python_wiki:freeipa_import_group_memberships

This is an old revision of the document!

Freeipa Import Group Memberships

General Information

Parse a text file dump of 389 LDAP “unique members” and add the group memberships to a FreeIPA server.

Checklist

  • FreeIPA server
  • Unique members LDAP dump

Usage

Place the text file “memberlist-uniqueentry.txt” in the same directory and execute 

./import-users-groups_legacy-groups.py

The Code

import-users-groups_legacy-groups.py
#!/usr/bin/python
## Title: import-users-groups_legacy-groups.py
## Description: Parse a group dump of unqiue members from 389 LDAP and add group membership FreeIPA
## Date: 2016-09-12
## Recent Changes:-Initial release
 
#### Import Modules ####
# subprocess -> for ipa commands
import subprocess
 
#### Main ####
 
# Create an empty list for the groups, flag current group name, set current group_list position
group_list = []
current_group = "NONE"
current_position = 0
 
# Open the memberlist file read only (r)
group_file = open("memberlist-uniqueentry.txt", 'r')
 
# Read the first line
line = group_file.readline()
 
print "-> Reading in groups/members from file..."
# Process each line until there are no more
while line:
 
  if line.startswith('dn: cn='):
    ## Found a group entry ##
    # Inialize an empty member list
    member_list = []
 
    # If this is not the first group found, increment the list position
    if current_group != "NONE":
      current_position +=1
 
    # Group Name: Remove the leading 'dn: cn', then split the line up by commas
    current_group = (line.lstrip('dn: cn')).split(',')
 
    # Group Name: first field (0), with the leading equals stripped away
    current_group = current_group[0].strip('=')
 
    # Debugging purposes
    #print "Group is: ", current_group
 
    # Add the current_group to the group_list, with an empty member_list (a list of dictionaries: group name and member list)
    group_list.append( {'group_name': current_group, 'members': member_list})
 
    # Read the next line and start the loop over (continue)
    line = group_file.readline()
    continue
  elif line.startswith('uniquemember'):
    ## Found a group member ##
    # Member Name: Remove the leading 'uniquemember: uid', then split the string up by commas
    member = (line.lstrip('uniquemember: uid')).split(',')
 
    # Member Name: name is the first field (0), with the leading equals stripped away
    member = member[0].strip('=')
 
    # Debugging purposes
    #print "Member is: ", member
 
    # Append member to current group's member list
    group_list[current_position]['members'].append(member)
 
  # Read next line from the file
  line = group_file.readline()
 
# Close the file
group_file.close()
 
## Process the list of groups: Add members to the group names ##
 
print "-> Processing legacy groups..."
for group in group_list:
 
  # Debugging purposes
  print "--> Working on group: ", group['group_name']
 
  # Iterate through the members in order to add them to the group
  if group['members']:
    # Groups with at least 1 member (non-empty member list)
 
    # Debugging purposes
    print "---> Members are: ", group['members']
 
    # Add users to the group
    for member_name in group['members']:
      # Build ipa command from group name and member
      ipa_cmd="ipa group-add-member " + group['group_name'] + " --users=" + member_name
 
      # Add member to the group
      subprocess.call([ipa_cmd], shell=True)
  else:
    # Groups with no members (empty member list)
    print "---> No members!"
 
# End of script

Sample LDAP Unique Member List

An example LDAP Unique member list output 

# extended LDIF
#
# LDAPv3
# base <ou=groups,ou=MyOrg,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: gidNumber uniquemember 
#
 
# users, Groups, Servers, MyOrg, example.com
dn: cn=users,ou=Groups,ou=MyOrg,dc=example,dc=com
gidNumber: 100
uniquemember: uid=lskywalker,ou=Users,ou=MyOrg,dc=example,dc=com
uniquemember: uid=dvadar,ou=Users,ou=MyOrg,dc=example,dc=com
uniquemember: uid=yoda,ou=Users,ou=MyOrg,dc=example,dc=com
 
# developers, Groups, Servers, MyOrg, example.com
dn: cn=developers,ou=Groups,ou=MyOrg,dc=example,dc=com
gidNumber: 103
uniquemember: uid=bert,ou=Users,ou=MyOrg,dc=example,dc=com
uniquemember: uid=ernie,ou=Users,ou=MyOrg,dc=example,dc=com
uniquemember: uid=oscar,ou=Users,ou=MyOrg,dc=example,dc=com
 
 
# operations, Groups, Servers, MyOrg, example.com
dn: cn=operations,ou=Groups,ou=MyOrg,dc=example,dc=com
gidNumber: 777
uniquemember: uid=spock,ou=Users,ou=MyOrg,dc=example,dc=com
 
# web_devel, Groups, Servers, MyOrg, example.com
dn: cn=web_devel,ou=Groups,ou=MyOrg,dc=example,dc=com
gidNumber: 18651
 
# search result
search: 2
result: 0 Success
  • python_wiki/freeipa_import_group_memberships.1480562504.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)