From 270e1d61e5dc378f74571d5c844ee79dcf179357 Mon Sep 17 00:00:00 2001 From: Oliver Stolpe Date: Tue, 17 Dec 2024 16:01:41 +0100 Subject: [PATCH] WIP --- adminsec/tasks.py | 5 +++- utils/cli/hpc_access_cli/ldap.py | 7 +++++ utils/cli/hpc_access_cli/main.py | 48 ++++++++++++++++++++++++++++-- utils/cli/hpc_access_cli/models.py | 2 ++ utils/cli/hpc_access_cli/states.py | 1 + 5 files changed, 60 insertions(+), 3 deletions(-) diff --git a/adminsec/tasks.py b/adminsec/tasks.py index acd24f2..cde5211 100644 --- a/adminsec/tasks.py +++ b/adminsec/tasks.py @@ -58,6 +58,7 @@ def _sync_ldap(write=False, verbose=False, ldapcon=None): first_name = userinfo.givenName last_name = userinfo.sn mail = userinfo.mail + name = userinfo.displayName disabled = True if userAccountControl: @@ -78,7 +79,9 @@ def _sync_ldap(write=False, verbose=False, ldapcon=None): if uid: user.uid = uid[0] - user.name = " ".join([user.first_name, user.last_name]) + if name: + user.name = name[0] + user.is_active = not disabled if user.hpcuser_user.exists(): diff --git a/utils/cli/hpc_access_cli/ldap.py b/utils/cli/hpc_access_cli/ldap.py index bd051bb..c0fd955 100644 --- a/utils/cli/hpc_access_cli/ldap.py +++ b/utils/cli/hpc_access_cli/ldap.py @@ -109,6 +109,7 @@ def load_users(self) -> List[LdapUser]: raise ValueError(f"Missing LDAP attribute uid for {entry.entry_dn}") sn = attribute_as_str(entry.sn) given_name = attribute_as_str(entry.givenName) + display_name = attribute_as_str(entry.displayName) home_directory = attribute_as_str(entry.homeDirectory) if not home_directory: raise ValueError(f"Missing LDAP attribute homeDirectory for {entry.entry_dn}") @@ -123,6 +124,7 @@ def load_users(self) -> List[LdapUser]: sn=sn, mail=attribute_as_str(entry.mail), given_name=given_name, + display_name=display_name, uid_number=uid_number, gid_number=gid_number, home_directory=home_directory, @@ -149,6 +151,11 @@ def _user_op_create(self, user: LdapUser, dry_run: bool): "uid": user.uid, "uidNumber": user.uid_number, "homeDirectory": user.home_directory, + "mail": user.mail, + "telephoneNumber": user.telephone_number, + "loginShell": user.login_shell, + "gidNumber": user.gid_number, + "displayName": user.display_name, } if user.sn: user_data["sn"] = user.sn diff --git a/utils/cli/hpc_access_cli/main.py b/utils/cli/hpc_access_cli/main.py index 048cd32..87d1d14 100644 --- a/utils/cli/hpc_access_cli/main.py +++ b/utils/cli/hpc_access_cli/main.py @@ -129,8 +129,52 @@ def sync_data( comparison = TargetStateComparison(settings.hpc_access, src_state, dst_state) operations = comparison.run() # console_err.print_json(data=operations.model_dump(mode="json")) - for user_op in operations.ldap_user_ops: - console_err.print_json(data=user_op.model_dump(mode="json")) + with open("ldap_user_disable.ldif", "w") as fh_disable, open("ldap_user_create.ldif", ) as fh_create, open("ldap_user_update.ldif", "w") as fh_update: + for user_op in operations.ldap_user_ops: + data = user_op.model_dump(mode="json") + if data["operation"] == "CREATE": + console_err.log(f"create user {data['name']}") + fh_create.write(f"dn: {data["user"]['dn']}\n") + fh_create.write("changetype: add\n") + fh_create.write("objectClass: inetOrgPerson\n") + fh_create.write("objectClass: posixAccount\n") + fh_create.write("objectClass: ldapPublicKey\n") + fh_create.write("objectClass: bih-expireDates\n") + fh_create.write("objectClass: top\n") + fh_create.write(f"cn: {data['user']['cn']}\n") + fh_create.write(f"gidNumber: {data['user']['gidNumber']}\n") + fh_create.write(f"homeDirectory: {data['user']['homeDirectory']}\n") + fh_create.write(f"sn: {data['user']['sn']}\n") + fh_create.write(f"uid: {data['user']['uid']}\n") + fh_create.write(f"uidNumber: {data['user']['uidNumber']}\n") + if data["user"]["givenName"]: + fh_create.write(f"givenName: {data['user']['givenName']}\n") + if data["user"]["loginShell"]: + fh_create.write(f"loginShell: {data['user']['loginShell']}\n") + if data["user"]["mail"]: + fh_create.write(f"mail: {data['user']['mail']}\n") + if data["user"]["telephoneNumber"]: + fh_create.write(f"telephoneNumber: {data['user']['telephoneNumber']}\n") + fh_create.write("\n") + + elif data["operation"] == "UPDATE": + console_err.log(f"update user {data['name']}") + for key, value in data["diff"].items(): + fh_update.write(f"dn: {data["user"]['dn']}\n") + fh_update.write("changetype: modify\n") + if not value: + fh_update.write(f"delete: {key}\n") + else: + fh_update.write(f"replace: {key}\n") + fh_update.write(f"{key}: {value}\n") + fh_update.write("\n") + + elif data["operation"] == "DISABLE": + console_err.log(f"disable user {data['name']}") + fh_disable.write(f"dn: {data["user"]["dn"]}\n") + fh_disable.write("changetype: modify\n") + fh_disable.write("replace: login_shell\n") + fh_disable.write("login_shell: /usr/sbin/nologin\n\n") # connection = LdapConnection(settings.ldap_hpc) # console_err.log(f"applying LDAP group operations now, dry_run={dry_run}") # for group_op in operations.ldap_group_ops: diff --git a/utils/cli/hpc_access_cli/models.py b/utils/cli/hpc_access_cli/models.py index 319577e..0b44003 100644 --- a/utils/cli/hpc_access_cli/models.py +++ b/utils/cli/hpc_access_cli/models.py @@ -153,6 +153,8 @@ class LdapUser(BaseModel): sn: Optional[str] #: The user's given name. given_name: Optional[str] + #: The user's display name. + display_name: Optional[str] #: The numeric user ID. uid_number: int #: The primary group of the user. diff --git a/utils/cli/hpc_access_cli/states.py b/utils/cli/hpc_access_cli/states.py index aeb0d0f..80a84cb 100644 --- a/utils/cli/hpc_access_cli/states.py +++ b/utils/cli/hpc_access_cli/states.py @@ -330,6 +330,7 @@ def _build_ldap_users(self, hpcaccess_state: HpcaccessState) -> Dict[str, LdapUs cn=user.full_name, sn=user.last_name, given_name=user.first_name, + display_name=user.full_name, uid=user.username, mail=user.email, # gecos=None,