I don't know thing 1 about Django so I'm not sure if I'll be much use
in that.  If I have some time, in the near future, I'll give it a shot
though.  If there's someone out there who wants to strip out anything
they find useful, feel free.

On Thu, May 19, 2011 at 12:26 AM, Christian Hammond <chip...@chipx86.com> wrote:
> If this could be turned into a Django Management Command (basically, a
> script that subclasses a certain class -- see the Django docs), and was
> updated to use our models for access instead of talking to the database
> directly, I think it'd be worth including in Review Board.
>
> Christian
>
> --
> Christian Hammond - chip...@chipx86.com
> Review Board - http://www.reviewboard.org
> VMware, Inc. - http://www.vmware.com
>
>
> On Thu, May 19, 2011 at 12:23 AM, junk <j...@gmail.com> wrote:
>>
>> I saw this message and it got me interested.  I was thinking about
>> this earlier (although this is not what I was searching for) and
>> decided to take this as a chance to whip up something to do it.
>> Please keep in mind that this was written in about three hours and is
>> just a first pass.  I borrowed some existing LDAP code I had lying
>> around and there's even a TODO telling me to figure out wtf I'm
>> doing.  :)
>>
>> Anywho... you'll need to make some changes to this to make it work for
>> whatever you LDAP infrastructure looks like.
>>
>> NOTE: Our LDAP server has multiple user DNs.  We have one for
>> employees and another for contractors/vendors.  Since I need to be
>> able to search through any of them, I have to use a dictionary for my
>> LUSER_DN.
>>
>> """
>> #!/usr/bin/python
>>
>> """Update ReviewBoard users list with members of an LDAP group.
>>
>> Connect to LDAP and MySQL and generate users list.  Find the
>> differences in
>> the two lists and query LDAP for user data (username, first name, last
>> name).
>> Insert unique users into ReviewBoard MySQL server.
>>
>> TODO(junk):
>> * If named group doesn't exist in ReviewBoard, add to group list.
>> * Add new users to named group in ReviewBoard.
>> * If a user is removed from an LDAP group, remove them from the
>> ReviewBoard group.
>> * Check missing users for locaked status and mark inactive.
>> """
>>
>> __author__ = 'Tucker <j...@gmail.com>'
>>
>>
>> import ldap
>> import MySQLdb
>> import sys
>> import time
>>
>>
>> # Globals.
>> L_HOST = 'ldap_server'
>> LGROUP_DN = 'ou=Group,dc=company,dc=com'
>> LUSER_DN = {'People': ['ou=People,dc=company,dc=com', 'uid'],
>>            'Outside': ['ou=Outside,dc=company,dc=com', 'cn'],
>>           }
>> RB_HOST = 'localhost'
>> RB_USER = 'user'
>> RB_PASS = 'password'
>> RB_DB = 'reviewboard'
>>
>> def error_and_exit(msg, ret):
>>  """Print our error message and exit.
>>
>>  Args:
>>    msg: Error message string
>>    ret: integer return value
>>  """
>>  print 'ERROR: %s' % msg
>>  sys.exit(ret)
>>
>>
>> def get_ldap_members(ldap_object, group_name):
>>  """Query LDAP for group members.
>>
>>  Args:
>>    ldap_object: LDAP object user to connect and query the LDAP server
>>    group_name: group name string
>>  Returns:
>>    group_members: dictionary containing all group members
>>  """
>>  search_scope = ldap.SCOPE_SUBTREE
>>  ldap_filter = 'cn=%s' % group_name
>>
>>  # Run our LDAP query.
>>  try:
>>    ldap_result_id = ldap_object.search(LGROUP_DN, search_scope,
>> ldap_filter)
>>    results = []
>>    result_type, result_data = ldap_object.result(ldap_result_id, 0)
>>  except ldap.LDAPError, e:
>>    error_and_exit(e[0]['desc'], 4)
>>
>>  # TODO(junk): remember what this does and comment on it
>>  if result_data:
>>    if result_type == ldap.RES_SEARCH_ENTRY:
>>      results.append(result_data)
>>
>>  # If the group doesn't exist, bail out.
>>  if not results:
>>    error_and_exit('Group not found.', 5)
>>
>>  # If the group has no members, bail out.
>>  if 'memberUid' not in results[0][0][1]:
>>    error_and_exit('Group has no members', 6)
>>
>>  # Send back our results dictionary.
>>  return results[0][0][1]['memberUid']
>>
>>
>> def get_member_info(ldap_object, ldap_members):
>>  """Get user info for each LDAP group member.
>>
>>  Args:
>>    ldap_object: LDAP object user to connect and query the LDAP server
>>    ldap_members: list of LDAP group members
>>  Return:
>>    ldap_user_info: dictionary of LDAP user info
>>  """
>>  search_scope = ldap.SCOPE_SUBTREE
>>  ldap_user_info = {}
>>
>>  # Search through each member in our list.
>>  for member in ldap_members:
>>    # Run our LDAP query against all possible user DNs.
>>    for dn in LUSER_DN:
>>      ldap_filter = '%s=%s' % (LUSER_DN[dn][1], member)
>>      try:
>>        ldap_result_id = ldap_object.search(LUSER_DN[dn][0],
>> search_scope,
>>                                            ldap_filter)
>>        result_type, result_data = ldap_object.result(ldap_result_id,
