From c0a379fd438738eab556f2ccf652b8c7eb03ee68 Mon Sep 17 00:00:00 2001 From: Felipe Vieira Date: Tue, 6 Dec 2011 14:45:02 +0000 Subject: [PATCH] script para sincronizar servidores com ldap --- sigi/apps/servicos/models.py | 4 +- sigi/apps/servidores/management/__init__.py | 0 .../management/commands/__init__.py | 0 .../management/commands/sync_ldap.py | 85 +++++++++++++++++++ sigi/settings.py | 6 +- 5 files changed, 91 insertions(+), 4 deletions(-) create mode 100644 sigi/apps/servidores/management/__init__.py create mode 100644 sigi/apps/servidores/management/commands/__init__.py create mode 100644 sigi/apps/servidores/management/commands/sync_ldap.py diff --git a/sigi/apps/servicos/models.py b/sigi/apps/servicos/models.py index 94c5862..706bdb1 100644 --- a/sigi/apps/servicos/models.py +++ b/sigi/apps/servicos/models.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- from django.db import models from django.contrib.contenttypes import generic -from apps.casas.models import CasaLegislativa +from sigi.apps.casas.models import CasaLegislativa from datetime import date class Servico(models.Model): @@ -75,4 +75,4 @@ class DominioLeg(models.Model): def __unicode__(self): return str(self.dominio) - \ No newline at end of file + diff --git a/sigi/apps/servidores/management/__init__.py b/sigi/apps/servidores/management/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/sigi/apps/servidores/management/commands/__init__.py b/sigi/apps/servidores/management/commands/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/sigi/apps/servidores/management/commands/sync_ldap.py b/sigi/apps/servidores/management/commands/sync_ldap.py new file mode 100644 index 0000000..1fc0c95 --- /dev/null +++ b/sigi/apps/servidores/management/commands/sync_ldap.py @@ -0,0 +1,85 @@ +# coding= utf-8 +import ldap +from django.core.management.base import BaseCommand, CommandError +from django.contrib.auth.models import User, Group +from sigi.settings import * +from sigi.apps.servidores.models import Servidor + +class Command(BaseCommand): + help = 'Sincroniza Usuários e Servidores com o LDAP' + + def handle(self, *args, **options): + self.sync_groups() + self.sync_users() + + def get_ldap_groups(self): + filter = "(&(objectclass=Group))" + values = ['cn',] + l = ldap.initialize(AUTH_LDAP_SERVER_URI) + l.protocol_version = ldap.VERSION3 + l.simple_bind_s(AUTH_LDAP_BIND_DN.encode('utf-8'),AUTH_LDAP_BIND_PASSWORD) + result_id = l.search(AUTH_LDAP_GROUP, ldap.SCOPE_SUBTREE, filter, values) + result_type, result_data = l.result(result_id, 1) + l.unbind() + return result_data + + def get_ldap_users(self): + filter = "(&(objectclass=user))" + values = ['sAMAccountName', 'userPrincipalName', 'givenName', 'sn', 'cn' ] + l = ldap.initialize(AUTH_LDAP_SERVER_URI) + l.protocol_version = ldap.VERSION3 + l.simple_bind_s(AUTH_LDAP_BIND_DN.encode('utf-8'),AUTH_LDAP_BIND_PASSWORD) + result_id = l.search(AUTH_LDAP_USER.encode('utf-8'), ldap.SCOPE_SUBTREE, filter, values) + result_type, result_data = l.result(result_id, 1) + l.unbind() + return result_data + + def sync_groups(self): + ldap_groups = self.get_ldap_groups() + for ldap_group in ldap_groups: + try: group_name = ldap_group[1]['cn'][0] + except: pass + else: + try: group = Group.objects.get(name=group_name) + except Group.DoesNotExist: + group = Group(name=group_name) + group.save() + print "Group '%s' created." % group_name + print "Groups are synchronized." + + def sync_users(self): + ldap_users = self.get_ldap_users() + for ldap_user in ldap_users: + try: username = ldap_user[1]['sAMAccountName'][0] + except: pass + else: + try: email = ldap_user[1]['userPrincipalName'][0] + except: email = '' + try: first_name = ldap_user[1]['givenName'][0] + except: first_name = username + try: last_name = ldap_user[1]['sn'][0] + except: last_name = '' + try: user = User.objects.get(username=username) + except User.DoesNotExist: + user = User.objects.create_user(username, email, username) + user.first_name = first_name + user.last_name = last_name + print "User '%s' created." % username + try: nome_completo = ldap_user[1]['cn'][0] + except: nome_completo = '' + try: servidor = Servidor.objects.get(nome_completo=nome_completo) + except Servidor.DoesNotExist: + servidor = user.servidor_set.create(nome_completo=nome_completo) + print "Servidor '%s' created." % nome_completo + else: + if not user.email == email.decode('utf8'): + user.email = email + print "User '%s' email updated." % username + if not user.first_name == first_name.decode('utf8'): + user.first_name = first_name + print "User '%s' first name updated." % username + if not user.last_name == last_name.decode('utf8'): + user.last_name = last_name + print "User '%s' last name updated." % username + user.save() + print "Users are synchronized." diff --git a/sigi/settings.py b/sigi/settings.py index 1cb3c90..bb40469 100644 --- a/sigi/settings.py +++ b/sigi/settings.py @@ -61,10 +61,12 @@ ADMIN_MEDIA_PREFIX = '/sigi/admin_media/' AUTH_LDAP_SERVER_URI = "ldap://w2k3dc01.interlegis.gov.br" AUTH_LDAP_BIND_DN = u"cn=sigi-ldap,ou=Usuários de Sistema,ou=Usuários,ou=Interlegis,dc=interlegis,dc=gov,dc=br" AUTH_LDAP_BIND_PASSWORD = "Sigi2609" -AUTH_LDAP_USER_SEARCH = LDAPSearch(u"ou=SINTER,ou=Usuários,ou=Sede,dc=interlegis,dc=gov,dc=br", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)") +AUTH_LDAP_USER = u"ou=SINTER,ou=Usuários,ou=Sede,dc=interlegis,dc=gov,dc=br" +AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER, ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)") # Set up the basic group parameters. -AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Grupos Organizacionais,ou=Sede,dc=interlegis,dc=gov,dc=br", ldap.SCOPE_SUBTREE, "(objectClass=Group)") +AUTH_LDAP_GROUP = "ou=Grupos Organizacionais,ou=Sede,dc=interlegis,dc=gov,dc=br" +AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP, ldap.SCOPE_SUBTREE, "(objectClass=Group)") AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn") # Only users in this group can log in.