additions & 0 deletions utils/cli/hpc_access_cli/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,8 @@ class LdapUser(BaseModel):
sn: Optional[str]
#: The user's given name.
given_name: Optional[str]
#: The user's display name.
display_name: Optional[str]
#: The numeric user ID.
uid_number: int
#: The primary group of the user.
Expand Down
1 change: 1 addition & 0 deletions utils/cli/hpc_access_cli/states.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,6 +330,7 @@ def _build_ldap_users(self, hpcaccess_state: HpcaccessState) -> Dict[str, LdapUs
cn=user.full_name,
sn=user.last_name,
given_name=user.first_name,
display_name=user.full_name,
uid=user.username,
mail=user.email,
# gecos=None,
Expand Down

0 comments on commit 270e1d6

Please sign in to comment.