Ladsgroup has uploaded a new change for review.
https://gerrit.wikimedia.org/r/278271
Change subject: First flake8 pass on LDAP
......................................................................
First flake8 pass on LDAP
Change-Id: I358c4bd5320632505422c17a52e0a85cd6d2bd57
---
M modules/ldap/files/scripts/add-ldap-group
M modules/ldap/files/scripts/add-ldap-user
M modules/ldap/files/scripts/change-ldap-passwd
M modules/ldap/files/scripts/delete-ldap-group
M modules/ldap/files/scripts/delete-ldap-user
M modules/ldap/files/scripts/homedirectorymanager.py
M modules/ldap/files/scripts/ldaplist
M modules/ldap/files/scripts/ldapsupportlib.py
M modules/ldap/files/scripts/modify-ldap-group
M modules/ldap/files/scripts/modify-ldap-user
M modules/ldap/files/scripts/netgroup-mod
M modules/ldap/files/scripts/ssh-key-ldap-lookup
12 files changed, 753 insertions(+), 252 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/71/278271/1
diff --git a/modules/ldap/files/scripts/add-ldap-group
b/modules/ldap/files/scripts/add-ldap-group
index ab43c04..afd3374 100755
--- a/modules/ldap/files/scripts/add-ldap-group
+++ b/modules/ldap/files/scripts/add-ldap-group
@@ -1,8 +1,8 @@
#!/usr/bin/python
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/ldap/scripts/add-ldap-group
+# THIS FILE IS MANAGED BY PUPPET
+# puppet:///modules/ldap/scripts/add-ldap-group
#####################################################################
import sys
@@ -22,14 +22,28 @@
def main():
parser = OptionParser(conflict_handler="resolve")
- parser.set_usage('add-ldap-group [options] <groupname>\nexample:
add-ldap-group wikidev')
+ parser.set_usage(
+ 'add-ldap-group [options] <groupname>\nexample: add-ldap-group
wikidev')
ldapSupportLib = ldapsupportlib.LDAPSupportLib()
ldapSupportLib.addParserOptions(parser, "scriptuser")
- parser.add_option("-m", "--directorymanager", action="store_true",
dest="directorymanager", help="Use the Directory Manager's credentials, rather
than your own")
- parser.add_option("--gid", action="store", dest="gidNumber", help="The
group's gid (default: next available gid)")
- parser.add_option("--members", action="store", dest="members", help="A
comma separated list of group members to add to this group")
+ parser.add_option(
+ "-m",
+ "--directorymanager",
+ action="store_true",
+ dest="directorymanager",
+ help="Use the Directory Manager's credentials, rather than your own")
+ parser.add_option(
+ "--gid",
+ action="store",
+ dest="gidNumber",
+ help="The group's gid (default: next available gid)")
+ parser.add_option(
+ "--members",
+ action="store",
+ dest="members",
+ help="A comma separated list of group members to add to this group")
(options, args) = parser.parse_args()
if len(args) != 1:
@@ -78,7 +92,8 @@
# member expects DNs
members.append('uid=' + raw_member + ',ou=people,' + base)
except KeyError:
- sys.stderr.write(raw_member + " doesn't exist, and won't
be added to the group.\n")
+ sys.stderr.write(
+ raw_member + " doesn't exist, and won't be added to
the group.\n")
groupEntry = {}
groupEntry['objectclass'] = objectClasses
@@ -89,12 +104,15 @@
modlist = ldap.modlist.addModlist(groupEntry)
ds.add_s(dn, modlist)
- except ldap.UNWILLING_TO_PERFORM, msg:
- sys.stderr.write("LDAP was unwilling to create the group. Error was:
%s\n" % msg[0]["info"])
+ except ldap.UNWILLING_TO_PERFORM as msg:
+ sys.stderr.write(
+ "LDAP was unwilling to create the group. Error was: %s\n" %
+ msg[0]["info"])
ds.unbind()
sys.exit(1)
except ldap.TYPE_OR_VALUE_EXISTS:
- sys.stderr.write("The group or gid you are trying to add already
exists.\n")
+ sys.stderr.write(
+ "The group or gid you are trying to add already exists.\n")
traceback.print_exc(file=sys.stderr)
ds.unbind()
sys.exit(1)
@@ -105,7 +123,8 @@
sys.exit(1)
except Exception:
try:
- sys.stderr.write("There was a general error, this is unexpected;
see traceback.\n")
+ sys.stderr.write(
+ "There was a general error, this is unexpected; see
traceback.\n")
traceback.print_exc(file=sys.stderr)
ds.unbind()
except Exception:
diff --git a/modules/ldap/files/scripts/add-ldap-user
b/modules/ldap/files/scripts/add-ldap-user
index 3fb5c38..88678f0 100755
--- a/modules/ldap/files/scripts/add-ldap-user
+++ b/modules/ldap/files/scripts/add-ldap-user
@@ -1,8 +1,8 @@
#!/usr/bin/python
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/ldap/scripts/add-ldap-user
+# THIS FILE IS MANAGED BY PUPPET
+# puppet:///modules/ldap/scripts/add-ldap-user
#####################################################################
import sys
@@ -26,21 +26,65 @@
def main():
parser = OptionParser(conflict_handler="resolve")
- parser.set_usage('add-ldap-user [options] <username> <key(s)>\nexample:
add-ldap-user laner http://ryandlane.com/static/pubkey.key')
+ parser.set_usage(
+ 'add-ldap-user [options] <username> <key(s)>\nexample: add-ldap-user
laner http://ryandlane.com/static/pubkey.key')
ldapSupportLib = ldapsupportlib.LDAPSupportLib()
ldapSupportLib.addParserOptions(parser, "scriptuser")
- parser.add_option("-m", "--directorymanager", action="store_true",
dest="directorymanager", help="Use the Directory Manager's credentials, rather
than your own")
- parser.add_option("--shell", action="store", dest="loginShell",
default="/usr/local/bin/sillyshell", help="The user's shell (default:
/usr/bin/sillyshell)")
- parser.add_option("--gid", action="store", dest="gidNumber",
default="550", help="The user's gid (default: 550)")
- parser.add_option("--uid", action="store", dest="uidNumber", help="The
user's uid (default: next available uid)")
- parser.add_option("--home", action="store", dest="homeDirectory",
help="The user's home directory (default /home/username)")
- parser.add_option("--cn", action="store", dest="cn", help="The user's CN
(default: firstname + lastname, or username, if first/last not set)")
- parser.add_option("--firstname", action="store", dest="givenName",
help="The user's first name (default: username)")
- parser.add_option("--lastname", action="store", dest="sn", help="The
user's last name (default: username)")
- parser.add_option("--mail", action="store", dest="mail", help="The user's
email address")
- parser.add_option("--dry-run", action="store_true", dest="dryRun",
help="Dry run mode (no changes)")
+ parser.add_option(
+ "-m",
+ "--directorymanager",
+ action="store_true",
+ dest="directorymanager",
+ help="Use the Directory Manager's credentials, rather than your own")
+ parser.add_option(
+ "--shell",
+ action="store",
+ dest="loginShell",
+ default="/usr/local/bin/sillyshell",
+ help="The user's shell (default: /usr/bin/sillyshell)")
+ parser.add_option(
+ "--gid",
+ action="store",
+ dest="gidNumber",
+ default="550",
+ help="The user's gid (default: 550)")
+ parser.add_option(
+ "--uid",
+ action="store",
+ dest="uidNumber",
+ help="The user's uid (default: next available uid)")
+ parser.add_option(
+ "--home",
+ action="store",
+ dest="homeDirectory",
+ help="The user's home directory (default /home/username)")
+ parser.add_option(
+ "--cn",
+ action="store",
+ dest="cn",
+ help="The user's CN (default: firstname + lastname, or username, if
first/last not set)")
+ parser.add_option(
+ "--firstname",
+ action="store",
+ dest="givenName",
+ help="The user's first name (default: username)")
+ parser.add_option(
+ "--lastname",
+ action="store",
+ dest="sn",
+ help="The user's last name (default: username)")
+ parser.add_option(
+ "--mail",
+ action="store",
+ dest="mail",
+ help="The user's email address")
+ parser.add_option(
+ "--dry-run",
+ action="store_true",
+ dest="dryRun",
+ help="Dry run mode (no changes)")
(options, args) = parser.parse_args()
if len(args) != 2:
@@ -87,7 +131,14 @@
dn = 'uid=' + username + ',ou=people,' + base
uid = username
- objectClasses = ['person', 'organizationalPerson', 'inetorgperson',
'ldapPublicKey', 'shadowaccount', 'posixaccount', 'top']
+ objectClasses = [
+ 'person',
+ 'organizationalPerson',
+ 'inetorgperson',
+ 'ldapPublicKey',
+ 'shadowaccount',
+ 'posixaccount',
+ 'top']
loginShell = options.loginShell
if options.homeDirectory:
homeDirectory = options.homeDirectory
@@ -96,7 +147,8 @@
if options.uidNumber:
uidNumber = options.uidNumber
if int(uidNumber) < 500:
- sys.stderr.write("Setting uidnumber to less than 500 is not
allowed\n")
+ sys.stderr.write(
+ "Setting uidnumber to less than 500 is not allowed\n")
sys.exit(1)
else:
# Find the next uid
@@ -146,12 +198,18 @@
for key in userEntry.keys():
print "%s -> %s" % (key, userEntry[key])
- userdict = {uid: {"uidNumber": int(uidNumber), "gidNumber":
int(gidNumber), "sshPublicKey": keys}}
+ userdict = {
+ uid: {
+ "uidNumber": int(uidNumber),
+ "gidNumber": int(gidNumber),
+ "sshPublicKey": keys}}
hdm = homedirectorymanager.HomeDirectoryManager()
hdm.dryRun = dryRun
hdm.createHomeDir(userdict)
- except ldap.UNWILLING_TO_PERFORM, msg:
- sys.stderr.write("LDAP was unwilling to create the user. Error was:
%s\n" % msg[0]["info"])
+ except ldap.UNWILLING_TO_PERFORM as msg:
+ sys.stderr.write(
+ "LDAP was unwilling to create the user. Error was: %s\n" %
+ msg[0]["info"])
ds.unbind()
sys.exit(1)
except ldap.TYPE_OR_VALUE_EXISTS:
@@ -166,7 +224,8 @@
sys.exit(1)
except Exception:
try:
- sys.stderr.write("There was a general error, this is unexpected;
see traceback.\n")
+ sys.stderr.write(
+ "There was a general error, this is unexpected; see
traceback.\n")
traceback.print_exc(file=sys.stderr)
ds.unbind()
except Exception:
diff --git a/modules/ldap/files/scripts/change-ldap-passwd
b/modules/ldap/files/scripts/change-ldap-passwd
index 20876f5..e2b2582 100755
--- a/modules/ldap/files/scripts/change-ldap-passwd
+++ b/modules/ldap/files/scripts/change-ldap-passwd
@@ -1,8 +1,8 @@
#!/usr/bin/python
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/ldap/scripts/change-ldap-passwd
+# THIS FILE IS MANAGED BY PUPPET
+# puppet:///modules/ldap/scripts/change-ldap-passwd
#####################################################################
import sys
@@ -28,8 +28,17 @@
ldapSupportLib = ldapsupportlib.LDAPSupportLib()
ldapSupportLib.addParserOptions(parser, "scriptuser")
- parser.add_option("-m", "--directorymanager", action="store_true",
dest="directorymanager", help="Use the Directory Manager's credentials, rather
than your own")
- parser.add_option("--random", action="store_true", dest="random",
help="Choose a random password, and return it.")
