This is an old revision of the document!
Freeipa Import Group Memberships
General Information
Parse a text file dump of 389 LDAP “unique members” and add the group memberships to a FreeIPA server.
Checklist
- FreeIPA server
- Unique members LDAP dump
Usage
Place the text file “memberlist-uniqueentry.txt” in the same directory and execute
./import-users-groups_legacy-groups.py
The Code
- import-users-groups_legacy-groups.py
#!/usr/bin/python ## Title: import-users-groups_legacy-groups.py ## Description: Parse a group dump of unqiue members from 389 LDAP and add group membership FreeIPA ## Date: 2016-09-12 ## Recent Changes:-Initial release #### Import Modules #### # subprocess -> for ipa commands import subprocess #### Main #### # Create an empty list for the groups, flag current group name, set current group_list position group_list = [] current_group = "NONE" current_position = 0 # Open the memberlist file read only (r) group_file = open("memberlist-uniqueentry.txt", 'r') # Read the first line line = group_file.readline() print "-> Reading in groups/members from file..." # Process each line until there are no more while line: if line.startswith('dn: cn='): ## Found a group entry ## # Inialize an empty member list member_list = [] # If this is not the first group found, increment the list position if current_group != "NONE": current_position +=1 # Group Name: Remove the leading 'dn: cn', then split the line up by commas current_group = (line.lstrip('dn: cn')).split(',') # Group Name: first field (0), with the leading equals stripped away current_group = current_group[0].strip('=') # Debugging purposes #print "Group is: ", current_group # Add the current_group to the group_list, with an empty member_list (a list of dictionaries: group name and member list) group_list.append( {'group_name': current_group, 'members': member_list}) # Read the next line and start the loop over (continue) line = group_file.readline() continue elif line.startswith('uniquemember'): ## Found a group member ## # Member Name: Remove the leading 'uniquemember: uid', then split the string up by commas member = (line.lstrip('uniquemember: uid')).split(',') # Member Name: name is the first field (0), with the leading equals stripped away member = member[0].strip('=') # Debugging purposes #print "Member is: ", member # Append member to current group's member list group_list[current_position]['members'].append(member) # Read next line from the file line = group_file.readline() # Close the file group_file.close() ## Process the list of groups: Add members to the group names ## print "-> Processing legacy groups..." for group in group_list: # Debugging purposes print "--> Working on group: ", group['group_name'] # Iterate through the members in order to add them to the group if group['members']: # Groups with at least 1 member (non-empty member list) # Debugging purposes print "---> Members are: ", group['members'] # Add users to the group for member_name in group['members']: # Build ipa command from group name and member ipa_cmd="ipa group-add-member " + group['group_name'] + " --users=" + member_name # Add member to the group subprocess.call([ipa_cmd], shell=True) else: # Groups with no members (empty member list) print "---> No members!" # End of script
Sample LDAP Unique Member List
An example LDAP Unique member list output
# extended LDIF # # LDAPv3 # base <ou=groups,ou=MyOrg,dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: gidNumber uniquemember # # users, Groups, Servers, MyOrg, example.com dn: cn=users,ou=Groups,ou=MyOrg,ou=EROS,dc=example,dc=com gidNumber: 100 uniquemember: uid=lskywalker,ou=Users,ou=MyOrg,ou=EROS,dc=example,dc=com uniquemember: uid=dvadar,ou=Users,ou=MyOrg,ou=EROS,dc=example,dc=com uniquemember: uid=yoda,ou=Users,ou=MyOrg,ou=EROS,dc=example,dc=com # developers, Groups, Servers, MyOrg, EROS, example.com dn: cn=developers,ou=Groups,ou=MyOrg,ou=EROS,dc=example,dc=com gidNumber: 103 uniquemember: uid=bert,ou=Users,ou=MyOrg,ou=EROS,dc=example,dc=com uniquemember: uid=ernie,ou=Users,ou=MyOrg,ou=EROS,dc=example,dc=com uniquemember: uid=oscar,ou=Users,ou=MyOrg,ou=EROS,dc=example,dc=com # operations, Groups, Servers, MyOrg, EROS, example.com dn: cn=operations,ou=Groups,ou=MyOrg,ou=EROS,dc=example,dc=com gidNumber: 777 uniquemember: uid=spock,ou=Users,ou=MyOrg,ou=EROS,dc=example,dc=com # web_devel, Groups, Servers, MyOrg, EROS, example.com dn: cn=web_devel,ou=Groups,ou=MyOrg,ou=EROS,dc=example,dc=com gidNumber: 18651 # search result search: 2 result: 0 Success