Differences
This shows you the differences between two versions of the page.
python_wiki:freeipa_import_group_memberships [2016/11/30 22:21] billdozor [Sample LDAP Unique Member List] |
python_wiki:freeipa_import_group_memberships [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Freeipa Import Group Memberships ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Parse a text file dump of 389 LDAP " | ||
- | |||
- | **Checklist** | ||
- | * FreeIPA server | ||
- | * Unique members LDAP dump | ||
- | |||
- | ---- | ||
- | |||
- | ====== Usage ====== | ||
- | |||
- | Place the text file " | ||
- | <code bash> | ||
- | ./ | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== The Code ====== | ||
- | |||
- | <code python import-users-groups_legacy-groups.py> | ||
- | # | ||
- | ## Title: import-users-groups_legacy-groups.py | ||
- | ## Description: | ||
- | ## Date: 2016-09-12 | ||
- | ## Recent Changes: | ||
- | |||
- | #### Import Modules #### | ||
- | # subprocess -> for ipa commands | ||
- | import subprocess | ||
- | |||
- | #### Main #### | ||
- | |||
- | # Create an empty list for the groups, flag current group name, set current group_list position | ||
- | group_list = [] | ||
- | current_group = " | ||
- | current_position = 0 | ||
- | |||
- | # Open the memberlist file read only (r) | ||
- | group_file = open(" | ||
- | |||
- | # Read the first line | ||
- | line = group_file.readline() | ||
- | |||
- | print "-> Reading in groups/ | ||
- | # Process each line until there are no more | ||
- | while line: | ||
- | | ||
- | if line.startswith(' | ||
- | ## Found a group entry ## | ||
- | # Inialize an empty member list | ||
- | member_list = [] | ||
- | |||
- | # If this is not the first group found, increment the list position | ||
- | if current_group != " | ||
- | current_position +=1 | ||
- | |||
- | # Group Name: Remove the leading 'dn: cn', then split the line up by commas | ||
- | current_group = (line.lstrip(' | ||
- | |||
- | # Group Name: first field (0), with the leading equals stripped away | ||
- | current_group = current_group[0].strip(' | ||
- | |||
- | # Debugging purposes | ||
- | #print "Group is: ", current_group | ||
- | |||
- | # Add the current_group to the group_list, with an empty member_list (a list of dictionaries: | ||
- | group_list.append( {' | ||
- | |||
- | # Read the next line and start the loop over (continue) | ||
- | line = group_file.readline() | ||
- | continue | ||
- | elif line.startswith(' | ||
- | ## Found a group member ## | ||
- | # Member Name: Remove the leading ' | ||
- | member = (line.lstrip(' | ||
- | |||
- | # Member Name: name is the first field (0), with the leading equals stripped away | ||
- | member = member[0].strip(' | ||
- | |||
- | # Debugging purposes | ||
- | #print " | ||
- | |||
- | # Append member to current group' | ||
- | group_list[current_position][' | ||
- | |||
- | # Read next line from the file | ||
- | line = group_file.readline() | ||
- | |||
- | # Close the file | ||
- | group_file.close() | ||
- | |||
- | ## Process the list of groups: Add members to the group names ## | ||
- | |||
- | print "-> Processing legacy groups..." | ||
- | for group in group_list: | ||
- | |||
- | # Debugging purposes | ||
- | print " | ||
- | |||
- | # Iterate through the members in order to add them to the group | ||
- | if group[' | ||
- | # Groups with at least 1 member (non-empty member list) | ||
- | |||
- | # Debugging purposes | ||
- | print " | ||
- | |||
- | # Add users to the group | ||
- | for member_name in group[' | ||
- | # Build ipa command from group name and member | ||
- | ipa_cmd=" | ||
- | |||
- | # Add member to the group | ||
- | subprocess.call([ipa_cmd], | ||
- | else: | ||
- | # Groups with no members (empty member list) | ||
- | print " | ||
- | |||
- | # End of script | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ===== Sample LDAP Unique Member List ===== | ||
- | |||
- | An example LDAP Unique member list output | ||
- | <code bash> | ||
- | # extended LDIF | ||
- | # | ||
- | # LDAPv3 | ||
- | # base < | ||
- | # filter: (objectclass=*) | ||
- | # requesting: gidNumber uniquemember | ||
- | # | ||
- | |||
- | # users, Groups, Servers, MyOrg, example.com | ||
- | dn: cn=users, | ||
- | gidNumber: 100 | ||
- | uniquemember: | ||
- | uniquemember: | ||
- | uniquemember: | ||
- | |||
- | # developers, Groups, Servers, MyOrg, example.com | ||
- | dn: cn=developers, | ||
- | gidNumber: 103 | ||
- | uniquemember: | ||
- | uniquemember: | ||
- | uniquemember: | ||
- | |||
- | |||
- | # operations, Groups, Servers, MyOrg, example.com | ||
- | dn: cn=operations, | ||
- | gidNumber: 777 | ||
- | uniquemember: | ||
- | |||
- | # web_devel, Groups, Servers, MyOrg, example.com | ||
- | dn: cn=web_devel, | ||
- | gidNumber: 18651 | ||
- | |||
- | # search result | ||
- | search: 2 | ||
- | result: 0 Success | ||
- | </ | ||
- | |||
- | ---- | ||