+ parser.add_option(
+ "-m",
+ "--directorymanager",
+ action="store_true",
+ dest="directorymanager",
+ help="Use the Directory Manager's credentials, rather than your own")
+ parser.add_option(
+ "--random",
+ action="store_true",
+ dest="random",
+ help="Choose a random password, and return it.")
(options, args) = parser.parse_args()
if len(args) != 1:
@@ -62,12 +71,15 @@
ds.modify_s(dn, mod_attrs)
if options.random:
print newpass
- except ldap.UNWILLING_TO_PERFORM, msg:
- sys.stderr.write("LDAP was unwilling to change the user's password.
Error was: %s\n" % msg[0]["info"])
+ except ldap.UNWILLING_TO_PERFORM as msg:
+ sys.stderr.write(
+ "LDAP was unwilling to change the user's password. Error was:
%s\n" %
+ msg[0]["info"])
ds.unbind()
sys.exit(1)
except ldap.NO_SUCH_OBJECT:
- sys.stderr.write("The user you are trying to modify does not
exists.\n")
+ sys.stderr.write(
+ "The user you are trying to modify does not exists.\n")
ds.unbind()
sys.exit(1)
except ldap.PROTOCOL_ERROR:
@@ -77,7 +89,8 @@
sys.exit(1)
except Exception:
try:
- sys.stderr.write("There was a general error, this is unexpected;
see traceback.\n")
+ sys.stderr.write(
+ "There was a general error, this is unexpected; see
traceback.\n")
traceback.print_exc(file=sys.stderr)
ds.unbind()
except Exception:
diff --git a/modules/ldap/files/scripts/delete-ldap-group
b/modules/ldap/files/scripts/delete-ldap-group
index dca9f59..66f5af2 100755
--- a/modules/ldap/files/scripts/delete-ldap-group
+++ b/modules/ldap/files/scripts/delete-ldap-group
@@ -1,8 +1,8 @@
#!/usr/bin/python
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/ldap/scripts/delete-ldap-group
+# THIS FILE IS MANAGED BY PUPPET
+# puppet:///modules/ldap/scripts/delete-ldap-group
#####################################################################
import sys
@@ -25,7 +25,12 @@
ldapSupportLib = ldapsupportlib.LDAPSupportLib()
ldapSupportLib.addParserOptions(parser, "scriptuser")
- parser.add_option("-m", "--directorymanager", action="store_true",
dest="directorymanager", help="Use the Directory Manager's credentials, rather
than your own")
+ parser.add_option(
+ "-m",
+ "--directorymanager",
+ action="store_true",
+ dest="directorymanager",
+ help="Use the Directory Manager's credentials, rather than your own")
(options, args) = parser.parse_args()
if len(args) != 1:
@@ -42,12 +47,15 @@
groupname = args[0]
dn = 'cn=' + groupname + ',ou=groups,' + base
ds.delete_s(dn)
- except ldap.UNWILLING_TO_PERFORM, msg:
- sys.stderr.write("LDAP was unwilling to delete the group. Error was:
%s\n" % msg[0]["info"])
+ except ldap.UNWILLING_TO_PERFORM as msg:
+ sys.stderr.write(
+ "LDAP was unwilling to delete the group. Error was: %s\n" %
+ msg[0]["info"])
ds.unbind()
sys.exit(1)
except ldap.NO_SUCH_OBJECT:
- sys.stderr.write("The group you are trying to delete does not
exists.\n")
+ sys.stderr.write(
+ "The group you are trying to delete does not exists.\n")
ds.unbind()
sys.exit(1)
except ldap.PROTOCOL_ERROR:
@@ -57,7 +65,8 @@
sys.exit(1)
except Exception:
try:
- sys.stderr.write("There was a general error, this is unexpected;
see traceback.\n")
+ sys.stderr.write(
+ "There was a general error, this is unexpected; see
traceback.\n")
traceback.print_exc(file=sys.stderr)
ds.unbind()
except Exception:
diff --git a/modules/ldap/files/scripts/delete-ldap-user
b/modules/ldap/files/scripts/delete-ldap-user
index 074c3b2..4a33e34 100755
--- a/modules/ldap/files/scripts/delete-ldap-user
+++ b/modules/ldap/files/scripts/delete-ldap-user
@@ -1,8 +1,8 @@
#!/usr/bin/python
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/ldap/scripts/delete-ldap-user
+# THIS FILE IS MANAGED BY PUPPET
+# puppet:///modules/ldap/scripts/delete-ldap-user
#####################################################################
import sys
@@ -26,8 +26,17 @@
ldapSupportLib = ldapsupportlib.LDAPSupportLib()
ldapSupportLib.addParserOptions(parser, "scriptuser")
- parser.add_option("-m", "--directorymanager", action="store_true",
dest="directorymanager", help="Use the Directory Manager's credentials, rather
than your own")
- parser.add_option("--no-delete-home", action="store_true",
dest="nodeletehome", help="Don't delete the user's home directory")
+ parser.add_option(
+ "-m",
+ "--directorymanager",
+ action="store_true",
+ dest="directorymanager",
+ help="Use the Directory Manager's credentials, rather than your own")
+ parser.add_option(
+ "--no-delete-home",
+ action="store_true",
+ dest="nodeletehome",
+ help="Don't delete the user's home directory")
(options, args) = parser.parse_args()
if len(args) != 1:
@@ -48,12 +57,15 @@
if not options.nodeletehome:
hdm = homedirectorymanager.HomeDirectoryManager()
hdm.deleteUser(username)
- except ldap.UNWILLING_TO_PERFORM, msg:
- sys.stderr.write("LDAP was unwilling to delete the user. Error was:
%s\n" % msg[0]["info"])
+ except ldap.UNWILLING_TO_PERFORM as msg:
+ sys.stderr.write(
+ "LDAP was unwilling to delete the user. Error was: %s\n" %
+ msg[0]["info"])
ds.unbind()
sys.exit(1)
except ldap.NO_SUCH_OBJECT:
- sys.stderr.write("The user you are trying to delete does not
exists.\n")
+ sys.stderr.write(
+ "The user you are trying to delete does not exists.\n")
ds.unbind()
sys.exit(1)
except ldap.PROTOCOL_ERROR:
@@ -63,7 +75,8 @@
sys.exit(1)
except Exception:
try:
- sys.stderr.write("There was a general error, this is unexpected;
see traceback.\n")
+ sys.stderr.write(
+ "There was a general error, this is unexpected; see
traceback.\n")
traceback.print_exc(file=sys.stderr)
ds.unbind()
except Exception:
diff --git a/modules/ldap/files/scripts/homedirectorymanager.py
b/modules/ldap/files/scripts/homedirectorymanager.py
index d9148c1..77d2ee2 100755
--- a/modules/ldap/files/scripts/homedirectorymanager.py
+++ b/modules/ldap/files/scripts/homedirectorymanager.py
@@ -1,8 +1,8 @@
#!/usr/bin/python
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/ldap/scripts/homedirectorymanager.py
+# THIS FILE IS MANAGED BY PUPPET
+# puppet:///modules/ldap/scripts/homedirectorymanager.py
#####################################################################
import sys
@@ -64,7 +64,13 @@
self.dryRun = False
- self.updates = {'create': [], 'chgrp': [], 'chown': [], 'rename': [],
'delete': [], 'key': []}
+ self.updates = {
+ 'create': [],
+ 'chgrp': [],
+ 'chown': [],
+ 'rename': [],
+ 'delete': [],
+ 'key': []}
self.UsersData = None
@@ -85,16 +91,33 @@
def run(self):
parser = OptionParser(conflict_handler="resolve")
- parser.set_usage("homedirectorymanager.py [options]\n\nexample:
homedirectorymanager.py --dry-run")
+ parser.set_usage(
+ "homedirectorymanager.py [options]\n\nexample:
homedirectorymanager.py --dry-run")
ldapSupportLib = ldapsupportlib.LDAPSupportLib()
ldapSupportLib.addParserOptions(parser)
- parser.add_option("--dry-run", action="store_true", dest="dryRun",
help="Show what would be done, but don't actually do anything")
- parser.add_option("--basedir", dest="basedir", help="Base directory to
manage home directories (default: /home)")
- parser.add_option("--group", dest="group", help="Only manage home
directories for users in the provided group (default: manage all users)")
- parser.add_option("--loglevel", dest="loglevel", help="Change level of
logging; NONE, INFO, DEBUG (default: INFO)")
- parser.add_option("--logfile", dest="logfile", help="Log file to write
to (default: stdout)")
+ parser.add_option(
+ "--dry-run",
+ action="store_true",
+ dest="dryRun",
+ help="Show what would be done, but don't actually do anything")
+ parser.add_option(
+ "--basedir",
+ dest="basedir",
+ help="Base directory to manage home directories (default: /home)")
+ parser.add_option(
+ "--group",
+ dest="group",
+ help="Only manage home directories for users in the provided group
(default: manage all users)")
+ parser.add_option(
+ "--loglevel",
+ dest="loglevel",
+ help="Change level of logging; NONE, INFO, DEBUG (default: INFO)")
+ parser.add_option(
+ "--logfile",
+ dest="logfile",
+ help="Log file to write to (default: stdout)")
(self.options, args) = parser.parse_args()
self.dryRun = self.options.dryRun
@@ -129,7 +152,10 @@
if self.GroupData:
GroupData = self.GroupData
else:
- GroupData = ds.search_s("ou=groups," + base,
ldap.SCOPE_SUBTREE, "(&(objectclass=posixGroup)(cn=" + self.group + "))")
+ GroupData = ds.search_s(
+ "ou=groups," + base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=posixGroup)(cn=" + self.group + "))")
GroupData = GroupData[0]
try:
groupdns = GroupData[1]['member']
@@ -148,7 +174,8 @@
if dn not in groupdns:
continue
uid = user[1]['uid'][0]
- # uidNumber and gidNumber come back from LDAP as strings, we
need ints here.
