1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
#!/usr/bin/env python
import os
import sys
sys.path.append(os.path.join(os.path.dirname(__file__), '..'))
sys.path.append('/srv/linaro-git-tools')
from bin import django_setup, add_logging_arguments
django_setup() # must be called to get sys.path and django settings in place
import logging
from django.contrib.auth.models import User
from linaro_ldap import do_complex_query, do_query
from linaro_metrics.models import Team, TeamMembership
log = logging.getLogger('sync_teams')
DRY_RUN = False
def get_email_by_uid(uid):
ldap_user_entry = do_query('uid', uid, ['mail'])
return(ldap_user_entry[0][1]['mail'][0])
def sync_teams(teams):
for t in teams:
ldap_results = do_complex_query(
search_filter='(&(objectClass=posixGroup)(cn=%s))' % t.name,
attrlist=['memberUid', 'mail'],
base='ou=security,ou=groups,dc=linaro,dc=org'
)
try:
uids_ldap = ldap_results[0][1]['memberUid']
except KeyError as e:
print("Exception: '%s' for %s" % (e, ldap_results[0][0]))
continue
except IndexError as e:
print("Exception: %s" % e)
sys.exit(1)
ldap_users = [get_email_by_uid(x) for x in uids_ldap]
memberships = TeamMembership.objects.filter(team=t)
# look for new Users and add
for ldap_user in ldap_users:
# user should already exist as the sync_users script
# should have been run first
user = User.objects.filter(username=ldap_user).first()
if user is None:
continue
membership = \
TeamMembership.objects.filter(team=t, user=user).first()
if membership is None:
print("Adding '%s' to team '%s'" % (user.username, t.name))
if not DRY_RUN:
m = TeamMembership()
m.user = user
m.team = t
m.save()
# look for Users to remove
for m in memberships:
if m.user.username not in ldap_users:
print("Removing '%s' from team '%s'" % (
m.user.username, t.name))
if not DRY_RUN:
m.delete()
if __name__ == '__main__':
import argparse
parser = argparse.ArgumentParser(
description='Synchronize team memberships with info from LDAP')
add_logging_arguments(parser)
parser.add_argument("--dry-run", "-n", action='store_true',
dest='DRY_RUN', default=False,
help="Run the script but do not execute any changes")
args = parser.parse_args()
DRY_RUN = args.DRY_RUN
sync_teams(Team.objects.filter(active=True))
|