script para sincronizar servidores com ldap

13 years ago · c0a379fd43
5 changed files with 91 additions and 4 deletions
--- a/sigi/apps/servicos/models.py
+++ b/sigi/apps/servicos/models.py
@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 from django.db import models
 from django.contrib.contenttypes import generic
-from apps.casas.models import CasaLegislativa
+from sigi.apps.casas.models import CasaLegislativa
 from datetime import date
 class Servico(models.Model):
@ -75,4 +75,4 @@ class DominioLeg(models.Model):
    def __unicode__(self):
        return str(self.dominio)
-    
+    
--- a/sigi/apps/servidores/management/init.py
+++ b/sigi/apps/servidores/management/init.py
--- a/sigi/apps/servidores/management/commands/init.py
+++ b/sigi/apps/servidores/management/commands/init.py
--- a/sigi/apps/servidores/management/commands/sync_ldap.py
+++ b/sigi/apps/servidores/management/commands/sync_ldap.py
@ -0,0 +1,85 @@
 # coding= utf-8
 import ldap
 from django.core.management.base import BaseCommand, CommandError
 from django.contrib.auth.models import User, Group
 from sigi.settings import *
 from sigi.apps.servidores.models import Servidor
 class Command(BaseCommand):
    help = 'Sincroniza Usuários e Servidores com o LDAP'
    def handle(self, *args, **options):
        self.sync_groups()
        self.sync_users()
    def get_ldap_groups(self):
        filter = "(&(objectclass=Group))"
        values = ['cn',]
        l = ldap.initialize(AUTH_LDAP_SERVER_URI)
        l.protocol_version = ldap.VERSION3
        l.simple_bind_s(AUTH_LDAP_BIND_DN.encode('utf-8'),AUTH_LDAP_BIND_PASSWORD)
        result_id = l.search(AUTH_LDAP_GROUP, ldap.SCOPE_SUBTREE, filter, values)
        result_type, result_data = l.result(result_id, 1)
        l.unbind()
        return result_data
    def get_ldap_users(self):
        filter = "(&(objectclass=user))"
        values = ['sAMAccountName', 'userPrincipalName', 'givenName', 'sn', 'cn' ]
        l = ldap.initialize(AUTH_LDAP_SERVER_URI)
        l.protocol_version = ldap.VERSION3
        l.simple_bind_s(AUTH_LDAP_BIND_DN.encode('utf-8'),AUTH_LDAP_BIND_PASSWORD)
        result_id = l.search(AUTH_LDAP_USER.encode('utf-8'), ldap.SCOPE_SUBTREE, filter, values)
        result_type, result_data = l.result(result_id, 1)
        l.unbind()
        return result_data
    def sync_groups(self):
        ldap_groups = self.get_ldap_groups()
        for ldap_group in ldap_groups:
            try: group_name = ldap_group[1]['cn'][0]
            except: pass
            else:
                try: group = Group.objects.get(name=group_name)
                except Group.DoesNotExist:
                    group = Group(name=group_name)
                    group.save()
                    print "Group '%s' created." % group_name
        print "Groups are synchronized."
    def sync_users(self):
        ldap_users = self.get_ldap_users()
        for ldap_user in ldap_users:
            try: username = ldap_user[1]['sAMAccountName'][0]
            except: pass
            else:
                try: email = ldap_user[1]['userPrincipalName'][0]
                except: email = ''
                try: first_name = ldap_user[1]['givenName'][0]
                except: first_name = username
                try: last_name = ldap_user[1]['sn'][0]
                except: last_name = ''
                try: user = User.objects.get(username=username)
                except User.DoesNotExist:
                    user = User.objects.create_user(username, email, username)
                    user.first_name = first_name
                    user.last_name = last_name
                    print "User '%s' created." % username
                try: nome_completo = ldap_user[1]['cn'][0]
                except: nome_completo = ''
                try: servidor = Servidor.objects.get(nome_completo=nome_completo)
                except Servidor.DoesNotExist:
                    servidor = user.servidor_set.create(nome_completo=nome_completo)
                    print "Servidor '%s' created." % nome_completo
                else:
                    if not user.email == email.decode('utf8'):
                        user.email = email
                        print "User '%s' email updated." % username
                    if not user.first_name == first_name.decode('utf8'):
                        user.first_name = first_name
                        print "User '%s' first name updated." % username
                    if not user.last_name == last_name.decode('utf8'):
                        user.last_name = last_name
                        print "User '%s' last name updated." % username
                user.save()
        print "Users are synchronized."
--- a/sigi/settings.py
+++ b/sigi/settings.py
@ -61,10 +61,12 @@ ADMIN_MEDIA_PREFIX = '/sigi/admin_media/'
 AUTH_LDAP_SERVER_URI = "ldap://w2k3dc01.interlegis.gov.br"
 AUTH_LDAP_BIND_DN = u"cn=sigi-ldap,ou=Usuários de Sistema,ou=Usuários,ou=Interlegis,dc=interlegis,dc=gov,dc=br"
 AUTH_LDAP_BIND_PASSWORD = "Sigi2609"
-AUTH_LDAP_USER_SEARCH = LDAPSearch(u"ou=SINTER,ou=Usuários,ou=Sede,dc=interlegis,dc=gov,dc=br", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")
+AUTH_LDAP_USER = u"ou=SINTER,ou=Usuários,ou=Sede,dc=interlegis,dc=gov,dc=br"
 AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER, ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")
 # Set up the basic group parameters.
-AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Grupos Organizacionais,ou=Sede,dc=interlegis,dc=gov,dc=br", ldap.SCOPE_SUBTREE, "(objectClass=Group)")
+AUTH_LDAP_GROUP = "ou=Grupos Organizacionais,ou=Sede,dc=interlegis,dc=gov,dc=br"
 AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP, ldap.SCOPE_SUBTREE, "(objectClass=Group)")
 AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
 # Only users in this group can log in.