+ # uidNumber and gidNumber come back from LDAP as strings, we
+ # need ints here.
uidNumber = int(user[1]['uidNumber'][0])
gidNumber = int(user[1]['gidNumber'][0])
# Not all users have an sshkey, if not continue
@@ -167,19 +194,22 @@
AllUsers[uid]["sshPublicKey"] = sshPublicKey
AllUsers[uid]["modifyTimestamp"] = modifyTimestamp[0]
- #self.changeGid(AllUsers)
- #self.changeUid(AllUsers)
- #self.moveUsers(AllUsers)
+ # self.changeGid(AllUsers)
+ # self.changeUid(AllUsers)
+ # self.moveUsers(AllUsers)
self.updateKeys(AllUsers)
self.createHomeDir(AllUsers)
- except ldap.UNWILLING_TO_PERFORM, msg:
- sys.stderr.write("The search returned an error. Error was: %s\n" %
msg[0]["info"])
+ except ldap.UNWILLING_TO_PERFORM as msg:
+ sys.stderr.write(
+ "The search returned an error. Error was: %s\n" %
+ msg[0]["info"])
ds.unbind()
return 1
except Exception:
try:
- sys.stderr.write("There was a general error, please contact an
administrator via the helpdesk. Please include the following stack trace with
your report:\n")
+ sys.stderr.write(
+ "There was a general error, please contact an
administrator via the helpdesk. Please include the following stack trace with
your report:\n")
traceback.print_exc(file=sys.stderr)
ds.unbind()
except Exception:
@@ -207,15 +237,17 @@
continue
self.updates['create'].append(user)
- self.log("Creating a home directory for %s at %s%s" % (user,
self.basedir, user))
- self.mkdir(self.basedir + user, 0700)
- self.mkdir(self.basedir + user + '/.ssh', 0700)
+ self.log(
+ "Creating a home directory for %s at %s%s" %
+ (user, self.basedir, user))
+ self.mkdir(self.basedir + user, 0o700)
+ self.mkdir(self.basedir + user + '/.ssh', 0o700)
self.writeKeys(user, users[user]['sshPublicKey'])
- self.chmod(self.basedir + user + '/.ssh/authorized_keys', 0600)
+ self.chmod(self.basedir + user + '/.ssh/authorized_keys', 0o600)
for skeldir, skels in self.skelFiles.iteritems():
for skel in skels:
self.copy(skeldir + skel, self.basedir + user + "/")
- self.chmod(self.basedir + user + "/" + skel, 0600)
+ self.chmod(self.basedir + user + "/" + skel, 0o600)
newGid = users[user]['gidNumber']
newUid = users[user]['uidNumber']
self.chown(self.basedir + user, newUid, newGid)
@@ -226,7 +258,9 @@
self.chown(os.path.join(root, name), newUid, newGid)
if alreadyCreated != []:
- self.log("The following users already have a home directory in the
SAVE directory: " + ", ".join(alreadyCreated))
+ self.log(
+ "The following users already have a home directory in the SAVE
directory: " +
+ ", ".join(alreadyCreated))
def fetchKeys(self, location):
keys = []
@@ -255,12 +289,19 @@
# Write a list of keys to the user's authorized_keys file
def writeKeys(self, user, keys):
- self.writeFile(self.basedir + user + '/.ssh/authorized_keys',
"\n".join(keys) + "\n")
+ self.writeFile(
+ self.basedir +
+ user +
+ '/.ssh/authorized_keys',
+ "\n".join(keys) +
+ "\n")
# Moved deleted users to SAVE
def moveUsers(self, users):
for userdir in os.listdir(self.basedir):
- if os.path.isdir(self.basedir + userdir) and userdir not in
self.excludedFromModification:
+ if os.path.isdir(
+ self.basedir +
+ userdir) and userdir not in self.excludedFromModification:
try:
stat = os.stat(self.basedir + userdir)
uidNumber = stat.st_uid
@@ -287,28 +328,45 @@
# User has been deleted, move user's home directory to SAVE
self.updates['delete'].append(userdir)
if os.path.isdir(self.savedir + userdir):
- self.log(userdir + " exists at both " + self.basedir + userdir + "
and " + self.savedir + userdir)
+ self.log(
+ userdir +
+ " exists at both " +
+ self.basedir +
+ userdir +
+ " and " +
+ self.savedir +
+ userdir)
else:
self.rename(self.basedir + userdir, self.savedir + userdir)
# Changes the group ownership of a directory when a user's gid changes
def changeGid(self, users):
for userdir in os.listdir(self.basedir):
- if not os.path.isdir(self.basedir + userdir) or userdir in
self.excludedFromModification:
+ if not os.path.isdir(
+ self.basedir +
+ userdir) or userdir in self.excludedFromModification:
continue
stat = os.stat(self.basedir + userdir)
gid = stat.st_gid
- if userdir not in users.keys() or users[userdir]["gidNumber"] ==
gid:
+ if userdir not in users.keys() or users[userdir][
+ "gidNumber"] == gid:
continue
newGid = users[userdir]["gidNumber"]
self.updates['chgrp'].append(userdir)
- self.log("Changing group ownership of %s%s to %s; was set to %s" %
(self.basedir, userdir, newGid, gid))
+ self.log(
+ "Changing group ownership of %s%s to %s; was set to %s" %
+ (self.basedir, userdir, newGid, gid))
# Python doesn't have a recursive chown, so we have to walk the
directory
# and change everything manually
- self.logDebug("Doing chgrp for: " + self.basedir + userdir + "
with gid: " + str(gid))
+ self.logDebug(
+ "Doing chgrp for: " +
+ self.basedir +
+ userdir +
+ " with gid: " +
+ str(gid))
self.chown(self.basedir + userdir, -1, newGid)
for root, dirs, files in os.walk(self.basedir + userdir):
for name in files:
@@ -319,17 +377,22 @@
# Changes the ownership of a directory when a user's uid changes
def changeUid(self, users):
for userdir in os.listdir(self.basedir):
- if not os.path.isdir(self.basedir + userdir) or userdir in
self.excludedFromModification:
+ if not os.path.isdir(
+ self.basedir +
+ userdir) or userdir in self.excludedFromModification:
continue
stat = os.stat(self.basedir + userdir)
uid = stat.st_uid
- if userdir not in users.keys() or users[userdir]["uidNumber"] ==
uid:
+ if userdir not in users.keys() or users[userdir][
+ "uidNumber"] == uid:
continue
newUid = users[userdir]["uidNumber"]
self.updates['chown'].append(userdir)
- self.log("Changing ownership of %s%s to %s; was set to %s" %
(self.basedir, userdir, newUid, uid))
+ self.log(
+ "Changing ownership of %s%s to %s; was set to %s" %
+ (self.basedir, userdir, newUid, uid))
# Python doesn't have a recursive chown, so we have to walk the
directory
# and change everything manually
self.chown(self.basedir + userdir, newUid, -1)
@@ -341,7 +404,9 @@
def updateKeys(self, users):
for userdir in os.listdir(self.basedir):
- if not os.path.isdir(self.basedir + userdir) or userdir in
self.excludedFromModification:
+ if not os.path.isdir(
+ self.basedir +
+ userdir) or userdir in self.excludedFromModification:
continue
if userdir not in users.keys():
continue
@@ -350,19 +415,24 @@
mtime = stat.st_mtime
d_mtime = datetime.datetime.utcfromtimestamp(mtime)
d_ldap_mtime = users[userdir]["modifyTimestamp"]
- d_ldap_mtime = datetime.datetime.strptime(d_ldap_mtime[0:-1],
"%Y%m%d%H%M%S")
+ d_ldap_mtime = datetime.datetime.strptime(
+ d_ldap_mtime[0:-1], "%Y%m%d%H%M%S")
if d_ldap_mtime != d_mtime:
# Either the user's entry has been updated, or someone
# has been manually mucking with the keys, either way
# let's overwrite them
self.writeKeys(userdir, users[userdir]['sshPublicKey'])
self.updates['key'].append(userdir)
- self.log("Updating keys for %s at %s" % (userdir, self.basedir
+ userdir))
- os.utime(self.basedir + userdir + "/.ssh/authorized_keys",
(atime, time.mktime(d_ldap_mtime.timetuple())))
+ self.log(
+ "Updating keys for %s at %s" %
+ (userdir, self.basedir + userdir))
+ os.utime(self.basedir + userdir + "/.ssh/authorized_keys",
+ (atime, time.mktime(d_ldap_mtime.timetuple())))
def log(self, logstring):
if self.loglevel >= INFO:
- log = datetime.datetime.now().strftime("%m/%d/%Y - %H:%M:%S - ") +
logstring + "\n"
+ log = datetime.datetime.now().strftime(
+ "%m/%d/%Y - %H:%M:%S - ") + logstring + "\n"
if self.logfile:
lf = open(self.logfile, 'a')
lf.write(log)
@@ -371,23 +441,42 @@
print log
def log_project(self, user, update_type, project_list):
- self.updates = {'create': [], 'chgrp': [], 'chown': [], 'rename': [],
'delete': [], 'keys': []}
+ self.updates = {
+ 'create': [],
+ 'chgrp': [],
+ 'chown': [],
+ 'rename': [],
+ 'delete': [],
+ 'keys': []}
if update_type == 'create':
- self.log("Created a home directory for %s in project(s): %s" %
(user, ','.join(project_list)))
+ self.log(
+ "Created a home directory for %s in project(s): %s" %
+ (user, ','.join(project_list)))
