python_wiki:freeipa_import_group_memberships

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

python_wiki:freeipa_import_group_memberships [2016/11/30 22:21]
billdozor [Sample LDAP Unique Member List] 		python_wiki:freeipa_import_group_memberships [2019/05/25 23:50]
Line 1: Line 1:
-====== Freeipa Import Group Memberships ====== 
- 
-**General Information** 
- 
-Parse a text file dump of 389 LDAP "unique members" and add the group memberships to a FreeIPA server.  
- 
-**Checklist** 
-  * FreeIPA server 
-  * Unique members LDAP dump 
- 
----- 
- 
-====== Usage ====== 
- 
-Place the text file "memberlist-uniqueentry.txt" in the same directory and execute 
-<code bash> 
-./import-users-groups_legacy-groups.py 
-</code> 
- 
----- 
- 
-====== The Code ====== 
- 
-<code python import-users-groups_legacy-groups.py> 
-#!/usr/bin/python 
-## Title: import-users-groups_legacy-groups.py 
-## Description: Parse a group dump of unqiue members from 389 LDAP and add group membership FreeIPA 
-## Date: 2016-09-12 
-## Recent Changes:-Initial release 
- 
-#### Import Modules #### 
-# subprocess -> for ipa commands 
-import subprocess 
- 
-#### Main #### 
- 
-# Create an empty list for the groups, flag current group name, set current group_list position 
-group_list = [] 
-current_group = "NONE" 
-current_position = 0 
- 
-# Open the memberlist file read only (r) 
-group_file = open("memberlist-uniqueentry.txt", 'r') 
- 
-# Read the first line 
-line = group_file.readline() 
- 
-print "-> Reading in groups/members from file..." 
-# Process each line until there are no more 
-while line: 
-   
-  if line.startswith('dn: cn='): 
-    ## Found a group entry ## 
-    # Inialize an empty member list 
-    member_list = [] 
- 
-    # If this is not the first group found, increment the list position 
-    if current_group != "NONE": 
-      current_position +=1 
- 
-    # Group Name: Remove the leading 'dn: cn', then split the line up by commas 
-    current_group = (line.lstrip('dn: cn')).split(',') 
- 
-    # Group Name: first field (0), with the leading equals stripped away 
-    current_group = current_group[0].strip('=') 
- 
-    # Debugging purposes 
-    #print "Group is: ", current_group 
- 
-    # Add the current_group to the group_list, with an empty member_list (a list of dictionaries: group name and member list) 
-    group_list.append( {'group_name': current_group, 'members': member_list}) 
- 
-    # Read the next line and start the loop over (continue) 
-    line = group_file.readline() 
-    continue 
-  elif line.startswith('uniquemember'): 
-    ## Found a group member ## 
-    # Member Name: Remove the leading 'uniquemember: uid', then split the string up by commas 
-    member = (line.lstrip('uniquemember: uid')).split(',') 
- 
-    # Member Name: name is the first field (0), with the leading equals stripped away 
-    member = member[0].strip('=') 
- 
-    # Debugging purposes 
-    #print "Member is: ", member 
- 
-    # Append member to current group's member list 
-    group_list[current_position]['members'].append(member) 
- 
-  # Read next line from the file 
-  line = group_file.readline() 
- 
-# Close the file 
-group_file.close() 
- 
-## Process the list of groups: Add members to the group names ## 
- 
-print "-> Processing legacy groups..." 
-for group in group_list: 
- 
-  # Debugging purposes 
-  print "--> Working on group: ", group['group_name'] 
- 
-  # Iterate through the members in order to add them to the group 
-  if group['members']: 
-    # Groups with at least 1 member (non-empty member list) 
- 
-    # Debugging purposes 
-    print "---> Members are: ", group['members'] 
- 
-    # Add users to the group 
-    for member_name in group['members']: 
-      # Build ipa command from group name and member 
-      ipa_cmd="ipa group-add-member " + group['group_name'] + " --users=" + member_name 
- 
-      # Add member to the group 
-      subprocess.call([ipa_cmd], shell=True) 
-  else: 
-    # Groups with no members (empty member list) 
-    print "---> No members!" 
- 
-# End of script 
-</code> 
- 
----- 
- 
-===== Sample LDAP Unique Member List ===== 
- 
-An example LDAP Unique member list output 
-<code bash> 
-# extended LDIF 
-# 
-# LDAPv3 
-# base <ou=groups,ou=MyOrg,dc=example,dc=com> with scope subtree 
-# filter: (objectclass=*) 
-# requesting: gidNumber uniquemember  
-# 
- 
-# users, Groups, Servers, MyOrg, example.com 
-dn: cn=users,ou=Groups,ou=MyOrg,dc=example,dc=com 
-gidNumber: 100 
-uniquemember: uid=lskywalker,ou=Users,ou=MyOrg,dc=example,dc=com 
-uniquemember: uid=dvadar,ou=Users,ou=MyOrg,dc=example,dc=com 
-uniquemember: uid=yoda,ou=Users,ou=MyOrg,dc=example,dc=com 
- 
-# developers, Groups, Servers, MyOrg, example.com 
-dn: cn=developers,ou=Groups,ou=MyOrg,dc=example,dc=com 
-gidNumber: 103 
-uniquemember: uid=bert,ou=Users,ou=MyOrg,dc=example,dc=com 
-uniquemember: uid=ernie,ou=Users,ou=MyOrg,dc=example,dc=com 
-uniquemember: uid=oscar,ou=Users,ou=MyOrg,dc=example,dc=com 
- 
- 
-# operations, Groups, Servers, MyOrg, example.com 
-dn: cn=operations,ou=Groups,ou=MyOrg,dc=example,dc=com 
-gidNumber: 777 
-uniquemember: uid=spock,ou=Users,ou=MyOrg,dc=example,dc=com 
- 
-# web_devel, Groups, Servers, MyOrg, example.com 
-dn: cn=web_devel,ou=Groups,ou=MyOrg,dc=example,dc=com 
-gidNumber: 18651 
- 
-# search result 
-search: 2 
-result: 0 Success 
-</code> 
- 
----- 
  
  • python_wiki/freeipa_import_group_memberships.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)