-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathldapMakeHomes
executable file
·190 lines (166 loc) · 7.51 KB
/
ldapMakeHomes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
#! /usr/bin/python
import os
import ldap
import subprocess
from optparse import OptionParser
import tempfile
from ldapConf import *
from ldapUtil import *
####################################################################################
# global constants
####################################################################################
version="%prog: v0.93 (2011-Nov-27)"
modifiedBy="Garry Thuna"
###################################################################################
# parse command line options
###################################################################################
usage = "usage: %prog [options] [uid1 [[uid2] [[...]]]"
description = "Ensures that the user's home directory exists, " +\
"that it has correct user, group and acl, and " +\
"and sets up a subdirectory of symlinks for any workspace " +\
"that the user has access to"
parser = OptionParser(usage=usage, version=version, description=description)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose", default=False,
help="show changes made to file system [default: %default]")
(options, args) = parser.parse_args()
####################################################################################
# bind to the ldap server
# do the preliminary procssing of users and groups
# do the preliminary procssing of workspaces
####################################################################################
con = ldap.initialize(BIND_URI)
con.start_tls_s()
con.simple_bind_s(BIND_DN, BIND_PW)
groups, \
users, \
gnum2idx, \
gid2idx, \
uid2idx, \
belongsTo, \
workspaces, \
awsName2ws, \
awsName2path, \
gnum2awsName, \
servers, \
asName2server = preProcessLdapObjects(con)
con.unbind_s()
####################################################################################
# set up the homes
####################################################################################
smbConf = '' #string in which to accumulate the samba share definitions
for u in users:
dn, attrs = u
if len(args) > 0 and attrs['uid'][0].lower() not in [a.lower() for a in args]:
continue
if options.verbose:
print 'processing user:',
print attrs['uid'][0] \
+ ' (' + attrs['uidNumber'][0] + ') ' \
+ 'dn: ' + dn
# see if user's home is on this server
if 'sambaHomePath' not in attrs:
print >> sys.stderr, ' *** Error no "sambaHomePath" set for user: ' + attrs['uid'][0]
continue
if attrs['sambaHomePath'][0].lower().find(SERVER_SHORT_NAME.lower()) < 0:
continue
# create user's directory
userDir = os.path.join(SAMBA_HOME, attrs['uid'][0])
if options.verbose:
print ' ensuring user directory exists: ' + userDir
p = subprocess.Popen([ "mkdir", "-p", userDir ]); p.wait()
if p.returncode:
print >> sys.stderr, ' *** Error (re)creating directory: ' + userDir
if options.verbose:
print ' setting ownership and permissions on: ' + userDir
setOwnerGroupPerms(userDir, attrs['uidNumber'][0], 'anonymous', 0500)
# create user's home directory
homeDir = os.path.join(userDir, SAMBA_USER_HOME)
if options.verbose:
print ' ensuring user home directory exists: ' + homeDir
p = subprocess.Popen([ "mkdir", "-p", homeDir ]); p.wait()
if p.returncode:
print >> sys.stderr, ' *** Error (re)creating directory: ' + homeDir
if options.verbose:
print ' setting ownership and permissions on: ' + homeDir
setOwnerGroupPerms(homeDir, attrs['uidNumber'][0], 'anonymous', 02700)
# determine the unique set of workspaces that the user can access
awsNameList = list()
for gnum in belongsTo[ attrs['uid'][0] ]: #groups that user belongs to
if gnum in gnum2awsName:
for awsName in gnum2awsName[gnum]: #workspaces accessible by group
if awsName not in awsNameList:
awsNameList.append(awsName)
# setup the linkFiles to accessible workareas
linkFiles = list()
for awsName in awsNameList:
asName, path = awsName2path[awsName]
serverAttrs = asName2server[asName][1]
serverDir = os.path.join(userDir, serverAttrs['asNickname'][0])
if not os.path.exists(serverDir):
os.mkdir(serverDir)
if options.verbose:
print ' setting ownership and permissions on: ' + serverDir
setOwnerGroupPerms(serverDir, attrs['uidNumber'][0], attrs['gidNumber'][0], 0500)
# write out the linkFile/URL
wsDn, wsAttr = awsName2ws[awsName]
linkFile = os.path.join(serverDir, wsAttr['awsName'][0] + '.url')
if options.verbose:
print ' writing link file: ' + linkFile
with open(linkFile, 'w') as f:
f.write("[InternetShortcut]" + "\r\n")
f.write("URL=file://" + serverAttrs['asFQDN'][0] + "/" + wsAttr['awsName'][0] + "\r\n")
setOwnerGroupPerms(linkFile, attrs['uidNumber'][0], attrs['gidNumber'][0], 0400)
linkFiles.append(linkFile)
# remove links no longer available
if options.verbose:
print ' removing dead/revoked links'
for dirpath, dirnames, filenames in os.walk(userDir):
if dirpath == userDir:
if SAMBA_USER_HOME in dirnames:
dirnames.remove(SAMBA_USER_HOME)
continue
for f in filenames:
if f.endswith('.url'):
linkName = os.path.join(dirpath, f) #reconstruct full linkfile path
if linkName not in linkFiles:
if options.verbose:
print ' removing link ' + linkName
os.unlink(os.path.join(dirpath, f))
# cleanup: if subdir is empty then remove it
if options.verbose:
print ' cleanup links'
for dirpath, dirnames, filenames in os.walk(userDir):
if dirpath == userDir:
if SAMBA_USER_HOME in dirnames:
dirnames.remove(SAMBA_USER_HOME)
continue
if len(dirnames) + len(filenames) == 0:
if options.verbose:
print ' deleting empty server folder: ' + dirpath
os.rmdir(dirpath)
# # setup the static linkFiles
# staticDir = os.path.join(userDir, 'links')
# if not os.path.exists(staticDir):
# os.mkdir(staticDir)
# if options.verbose:
# print ' setting ownership and permissions on: ' + staticDir
# setOwnerGroupPerms(staticDir, attrs['uidNumber'][0], attrs['gidNumber'][0], 0500)
#
# # write out the static linkFile/URL
# linkFile = os.path.join(staticDir, 'changePassword.url')
# if options.verbose:
# print ' writing link file: ' + linkFile
# with open(linkFile, 'w') as f:
# f.write("[InternetShortcut]" + "\r\n")
# f.write("URL=https://dirsrv1peg.yyc.avmaxgroup.com/changePassword.html" + "\r\n")
# setOwnerGroupPerms(linkFile, attrs['uidNumber'][0], attrs['gidNumber'][0], 0400)
#todo: this wont work if specific users were set on cmdline
# accumulate the share definition in a string
smbConf = smbConf + SAMBA_HOME_TEMPLATE.format(
shareName = attrs['uid'][0],
shareComment = 'home directory of ' + attrs['cn'][0],
sharePath = userDir
)
# write out the smb conf for homes
with open(os.path.join(SAMBA_ROOT, SAMBA_HOME_CONF), 'w') as f:
f.write(smbConf)