if update_type == 'key':
- self.log("User %s may have been modified in LDAP or locally,
updating key in project(s): %s" % (user, ','.join(project_list)))
+ self.log(
+ "User %s may have been modified in LDAP or locally, updating
key in project(s): %s" %
+ (user, ','.join(project_list)))
if update_type == 'delete':
- self.log("Deleting home directory for %s in project(s): %s" %
(user, ','.join(project_list)))
+ self.log(
+ "Deleting home directory for %s in project(s): %s" %
+ (user, ','.join(project_list)))
if update_type == 'chown':
- self.log("User %s has a new uid, changing ownership in project(s):
%s" % (user, ','.join(project_list)))
+ self.log(
+ "User %s has a new uid, changing ownership in project(s): %s" %
+ (user, ','.join(project_list)))
if update_type == 'chgrp':
- self.log("User %s has a new gid, changing ownership in project(s):
%s" % (user, ','.join(project_list)))
+ self.log(
+ "User %s has a new gid, changing ownership in project(s): %s" %
+ (user, ','.join(project_list)))
if update_type == 'rename':
- self.log("User %s has been renamed, moving home directory in
project(s): %s" % (user, ','.join(project_list)))
+ self.log(
+ "User %s has been renamed, moving home directory in
project(s): %s" %
+ (user, ','.join(project_list)))
def logDebug(self, logstring):
if self.loglevel >= DEBUG:
- log = datetime.datetime.now().strftime("%m/%d/%Y - %H:%M:%S - ") +
"(Debug) " + logstring + "\n"
+ log = datetime.datetime.now().strftime("%m/%d/%Y - %H:%M:%S - ") +
\
+ "(Debug) " + logstring + "\n"
if self.logfile:
lf = open(self.logfile, 'a')
lf.write(log)
diff --git a/modules/ldap/files/scripts/ldaplist
b/modules/ldap/files/scripts/ldaplist
index 54b349a..a308805 100755
--- a/modules/ldap/files/scripts/ldaplist
+++ b/modules/ldap/files/scripts/ldaplist
@@ -1,8 +1,8 @@
#!/usr/bin/python
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/ldap/scripts/ldaplist
+# THIS FILE IS MANAGED BY PUPPET
+# puppet:///modules/ldap/scripts/ldaplist
#####################################################################
import ldapsupportlib
@@ -10,7 +10,6 @@
import re
from signal import signal, SIGPIPE, SIG_DFL
import sys
-import traceback
try:
import ldap
@@ -21,22 +20,58 @@
# Avoid "IOError: [Errno 32] Broken pipe" when piping to head & Co.
signal(SIGPIPE, SIG_DFL)
+
def main():
"An application that implements the functionality of Solaris's ldaplist."
parser = OptionParser(conflict_handler="resolve")
- parser.set_usage("ldaplist [options] [database] [object-name]\n\nexample:
ldaplist -l passwd ldap_user")
+ parser.set_usage(
+ "ldaplist [options] [database] [object-name]\n\n"
+ "example: ldaplist -l passwd ldap_user")
ldapSupportLib = ldapsupportlib.LDAPSupportLib()
ldapSupportLib.addParserOptions(parser)
- parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
help="Show the database and search filter used for this search")
- parser.add_option("-l", "--longlisting", action="store_true",
dest="longlisting", help="List all the attributes for each entry matching the
search criteria. By default, ldaplist lists only the Distinguished Name of the
entries found.")
- parser.add_option("-h", action="store_true", dest="helpme", help="Show
available databases to search")
- parser.add_option("-d", "--showdatabase", action="store_true",
dest="showdatabase", help="Show the base dn being used for this database")
- parser.add_option("-a", "--showattributes", dest="showattributes",
help="Show the given attributes")
- parser.add_option("-r", "--recursive", action="store_true",
dest="recursive", help="Recurse netgroups")
- parser.add_option("--like", action="store_true", dest="like", help="Search
for objects that equal or sound like [object-name]")
+ parser.add_option(
+ "-v",
+ "--verbose",
+ action="store_true",
+ dest="verbose",
+ help="Show the database and search filter used for this search")
+ parser.add_option(
+ "-l",
+ "--longlisting",
+ action="store_true",
+ dest="longlisting",
+ help="List all the attributes for each entry matching the search
criteria. "
+ "By default, ldaplist lists only the Distinguished Name of the
entries found.")
+ parser.add_option(
+ "-h",
+ action="store_true",
+ dest="helpme",
+ help="Show available databases to search")
+ parser.add_option(
+ "-d",
+ "--showdatabase",
+ action="store_true",
+ dest="showdatabase",
+ help="Show the base dn being used for this database")
+ parser.add_option(
+ "-a",
+ "--showattributes",
+ dest="showattributes",
+ help="Show the given attributes")
+ parser.add_option(
+ "-r",
+ "--recursive",
+ action="store_true",
+ dest="recursive",
+ help="Recurse netgroups")
+ parser.add_option(
+ "--like",
+ action="store_true",
+ dest="like",
+ help="Search for objects that equal or sound like [object-name]")
(options, args) = parser.parse_args()
ldapSupportLib.setBindInfoByOptions(options, parser)
@@ -86,13 +121,15 @@
print 'database'.ljust(17) + 'default type'.ljust(20) + 'objectclass'
print '============='.ljust(17) + '================='.ljust(20) +
'============='
- for a, b, c in zip(objectbasedns.keys(), objectdefaulttypes.values(),
objectobjectclasses.values()):
+ for a, b, c in zip(
+ objectbasedns.keys(), objectdefaulttypes.values(),
objectobjectclasses.values()):
print '%s%s%s' % (a.ljust(17), b.ljust(20), c)
sys.exit()
if len(args) >= 1:
if args[0].find('auto_') != -1:
- objectbasedns["auto_*"] =
objectbasedns["auto_*"].replace("auto_AUTO", args[0])
+ objectbasedns[
+ "auto_*"] = objectbasedns["auto_*"].replace("auto_AUTO",
args[0])
searchkeysave = args[0]
args[0] = "auto_*"
if args[0] in objectbasedns:
@@ -110,7 +147,7 @@
first = False
else:
searchkey = searchkey + " " + key
- #elif args[0] == "auto_*":
+ # elif args[0] == "auto_*":
#searchkey = searchkeysave
else:
searchkey = "*"
@@ -129,7 +166,8 @@
if database == "uids":
options.like = True
if options.showattributes is not None:
- options.showattributes = options.showattributes + " cn uid
departmentNumber employeeType seeAlso"
+ options.showattributes = options.showattributes + \
+ " cn uid departmentNumber employeeType seeAlso"
else:
options.showattributes = "cn uid departmentNumber employeeType
seeAlso"
options.longlisting = True
@@ -148,20 +186,32 @@
attributes = options.showattributes
print "+++ database=" + database
print "+++ filter=(&(objectclass=" + objectclass + ")(" +
attribute + searchoperator + searchkey + ")) " + attributes
- PosixData = ds.search_s(base, ldap.SCOPE_SUBTREE,
- "(&(objectclass=" + objectclass + ")(" +
attribute + searchoperator + searchkey + "))",
- attrlist)
+ PosixData = ds.search_s(
+ base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=" +
+ objectclass +
+ ")(" +
+ attribute +
+ searchoperator +
+ searchkey +
+ "))",
+ attrlist)
else:
if options.verbose:
print "(objectclass=" + objectclass + ")"
PosixData = ds.search_s(base, ldap.SCOPE_SUBTREE,
"(objectclass=" + objectclass + ")")
except ldap.NO_SUCH_OBJECT:
- sys.stderr.write("Object not found. If you are trying to use * in your
search, make sure that you wrap your string in single quotes to avoid shell
expansion.\n")
+ sys.stderr.write(
+ "Object not found. If you are trying to use * in your search, "
+ "make sure that you wrap your string in single quotes to avoid
shell expansion.\n")
ds.unbind()
sys.exit(1)
except ldap.PROTOCOL_ERROR:
- sys.stderr.write("The search returned a protocol error, this shouldn't
ever happen, please submit a trouble ticket.\n")
+ sys.stderr.write(
+ "The search returned a protocol error, this shouldn't ever happen,
"
+ "please submit a trouble ticket.\n")
ds.unbind()
sys.exit(1)
except Exception:
@@ -221,7 +271,8 @@
print objectbasedns["base"]
else:
if args[0].find('auto_') != -1:
- objectbasedns["auto_*"] =
objectbasedns["auto_*"].replace("auto_AUTO", args[0])
+ objectbasedns[
+ "auto_*"] = objectbasedns["auto_*"].replace("auto_AUTO",
args[0])
args[0] = "auto_*"
if args[0] in objectbasedns:
print objectbasedns[args[0]]
@@ -234,23 +285,27 @@
if members_array == []:
return triples
- # members_array is the total list of netgroup members from the previous
search.