>> 0)
>>      except ldap.LDAPError, e:
>>        error_and_exit(e[0]['desc'], 3)
>>
>>    # We don't store first and last names, only gecos.
>>    if result_data:
>>      first_name = result_data[0][1]['gecos'][0].split()[0]
>>      last_name = result_data[0][1]['gecos'][0].split()[-1]
>>
>>    # Add each new user to the list.
>>    ldap_user_info[member] = [last_name, first_name]
>>
>>  return ldap_user_info
>>
>>
>> def add_rb_members(ldap_user_info):
>>  """Add group members to ReviewBoard.
>>
>>  Args:
>>    ldap_user_info: dictionary of LDAP user info to add
>>  """
>>  # Get current time in correct format.
>>  now = time.strftime('%Y-%m-%d %H:%M:%S')
>>
>>  # Create a MySQL connection object to work with.
>>  mysql_o = MySQLdb.connect(host=RB_HOST, user=RB_USER,
>>                            passwd=RB_PASS, db=RB_DB)
>>  cursor = mysql_o.cursor()
>>
>>  for user in ldap_user_info:
>>    first_name = ldap_user_info[user][1]
>>    last_name = ldap_user_info[user][0]
>>    try:
>>      cursor.execute('INSERT INTO auth_user
>> (username,first_name,last_name,'
>>                     'email,password,is_staff,is_active,is_superuser,'
>>                     'last_login,date_joined) VALUES'
>>
>> '("%s","%s","%s","%s...@company.com","!","0","1","0",'
>>                     '"0000-00-00' '00:00:00","%s")' %
>>                     (user, first_name, last_name, user, now))
>>    # Ignore any exceptions and keep moving.
>>    except:
>>      pass
>>
>> def main(argv):
>>  # Check to make sure our group is an alphabetic string.
>>  try:
>>    if not argv[1].isalpha():
>>      error_and_exit('Group name provided appears invalid.', 2)
>>    else:
>>      group = argv[1]
>>  except IndexError, e:
>>    error_and_exit('No group specified.', 1)
>>
>>  # Create out LDAP object.
>>  try:
>>    ldap_o = ldap.open(L_HOST)
>>    ldap_o.protocol_verion = ldap.VERSION3
>>  except ldap.LDAPError, e:
>>    error_and_exit(e[0]['desc'], 3)
>>
>>  # Get our LDAP group members.
>>  ldap_members = get_ldap_members(ldap_o, group)
>>
>>  # Get user info for all users.
>>  ldap_user_info = get_member_info(ldap_o, ldap_members)
>>
>>  # Add all our users to ReviewBoard.
>>  add_rb_members(ldap_user_info)
>>
>> if __name__ == '__main__':
>>  main(sys.argv)
>> """
>>
>>
>> On May 16, 11:18 am, Joe <gjwilso...@gmail.com> wrote:
>> > Thanks Eric.
>> >
>> > How were you able to push the data from ldap into reviewboard database
>> > tables? Can you please provide some information on importing the ldap
>> > data into our reviewboard database?
>> >
>> > On May 15, 3:55 pm, Eric Johnson <ericjohn...@alumni.brown.edu> wrote:
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > > On our ReviewBoard server, we push the data into the database tables.
>> > > Has been working quite well. Of course, you have to pay attention to 
>> > > users
>> > > from LDAP that already exist, and perhaps users who have been disabled in
>> > > LDAP.
>> >
>> > > No automated way to do it, other than that, at least that I'm aware.
>> >
>> > > Eric
>> >
>> > > On May 13, 2011, at 2:20 PM, Joe <gjwilso...@gmail.com> wrote:
>> >
>> > > > Hi,
>> >
>> > > > Currently, whenever we had to add an user from ldap to a group, the
>> > > > user has to first login to the system, so that the user is added to
>> > > > the reviewboard database.
>> > > > We want a way to avoid having the user to login in order to use that
>> > > > id from the admin ui.
>> >
>> > > > So is there any way to import users from LDAP into the reviewboard?
>> >
>> > > > Thanks
>> >
>> > > > --
>> > > > Want to help the Review Board project? Donate today
>> > > > athttp://www.reviewboard.org/donate/
>> > > > Happy user? Let us know athttp://www.reviewboard.org/users/
>> > > > -~----------~----~----~----~------~----~------~--~---
>> > > > To unsubscribe from this group, send email to
>> > > > reviewboard+unsubscr...@googlegroups.com
>> > > > For more options, visit this group
>> > > > athttp://groups.google.com/group/reviewboard?hl=en
>>
>> --
>> Want to help the Review Board project? Donate today at
>> http://www.reviewboard.org/donate/
>> Happy user? Let us know at http://www.reviewboard.org/users/
>> -~----------~----~----~----~------~----~------~--~---
>> To unsubscribe from this group, send email to
>> reviewboard+unsubscr...@googlegroups.com
>> For more options, visit this group at
>> http://groups.google.com/group/reviewboard?hl=en
>
> --
> Want to help the Review Board project? Donate today at
> http://www.reviewboard.org/donate/
> Happy user? Let us know at http://www.reviewboard.org/users/
> -~----------~----~----~----~------~----~------~--~---
> To unsubscribe from this group, send email to
> reviewboard+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/reviewboard?hl=en



-- 

--tucker

-- 
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to