+ # members_array is the total list of netgroup members from the previous
+ # search.
for member in members_array:
if member in oldmembers:
# ensure we don't follow infinite recursion loops
members_array.remove(member)
continue
else:
- # add this member to the oldmembers list to avoid infinite
recursion loops
+ # add this member to the oldmembers list to avoid infinite
+ # recursion loops
oldmembers.extend(member)
# we need to remove the member to avoid infinite recursion
members_array.remove(member)
- # get the triples and members for this member, and add them to the
current members list
- PosixData = ds.search_s(base,
- ldap.SCOPE_SUBTREE,
- "(&(objectclass=nisNetgroup)(cn=" + member +
"))")
+ # get the triples and members for this member, and add them to the
+ # current members list
+ PosixData = ds.search_s(
+ base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=nisNetgroup)(cn=" + member + "))")
for data in PosixData:
if 'nisNetgroupTriple' in data[1]:
triples.extend(data[1]['nisNetgroupTriple'])
diff --git a/modules/ldap/files/scripts/ldapsupportlib.py
b/modules/ldap/files/scripts/ldapsupportlib.py
index de17199..fe542d4 100644
--- a/modules/ldap/files/scripts/ldapsupportlib.py
+++ b/modules/ldap/files/scripts/ldapsupportlib.py
@@ -1,8 +1,8 @@
#!/usr/bin/python
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/ldap/scripts/ldapsupportlib.py
+# THIS FILE IS MANAGED BY PUPPET
+# puppet:///modules/ldap/scripts/ldapsupportlib.py
#####################################################################
import os
@@ -30,10 +30,29 @@
self.defaults = {}
def addParserOptions(self, parser, default="proxy"):
- parser.add_option("-s", "--self", action="store_true", dest="useself",
help="Use your credentials")
- parser.add_option("-D", "--bindas", action="store", dest="bindas",
help="Specify user to bind as")
- parser.add_option("-m", "--directorymanager", action="store_true",
dest="directorymanager", help="Use the Directory Manager's credentials")
- parser.add_option("--scriptuser", action="store_true",
dest="scriptuser", help="Use the scriptusers' credentials")
+ parser.add_option(
+ "-s",
+ "--self",
+ action="store_true",
+ dest="useself",
+ help="Use your credentials")
+ parser.add_option(
+ "-D",
+ "--bindas",
+ action="store",
+ dest="bindas",
+ help="Specify user to bind as")
+ parser.add_option(
+ "-m",
+ "--directorymanager",
+ action="store_true",
+ dest="directorymanager",
+ help="Use the Directory Manager's credentials")
+ parser.add_option(
+ "--scriptuser",
+ action="store_true",
+ dest="scriptuser",
+ help="Use the scriptusers' credentials")
self.defaults['authuser'] = "proxy"
if (default == "user"):
self.defaults['authuser'] = "user"
@@ -43,7 +62,13 @@
self.defaults['authuser'] = "scriptuser"
def getUsers(self, ds, username):
- PosixData = ds.search_s("ou=people," + self.base, ldap.SCOPE_SUBTREE,
"(&(objectclass=inetOrgPerson)(uid=" + username + "))", attrlist=['*', '+'])
+ PosixData = ds.search_s(
+ "ou=people," + self.base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=inetOrgPerson)(uid=" + username + "))",
+ attrlist=[
+ '*',
+ '+'])
return PosixData
def getKeys(self, ds, username):
@@ -68,7 +93,8 @@
if self.defaults['authuser'] == "scriptuser":
options.scriptuser = True
if options.useself:
- self.binddn = "uid=" + os.environ['USER'] + ",ou=people," +
self.base
+ self.binddn = "uid=" + \
+ os.environ['USER'] + ",ou=people," + self.base
self.bindpw = getpass.getpass()
elif options.directorymanager:
self.binddn = "cn=Directory Manager"
@@ -114,7 +140,9 @@
if self.sslType == "start_tls":
ds.start_tls_s()
except Exception:
- sys.stderr.write("Unable to connect to LDAP host: %s\n" %
self.ldapHost)
+ sys.stderr.write(
+ "Unable to connect to LDAP host: %s\n" %
+ self.ldapHost)
traceback.print_exc(file=sys.stderr)
sys.exit(1)
@@ -122,7 +150,8 @@
ds.simple_bind_s(self.binddn, self.bindpw)
return ds
except ldap.CONSTRAINT_VIOLATION:
- sys.stderr.write("You typed your password incorrectly too many
times, and are now locked out. Please try again later.\n")
+ sys.stderr.write(
+ "You typed your password incorrectly too many times, and are
now locked out. Please try again later.\n")
sys.exit(1)
except ldap.INVALID_DN_SYNTAX:
sys.stderr.write("The bind DN is incorrect... \n")
@@ -130,10 +159,12 @@
except ldap.NO_SUCH_OBJECT:
sys.stderr.write("Unable to locate the bind DN account.\n")
sys.exit(1)
- except ldap.UNWILLING_TO_PERFORM, msg:
- sys.stderr.write("The LDAP server was unwilling to perform the
action requested.\nError was: %s\n" % msg[0]["info"])
+ except ldap.UNWILLING_TO_PERFORM as msg:
+ sys.stderr.write(
+ "The LDAP server was unwilling to perform the action
requested.\nError was: %s\n" %
+ msg[0]["info"])
sys.exit(1)
except ldap.INVALID_CREDENTIALS:
sys.stderr.write("Password incorrect.\n")
- #traceback.print_exc(file=sys.stderr)
+ # traceback.print_exc(file=sys.stderr)
sys.exit(1)
diff --git a/modules/ldap/files/scripts/modify-ldap-group
b/modules/ldap/files/scripts/modify-ldap-group
index 6c7978d..c32b094 100755
--- a/modules/ldap/files/scripts/modify-ldap-group
+++ b/modules/ldap/files/scripts/modify-ldap-group
@@ -1,8 +1,8 @@
#!/usr/bin/python
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/ldap/scripts/modify-ldap-group
+# THIS FILE IS MANAGED BY PUPPET
+# puppet:///modules/ldap/scripts/modify-ldap-group
#####################################################################
import sys
@@ -22,23 +22,47 @@
def main():
parser = OptionParser(conflict_handler="resolve")
- parser.set_usage('modify-ldap-group [options] <groupname> [--rename
<newusergroup>]\nexample: modify-ldap-group --gid=501 wikidev')
+ parser.set_usage(
+ 'modify-ldap-group [options] <groupname> [--rename
<newusergroup>]\nexample: modify-ldap-group --gid=501 wikidev')
ldapSupportLib = ldapsupportlib.LDAPSupportLib()
ldapSupportLib.addParserOptions(parser, "scriptuser")
- parser.add_option("-m", "--directorymanager", action="store_true",
dest="directorymanager", help="Use the Directory Manager's credentials, rather
than your own")
- parser.add_option("--gid", action="store", dest="gidNumber", help="Set the
group's gid")
- parser.add_option("--rename", action="store_true", dest="rename",
help="Rename the user")
- parser.add_option("--addmembers", action="store", dest="addMembers",
help="Add a comma separated list of users to this group")
- parser.add_option("--deletemembers", action="store", dest="deleteMembers",
help="Delete a comma separated list of users from this")
+ parser.add_option(
+ "-m",
+ "--directorymanager",
+ action="store_true",
+ dest="directorymanager",
+ help="Use the Directory Manager's credentials, rather than your own")
+ parser.add_option(
+ "--gid",
+ action="store",
+ dest="gidNumber",
+ help="Set the group's gid")
+ parser.add_option(
+ "--rename",
+ action="store_true",
+ dest="rename",
+ help="Rename the user")
+ parser.add_option(
+ "--addmembers",
+ action="store",
+ dest="addMembers",
+ help="Add a comma separated list of users to this group")
+ parser.add_option(
+ "--deletemembers",
+ action="store",
+ dest="deleteMembers",
+ help="Delete a comma separated list of users from this")
(options, args) = parser.parse_args()
if len(args) != 1:
if options.rename and len(args) != 2:
- parser.error("modify-ldap-group expects exactly two arguments when
using rename.")
+ parser.error(
+ "modify-ldap-group expects exactly two arguments when using
rename.")
elif not options.rename:
- parser.error("modify-ldap-group expects exactly one argument,
unless using --rename.")
+ parser.error(
+ "modify-ldap-group expects exactly one argument, unless using
--rename.")
ldapSupportLib.setBindInfoByOptions(options, parser)
@@ -49,7 +73,10 @@
# w00t We're in!
try:
groupname = args[0]
- PosixData = ds.search_s("ou=groups," + base, ldap.SCOPE_SUBTREE,
"(&(objectclass=posixGroup)(cn=" + groupname + "))")
+ PosixData = ds.search_s(
+ "ou=groups," + base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=posixGroup)(cn=" + groupname + "))")
if not PosixData:
raise ldap.NO_SUCH_OBJECT()
dn = PosixData[0][0]
@@ -73,21 +100,28 @@
raw_members = options.addMembers.split(',')
for raw_member in raw_members:
try:
- user=ds.search_s("ou=people," + base,
ldap.SCOPE_SUBTREE, "uid=%s" % raw_member, ("dn",))
+ user = ds.search_s(
+ "ou=people," + base, ldap.SCOPE_SUBTREE, "uid=%s" %
+ raw_member, ("dn",))
if len(user) == 0:
- sys.stderr.write(raw_member + " doesn't exist, and
won't be added to the group.\n")
+ sys.stderr.write(
+ raw_member + " doesn't exist, and won't be
added to the group.\n")
return
if len(user) > 1:
- sys.stderr.write(raw_member + " exist multiple
times, this is so wrong, abandon all hope\n")
+ sys.stderr.write(
+ raw_member + " exist multiple times, this is
so wrong, abandon all hope\n")
return
except Exception as e:
- sys.stderr.write("Failed to search user in LDAP.
Error: %s\n" % str(e))
+ sys.stderr.write(
+ "Failed to search user in LDAP. Error: %s\n" %
+ str(e))
raise e
membertoadd = user[0][0]
# member expects DNs
if 'member' in NewPosixData.keys():
if membertoadd in NewPosixData['member']:
- sys.stderr.write(raw_member + " is already a
member of the group, skipping.\n")
+ sys.stderr.write(
+ raw_member + " is already a member of the
group, skipping.\n")
else:
NewPosixData['member'].append(membertoadd)
else:
@@ -100,17 +134,20 @@
if membertoremove in NewPosixData['member']:
NewPosixData['member'].remove(membertoremove)
else:
- sys.stderr.write(raw_member + " isn't a
member of the group, skipping.\n")
+ sys.stderr.write(
+ raw_member + " isn't a member of the group,
skipping.\n")
else:
- sys.stderr.write("This group contains no
members.\n")
+ sys.stderr.write("This group contains no members.\n")
if PosixData == NewPosixData:
sys.stderr.write("No changes to make; exiting.\n")
else:
modlist = ldap.modlist.modifyModlist(PosixData, NewPosixData)
ds.modify_s(dn, modlist)
- except ldap.UNWILLING_TO_PERFORM, msg:
- sys.stderr.write("LDAP was unwilling to modify the group. Error was:
%s\n" % msg[0]["info"])
+ except ldap.UNWILLING_TO_PERFORM as msg:
+ sys.stderr.write(
+ "LDAP was unwilling to modify the group. Error was: %s\n" %
+ msg[0]["info"])
ds.unbind()
sys.exit(1)
except ldap.NO_SUCH_OBJECT:
@@ -128,7 +165,8 @@
sys.exit(1)
except Exception:
try:
- sys.stderr.write("There was a general error, this is unexpected;
see traceback.\n")
+ sys.stderr.write(
+ "There was a general error, this is unexpected; see
traceback.\n")
traceback.print_exc(file=sys.stderr)
ds.unbind()
except Exception:
diff --git a/modules/ldap/files/scripts/modify-ldap-user
b/modules/ldap/files/scripts/modify-ldap-user
index f10fef4..2b5370e 100755
--- a/modules/ldap/files/scripts/modify-ldap-user
+++ b/modules/ldap/files/scripts/modify-ldap-user
@@ -1,8 +1,8 @@
#!/usr/bin/python
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/ldap/scripts/modify-ldap-user
+# THIS FILE IS MANAGED BY PUPPET
+# puppet:///modules/ldap/scripts/modify-ldap-user
#####################################################################
import sys
@@ -22,29 +22,74 @@
def main():
parser = OptionParser(conflict_handler="resolve")
- parser.set_usage('modify-ldap-user [options] <username> [--rename
<newusername>]\nexample: modify-ldap-user
--replacekeys=http://ryandlane.com/static/pubkey.key laner')
+ parser.set_usage(
+ 'modify-ldap-user [options] <username> [--rename
<newusername>]\nexample: modify-ldap-user
--replacekeys=http://ryandlane.com/static/pubkey.key laner')
ldapSupportLib = ldapsupportlib.LDAPSupportLib()
ldapSupportLib.addParserOptions(parser, "scriptuser")
- parser.add_option("-m", "--directorymanager", action="store_true",
dest="directorymanager", help="Use the Directory Manager's credentials, rather
than your own")
- parser.add_option("--shell", action="store", dest="loginShell", help="Set
the user's shell")
- parser.add_option("--gid", action="store", dest="gidNumber", help="Set the
user's gid")
- parser.add_option("--uid", action="store", dest="uidNumber", help="Set the
user's uid")
- parser.add_option("--cn", action="store", dest="cn", help="Set the user's
CN")
- parser.add_option("--mail", action="store", dest="mail", help="Set the
user's email address")
- parser.add_option("--firstname", action="store", dest="givenName",
help="Set the user's first name")
- parser.add_option("--lastname", action="store", dest="sn", help="Set the
user's last name")
- parser.add_option("--replacekeys", action="store",
dest="replaceKeyLocation", help="Replaces all of the user's keys")
- parser.add_option("--addkeys", action="store", dest="addKeyLocation",
help="Adds keys to the user's entry")
- parser.add_option("--rename", action="store_true", dest="rename",
help="Rename the user")
+ parser.add_option(
+ "-m",
+ "--directorymanager",
+ action="store_true",
+ dest="directorymanager",
+ help="Use the Directory Manager's credentials, rather than your own")
+ parser.add_option(
+ "--shell",
+ action="store",
+ dest="loginShell",
+ help="Set the user's shell")
+ parser.add_option(
+ "--gid",
+ action="store",
+ dest="gidNumber",
+ help="Set the user's gid")
+ parser.add_option(
+ "--uid",
+ action="store",
+ dest="uidNumber",
+ help="Set the user's uid")
+ parser.add_option(
+ "--cn",
+ action="store",
+ dest="cn",
+ help="Set the user's CN")
+ parser.add_option("--mail", action="store", dest="mail",
+ help="Set the user's email address")
+ parser.add_option(
+ "--firstname",
+ action="store",
+ dest="givenName",
+ help="Set the user's first name")
+ parser.add_option(
+ "--lastname",
+ action="store",
+ dest="sn",
+ help="Set the user's last name")
+ parser.add_option(
+ "--replacekeys",
+ action="store",
+ dest="replaceKeyLocation",
+ help="Replaces all of the user's keys")
+ parser.add_option(
+ "--addkeys",
+ action="store",
+ dest="addKeyLocation",
+ help="Adds keys to the user's entry")
+ parser.add_option(
+ "--rename",
+ action="store_true",
+ dest="rename",
+ help="Rename the user")
(options, args) = parser.parse_args()
if len(args) != 1:
if options.rename and len(args) != 2:
- parser.error("modify-ldap-user expects exactly two arguments when
using rename.")
+ parser.error(
+ "modify-ldap-user expects exactly two arguments when using
rename.")
elif not options.rename:
- parser.error("modify-ldap-user expects exactly one argument,
unless using --rename.")
+ parser.error(
+ "modify-ldap-user expects exactly one argument, unless using
--rename.")
ldapSupportLib.setBindInfoByOptions(options, parser)
@@ -55,7 +100,10 @@
# w00t We're in!
try:
username = args[0]
- PosixData = ds.search_s("ou=people," + base, ldap.SCOPE_SUBTREE,
"(&(objectclass=inetOrgPerson)(uid=" + username + "))")
+ PosixData = ds.search_s(
+ "ou=people," + base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=inetOrgPerson)(uid=" + username + "))")
if not PosixData:
raise ldap.NO_SUCH_OBJECT()
dn = PosixData[0][0]
@@ -64,7 +112,8 @@
if options.rename:
newusername = args[1]
if newusername == "root":
- sys.stderr.write("You are not allowed to rename a user to
root.\n")
+ sys.stderr.write(
+ "You are not allowed to rename a user to root.\n")
sys.exit(1)
# Rename the entry
@@ -72,7 +121,10 @@
ds.rename_s(dn, newrdn)
# Fix the user's home directory
- PosixData = ds.search_s("ou=people," + base, ldap.SCOPE_SUBTREE,
"(&(objectclass=inetOrgPerson)(uid=" + newusername + "))")
+ PosixData = ds.search_s(
+ "ou=people," + base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=inetOrgPerson)(uid=" + newusername + "))")
dn = PosixData[0][0]
PosixData = PosixData[0][1]
NewPosixData = copy.deepcopy(PosixData)
@@ -91,12 +143,14 @@
if options.addKeyLocation:
keys = hdm.fetchKeys(options.addKeyLocation)
NewPosixData['sshPublicKey'].extend(keys)
- NewPosixData['sshPublicKey'] =
hdm.uniqueKeys(NewPosixData['sshPublicKey'])
+ NewPosixData['sshPublicKey'] = hdm.uniqueKeys(
+ NewPosixData['sshPublicKey'])
if options.loginShell:
NewPosixData['loginShell'] = options.loginShell
if options.uidNumber:
if int(options.uidNumber) < 500:
- sys.stderr.write("Setting uid to less than 500 is not
allowed.\n")
+ sys.stderr.write(
+ "Setting uid to less than 500 is not allowed.\n")
sys.exit(1)
NewPosixData['uidNumber'] = options.uidNumber
if options.gidNumber:
@@ -119,8 +173,10 @@
if options.replaceKeyLocation or options.addKeyLocation:
# Update the keys
hdm.writeKeys(username, NewPosixData['sshPublicKey'])
- except ldap.UNWILLING_TO_PERFORM, msg:
- sys.stderr.write("LDAP was unwilling to create the user. Error was:
%s\n" % msg[0]["info"])
+ except ldap.UNWILLING_TO_PERFORM as msg:
+ sys.stderr.write(
+ "LDAP was unwilling to create the user. Error was: %s\n" %
+ msg[0]["info"])
ds.unbind()
sys.exit(1)
except ldap.NO_SUCH_OBJECT:
@@ -134,7 +190,8 @@
sys.exit(1)
except Exception:
try:
- sys.stderr.write("There was a general error, this is unexpected;
see traceback.\n")
+ sys.stderr.write(
+ "There was a general error, this is unexpected; see
traceback.\n")
traceback.print_exc(file=sys.stderr)
ds.unbind()
except Exception:
diff --git a/modules/ldap/files/scripts/netgroup-mod
b/modules/ldap/files/scripts/netgroup-mod
index f5bba6c..3cd1397 100755
--- a/modules/ldap/files/scripts/netgroup-mod
+++ b/modules/ldap/files/scripts/netgroup-mod
@@ -1,8 +1,8 @@
#!/usr/bin/python
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/ldap/scripts/netgroup-mod
+# THIS FILE IS MANAGED BY PUPPET
+# puppet:///modules/ldap/scripts/netgroup-mod
#####################################################################
import sys
@@ -23,22 +23,70 @@
def main():
parser = OptionParser(conflict_handler="resolve")
- parser.set_usage('netgroup-mod [options] netgroup-name [host|-u user]
[-f|--file filename]\n\nexample: netgroup-mod "test-ng"
"fenari.wikimedia.org"\nexample: netgroup-mod "test-ng" -f test.file')
+ parser.set_usage(
+ 'netgroup-mod [options] netgroup-name [host|-u user] [-f|--file
filename]\n\nexample: netgroup-mod "test-ng" "fenari.wikimedia.org"\nexample:
netgroup-mod "test-ng" -f test.file')
ldapSupportLib = ldapsupportlib.LDAPSupportLib()
ldapSupportLib.addParserOptions(parser, "scriptuser")
- parser.add_option("-m", "--directorymanager", action="store_true",
dest="directorymanager", help="Use the Directory Manager's credentials, rather
than your own")
- parser.add_option("-u", "--user", action="store_true", dest="user",
help="Modify a user netgroup instead of a host netgroup.")
- parser.add_option("--add", action="store_true", dest="addentry", help="Add
new netgroup")
- parser.add_option("--delete", action="store_true", dest="deleteentry",
help="Delete a netgroup")
- parser.add_option("-h", action="store_true", dest="hosts", help="Show
available hosts")
- parser.add_option("-n", action="store_true", dest="netgroups", help="Show
available netgroups (notice you may not be able to add hosts to some netgroups
shown). This option will show all available netgroups unless the additional
non-exclusive flags are used.")
- parser.add_option("--showhost", action="store_true", dest="showhost",
help="Show ou=host netgroups (used with -n)")
- parser.add_option("--showshare", action="store_true", dest="showshares",
help="Show ou=shares netgroups (used with -n)")
- parser.add_option("--showuser", action="store_true", dest="showuser",
help="Show ou=user netgroups (used with -n)")
- parser.add_option("-d", action="store_true", dest="delete", help="Remove
provided host/user from provided netgroup")
- parser.add_option("-f", "--file", dest="file", help="Add hosts provided
from the following file. The file should have one IP address or hostname per
line. IP addresses that are not in DNS will be ignored (you will be informed
though).", metavar="FILE")
+ parser.add_option(
+ "-m",
+ "--directorymanager",
+ action="store_true",
+ dest="directorymanager",
+ help="Use the Directory Manager's credentials, rather than your own")
+ parser.add_option(
+ "-u",
+ "--user",
+ action="store_true",
+ dest="user",
+ help="Modify a user netgroup instead of a host netgroup.")
+ parser.add_option(
+ "--add",
+ action="store_true",
+ dest="addentry",
+ help="Add new netgroup")
+ parser.add_option(
+ "--delete",
+ action="store_true",
+ dest="deleteentry",
+ help="Delete a netgroup")
+ parser.add_option(
+ "-h",
+ action="store_true",
+ dest="hosts",
+ help="Show available hosts")
+ parser.add_option(
+ "-n",
+ action="store_true",
+ dest="netgroups",
+ help="Show available netgroups (notice you may not be able to add
hosts to some netgroups shown). This option will show all available netgroups
unless the additional non-exclusive flags are used.")
+ parser.add_option(
+ "--showhost",
+ action="store_true",
+ dest="showhost",
+ help="Show ou=host netgroups (used with -n)")
+ parser.add_option(
+ "--showshare",
+ action="store_true",
+ dest="showshares",
+ help="Show ou=shares netgroups (used with -n)")
+ parser.add_option(
+ "--showuser",
+ action="store_true",
+ dest="showuser",
+ help="Show ou=user netgroups (used with -n)")
+ parser.add_option(
+ "-d",
+ action="store_true",
+ dest="delete",
+ help="Remove provided host/user from provided netgroup")
+ parser.add_option(
+ "-f",
+ "--file",
+ dest="file",
+ help="Add hosts provided from the following file. The file should have
one IP address or hostname per line. IP addresses that are not in DNS will be
ignored (you will be informed though).",
+ metavar="FILE")
(options, args) = parser.parse_args()
ldapSupportLib.setBindInfoByOptions(options, parser)
@@ -50,11 +98,20 @@
# w00t We're in!
try:
if options.hosts:
- PosixData = ds.search_s("ou=hosts," + base, ldap.SCOPE_SUBTREE,
"(&(objectclass=iphost)(cn=*))")
+ PosixData = ds.search_s(
+ "ou=hosts," + base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=iphost)(cn=*))")
elif options.netgroups:
- PosixData = ds.search_s("ou=netgroup," + base, ldap.SCOPE_SUBTREE,
"(&(objectclass=nisnetgroup)(cn=*))")
+ PosixData = ds.search_s(
+ "ou=netgroup," + base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=nisnetgroup)(cn=*))")
elif options.addentry:
- PosixData = ds.search_s("ou=netgroup," + base, ldap.SCOPE_SUBTREE,
"(&(objectclass=nisNetGroup)(cn=" + args[0] + "))")
+ PosixData = ds.search_s(
+ "ou=netgroup," + base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=nisNetGroup)(cn=" + args[0] + "))")
if PosixData:
sys.stderr.write("The entry you wish to add already exists.\n")
sys.exit(1)
@@ -68,7 +125,12 @@
formattednametoadd = "(" + nametoadd + ",,)"
netgrouplist = []
if options.file:
- infofromfile(netgrouplist, "add", options.file,
netgrouptype, PosixCheckData)
+ infofromfile(
+ netgrouplist,
+ "add",
+ options.file,
+ netgrouptype,
+ PosixCheckData)
else:
netgrouplist.append(formattednametoadd)
NewPosixData = {}
@@ -79,19 +141,25 @@
print "The netgroup was successfully added."
sys.exit(0)
elif options.deleteentry:
- PosixData = ds.search_s("ou=netgroup," + base, ldap.SCOPE_SUBTREE,
"(&(objectclass=nisNetGroup)(cn=" + args[0] + "))")
+ PosixData = ds.search_s(
+ "ou=netgroup," + base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=nisNetGroup)(cn=" + args[0] + "))")
if not PosixData:
- sys.stderr.write("The entry you wish to delete doesn't
exist.\n")
+ sys.stderr.write(
+ "The entry you wish to delete doesn't exist.\n")
sys.exit(1)
else:
dn = PosixData[0][0]
- verification = raw_input("Are you sure you wish to delete the
following entry: " + dn + "? [y/N] ")
+ verification = raw_input(
+ "Are you sure you wish to delete the following entry: " +
dn + "? [y/N] ")
if verification == "y" or verification == "Y":
try:
ds.delete_s(dn)
print "The netgroup was successfully deleted.\n"
except Exception:
- sys.stderr.write("There was an error while trying to
delete the netgroup; see traceback\n")
+ sys.stderr.write(
+ "There was an error while trying to delete the
netgroup; see traceback\n")
traceback.print_exc(file=sys.stderr)
sys.exit(1)
sys.exit(0)
@@ -115,74 +183,112 @@
netgrouptomod = args[0]
try:
- PosixData = ds.search_s("ou=netgroup," + base,
ldap.SCOPE_SUBTREE, "(&(objectclass=nisNetGroup)(cn=" + netgrouptomod + "))")
+ PosixData = ds.search_s(
+ "ou=netgroup," + base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=nisNetGroup)(cn=" + netgrouptomod +
"))")
except Exception:
- sys.stderr.write("There was an error while searching for
the netgroup; see traceback\n")
+ sys.stderr.write(
+ "There was an error while searching for the netgroup;
see traceback\n")
traceback.print_exc(file=sys.stderr)
ds.unbind()
sys.exit(1)
if options.user:
- PosixCheckData = ds.search_s("ou=people," + base,
ldap.SCOPE_SUBTREE, "(&(objectclass=posixaccount)(uid=*))")
+ PosixCheckData = ds.search_s(
+ "ou=people," + base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=posixaccount)(uid=*))")
else:
- PosixCheckData = ds.search_s("ou=hosts," + base,
ldap.SCOPE_SUBTREE, "(&(objectclass=iphost)(cn=*))")
+ PosixCheckData = ds.search_s(
+ "ou=hosts," + base,
+ ldap.SCOPE_SUBTREE,
+ "(&(objectclass=iphost)(cn=*))")
NewPosixData = copy.deepcopy(PosixData)
if 'nisNetgroupTriple' in NewPosixData[0][1]:
if options.delete:
if options.file:
-
infofromfile(NewPosixData[0][1]['nisNetgroupTriple'], "delete", options.file,
netgrouptype, PosixCheckData)
+ infofromfile(
+ NewPosixData[0][1]['nisNetgroupTriple'],
+ "delete",
+ options.file,
+ netgrouptype,
+ PosixCheckData)
elif "(" + nametoadd + ",,)" in
NewPosixData[0][1]['nisNetgroupTriple']:
-
NewPosixData[0][1]['nisNetgroupTriple'].remove(formattednametoadd)
+ NewPosixData[0][1]['nisNetgroupTriple'].remove(
+ formattednametoadd)
else:
if options.file:
-
infofromfile(NewPosixData[0][1]['nisNetgroupTriple'], "add", options.file,
netgrouptype, PosixCheckData)
+ infofromfile(
+ NewPosixData[0][1]['nisNetgroupTriple'],
+ "add",
+ options.file,
+ netgrouptype,
+ PosixCheckData)
else:
-
NewPosixData[0][1]['nisNetgroupTriple'].append(formattednametoadd)
+ NewPosixData[0][1]['nisNetgroupTriple'].append(
+ formattednametoadd)
else:
if not options.delete:
if options.file:
NewPosixData[0][1]['nisNetgroupTriple'] = []
-
infofromfile(NewPosixData[0][1]['nisNetgroupTriple'], "add", options.file,
netgrouptype, PosixCheckData)
+ infofromfile(
+ NewPosixData[0][1]['nisNetgroupTriple'],
+ "add",
+ options.file,
+ netgrouptype,
+ PosixCheckData)
else:
- NewPosixData[0][1]['nisNetgroupTriple'] =
[formattednametoadd]
+ NewPosixData[0][1]['nisNetgroupTriple'] = [
+ formattednametoadd]
if PosixData == NewPosixData:
if options.delete:
- sys.stderr.write("The host/user(s) you are trying to
remove are not in the netgroup provided.\n")
+ sys.stderr.write(
+ "The host/user(s) you are trying to remove are not
in the netgroup provided.\n")
ds.unbind()
sys.exit(1)
else:
- sys.stderr.write("The host/user(s) you are trying to
add are already in the netgroup provided.\n")
+ sys.stderr.write(
+ "The host/user(s) you are trying to add are
already in the netgroup provided.\n")
ds.unbind()
sys.exit(1)
netgroupdn = PosixData[0][0]
- modlist = ldap.modlist.modifyModlist(PosixData[0][1],
NewPosixData[0][1])
+ modlist = ldap.modlist.modifyModlist(
+ PosixData[0][1], NewPosixData[0][1])
ds.modify_s(netgroupdn, modlist)
except socket.herror:
- sys.stderr.write("This IP address isn't in DNS, please have it
added, then try again.\n")
+ sys.stderr.write(
+ "This IP address isn't in DNS, please have it added, then
try again.\n")
ds.unbind()
sys.exit(1)
- except ldap.UNWILLING_TO_PERFORM, msg:
- sys.stderr.write("The search returned an error. Error was: %s\n" %
msg[0]["info"])
+ except ldap.UNWILLING_TO_PERFORM as msg:
+ sys.stderr.write(
+ "The search returned an error. Error was: %s\n" %
+ msg[0]["info"])
ds.unbind()
sys.exit(1)
except ldap.NO_SUCH_OBJECT:
- sys.stderr.write("The netgroup provided cannot be found, please try
again.\n")
+ sys.stderr.write(
+ "The netgroup provided cannot be found, please try again.\n")
ds.unbind()
sys.exit(1)
except ldap.TYPE_OR_VALUE_EXISTS:
- sys.stderr.write("The host/user you are trying to add is already in
the netgroup you provided.\n")
+ sys.stderr.write(
+ "The host/user you are trying to add is already in the netgroup
you provided.\n")
ds.unbind()
sys.exit(1)
except ldap.PROTOCOL_ERROR:
if options.delete:
- sys.stderr.write("The host/user you are trying to remove is not in
the netgroup you provided.\n")
+ sys.stderr.write(
+ "The host/user you are trying to remove is not in the netgroup
you provided.\n")
else:
- sys.stderr.write("There was an LDAP protocol error, please contact
an administrator via the helpdesk.\n")
+ sys.stderr.write(
+ "There was an LDAP protocol error, please contact an
administrator via the helpdesk.\n")
ds.unbind()
sys.exit(1)
- #except Exception:
+ # except Exception:
# try:
# ds.unbind()
# sys.stderr.write("There was a general error, please contact an
administrator via the helpdesk.\n")
@@ -200,22 +306,23 @@
if options.hosts or options.netgroups:
for i in range(len(PosixData)):
- if options.hosts:
- print "hostname: " + PosixData[i][1]["cn"][0]
- print " IP: " + PosixData[i][1]["ipHostNumber"][0]
- elif options.netgroups:
- if not (options.showhost or options.showshares or
options.showuser):
- print "Netgroup Name: " + PosixData[i][1]["cn"][0]
- else:
- if options.showhost:
- if "ou=host" in PosixData[i][0]:
- print "Netgroup Name: " +
PosixData[i][1]["cn"][0]
- if options.showshares:
- if "ou=shares" in PosixData[i][0]:
- print "Netgroup Name: " +
PosixData[i][1]["cn"][0]
- if options.showuser:
- if "ou=user" in PosixData[i][0]:
- print "Netgroup Name: " +
PosixData[i][1]["cn"][0]
+ if options.hosts:
+ print "hostname: " + PosixData[i][1]["cn"][0]
+ print " IP: " + PosixData[i][1]["ipHostNumber"][0]
+ elif options.netgroups:
+ if not (
+ options.showhost or options.showshares or
options.showuser):
+ print "Netgroup Name: " + PosixData[i][1]["cn"][0]
+ else:
+ if options.showhost:
+ if "ou=host" in PosixData[i][0]:
+ print "Netgroup Name: " + PosixData[i][1]["cn"][0]
+ if options.showshares:
+ if "ou=shares" in PosixData[i][0]:
+ print "Netgroup Name: " + PosixData[i][1]["cn"][0]
+ if options.showuser:
+ if "ou=user" in PosixData[i][0]:
+ print "Netgroup Name: " + PosixData[i][1]["cn"][0]
else:
if options.user:
netgrouptype = "user"
@@ -234,7 +341,8 @@
if (len(args) < 2 or len(args) > 2):
if options.file and len(args) == 1:
return
- sys.stderr.write("Invalid syntax, please see \"netgroup-mod
--help\"\n")
+ sys.stderr.write(
+ "Invalid syntax, please see \"netgroup-mod --help\"\n")
sys.exit(1)
@@ -265,13 +373,17 @@
continue
else:
if changetype == "delete":
- sys.stderr.write(line + " is not in the netgroup
provided.\n")
+ sys.stderr.write(
+ line + " is not in the netgroup provided.\n")
else:
- sys.stderr.write(line + " is already in the netgroup
provided.\n")
+ sys.stderr.write(
+ line + " is already in the netgroup provided.\n")
except socket.herror:
- sys.stderr.write(line + " isn't in DNS, please have it added, then
try again.\n")
+ sys.stderr.write(
+ line + " isn't in DNS, please have it added, then try
again.\n")
except socket.gaierror:
- sys.stderr.write(line + " isn't in DNS, please have it added, then
try again.\n")
+ sys.stderr.write(
+ line + " isn't in DNS, please have it added, then try
again.\n")
def checkuserinldap(user, PosixCheckData):
@@ -285,13 +397,18 @@
def checkhostinldap(host, hostfromdns, PosixCheckData):
for i in range(len(PosixCheckData)):
- if string.lower(PosixCheckData[i][1]['cn'][0]) ==
string.lower(hostfromdns):
+ if string.lower(PosixCheckData[i][1]['cn'][
+ 0]) == string.lower(hostfromdns):
return True
elif string.lower(PosixCheckData[i][1]['cn'][0]) == string.lower(host):
- sys.stderr.write(host + " matches an entry in LDAP; however, the
DNS entry is different than the LDAP entry, please put in a ripken ticket
(skipping)\n")
+ sys.stderr.write(
+ host +
+ " matches an entry in LDAP; however, the DNS entry is
different than the LDAP entry, please put in a ripken ticket (skipping)\n")
return False
elif string.lower(PosixCheckData[i][1]['ipHostNumber'][0]) ==
string.lower(host):
- sys.stderr.write(host + " matches an IP address in LDAP; however,
the LDAP entry and the DNS entry are in conflict, please put in a ripken ticket
(skipping)\n")
+ sys.stderr.write(
+ host +
+ " matches an IP address in LDAP; however, the LDAP entry and
the DNS entry are in conflict, please put in a ripken ticket (skipping)\n")
return False
# We just looped through all the hosts in LDAP. The host doesn't exist.
# Since we are only checking to make sure there aren't LDAP/DNS
diff --git a/modules/ldap/files/scripts/ssh-key-ldap-lookup
b/modules/ldap/files/scripts/ssh-key-ldap-lookup
index 6faad48..40b6e40 100755
--- a/modules/ldap/files/scripts/ssh-key-ldap-lookup
+++ b/modules/ldap/files/scripts/ssh-key-ldap-lookup
@@ -77,7 +77,8 @@
config = yaml.safe_load(f)
conn = connect(config['servers'][0], config['user'], config['password'])
- if args.enable_servicegroups and args.username.startswith(PROJECT_NAME +
'.'):
+ if args.enable_servicegroups and args.username.startswith(
+ PROJECT_NAME + '.'):
groupname = 'cn=%s,ou=servicegroups,%s' % (
args.username, config['basedn']
)
--
To view, visit https://gerrit.wikimedia.org/r/278271
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I358c4bd5320632505422c17a52e0a85cd6d2bd57
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ladsgroup <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
