|
|
@ -144,15 +144,22 @@ imp_cl_smcon = cl_utils2.cl_smartcon
|
|
|
|
class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
"""Основной класс для работы с LDAP"""
|
|
|
|
"""Основной класс для работы с LDAP"""
|
|
|
|
def __init__(self, cmdName):
|
|
|
|
def __init__(self, cmdName):
|
|
|
|
|
|
|
|
# минимальное и максимальное значение gid-ов системных групп
|
|
|
|
|
|
|
|
#(Computers, и.т. д)
|
|
|
|
|
|
|
|
self.maxSysGid = 999
|
|
|
|
|
|
|
|
self.minSysGid = 900
|
|
|
|
# объект для форматированного вывода
|
|
|
|
# объект для форматированного вывода
|
|
|
|
imp_cl_help.__init__(self, cmdName)
|
|
|
|
imp_cl_help.__init__(self, cmdName)
|
|
|
|
# Базовый DN всех сервисов относительно базового DN
|
|
|
|
# Базовый DN всех сервисов относительно базового DN
|
|
|
|
self.servicesRelDN = "ou=Services"
|
|
|
|
self.servicesRelDN = "ou=Services"
|
|
|
|
# Базовый DN Samba сервиса относительно DN сервисов
|
|
|
|
# Базовый DN Samba сервиса относительно DN сервисов
|
|
|
|
self.sambaDN = "ou=Samba"
|
|
|
|
self.sambaDN = "ou=Samba"
|
|
|
|
|
|
|
|
# Базовый DN Unix сервиса относительно DN сервисов
|
|
|
|
|
|
|
|
self.unixDN = "ou=Unix"
|
|
|
|
# Базовый DN Samba сервиса относительно базового DN
|
|
|
|
# Базовый DN Samba сервиса относительно базового DN
|
|
|
|
self.sambaRelDN = "%s,%s" %(self.sambaDN, self.servicesRelDN)
|
|
|
|
self.sambaRelDN = "%s,%s" %(self.sambaDN, self.servicesRelDN)
|
|
|
|
|
|
|
|
# Базовый DN Samba сервиса относительно базового DN
|
|
|
|
|
|
|
|
self.unixRelDN = "%s,%s" %(self.unixDN, self.servicesRelDN)
|
|
|
|
# Основная группа пользователей LDAP
|
|
|
|
# Основная группа пользователей LDAP
|
|
|
|
self.nameBaseGroup = "Services"
|
|
|
|
self.nameBaseGroup = "Services"
|
|
|
|
# Алгоритм шифрования пароля для LDAP пользователя
|
|
|
|
# Алгоритм шифрования пароля для LDAP пользователя
|
|
|
@ -225,7 +232,8 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
'helpChapter':_("Common options"),
|
|
|
|
'helpChapter':_("Common options"),
|
|
|
|
'help':_("display this help and exit")
|
|
|
|
'help':_("display this help and exit")
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{'longOption':"help-ldap",
|
|
|
|
{'progAccess':(6,),
|
|
|
|
|
|
|
|
'longOption':"help-ldap",
|
|
|
|
'helpChapter':_("Common options"),
|
|
|
|
'helpChapter':_("Common options"),
|
|
|
|
'help':_("display help options service LDAP")
|
|
|
|
'help':_("display help options service LDAP")
|
|
|
|
},
|
|
|
|
},
|
|
|
@ -288,6 +296,13 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
'helpChapter':_("Service Unix options"),
|
|
|
|
'helpChapter':_("Service Unix options"),
|
|
|
|
'help':_("set the GECOS field for the new user account")
|
|
|
|
'help':_("set the GECOS field for the new user account")
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
{'progAccess':(3,),
|
|
|
|
|
|
|
|
'shortOption':"g",
|
|
|
|
|
|
|
|
'longOption':"gid",
|
|
|
|
|
|
|
|
'optVal':"GROUP",
|
|
|
|
|
|
|
|
'helpChapter':_("Service Samba options"),
|
|
|
|
|
|
|
|
'help':_("force use GROUP for the new user Unix service account")
|
|
|
|
|
|
|
|
},
|
|
|
|
{'progAccess':(3,),
|
|
|
|
{'progAccess':(3,),
|
|
|
|
'shortOption':"w",
|
|
|
|
'shortOption':"w",
|
|
|
|
'helpChapter':_("Service Samba options"),
|
|
|
|
'helpChapter':_("Service Samba options"),
|
|
|
@ -485,7 +500,8 @@ class cl_ldap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
#'help':_("show enviroment values (filter for type, all - no filter)")
|
|
|
|
#'help':_("show enviroment values (filter for type, all - no filter)")
|
|
|
|
#},
|
|
|
|
#},
|
|
|
|
# Services
|
|
|
|
# Services
|
|
|
|
{'helpChapter':_("Services"),
|
|
|
|
{'progAccess':(6,),
|
|
|
|
|
|
|
|
'helpChapter':_("Services"),
|
|
|
|
'help':pcs(" ldap", self.column_width,
|
|
|
|
'help':pcs(" ldap", self.column_width,
|
|
|
|
"ldap " + servName, self.consolewidth-self.column_width)
|
|
|
|
"ldap " + servName, self.consolewidth-self.column_width)
|
|
|
|
},
|
|
|
|
},
|
|
|
@ -878,6 +894,74 @@ LDAP in backup directory")
|
|
|
|
clVars.Write("soft_ldap_setup","yes")
|
|
|
|
clVars.Write("soft_ldap_setup","yes")
|
|
|
|
return True
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def setupUnixServer(self, options):
|
|
|
|
|
|
|
|
"""Начальная настройка LDAP сервиса"""
|
|
|
|
|
|
|
|
# Принудительная установка
|
|
|
|
|
|
|
|
forceOptions = False
|
|
|
|
|
|
|
|
if options.has_key("f"):
|
|
|
|
|
|
|
|
forceOptions = True
|
|
|
|
|
|
|
|
clVars = self.createClVars()
|
|
|
|
|
|
|
|
# прервать если была неудачная попытка установить новые параметры
|
|
|
|
|
|
|
|
# или были опция вывода на печать
|
|
|
|
|
|
|
|
#if not self.processOptionsForDatavars(options,clVars):
|
|
|
|
|
|
|
|
#return ""
|
|
|
|
|
|
|
|
# В случае если сервер установлен
|
|
|
|
|
|
|
|
if clVars.Get("soft_unix_setup") == "yes" and\
|
|
|
|
|
|
|
|
not forceOptions:
|
|
|
|
|
|
|
|
self.printWARNING (_("WARNING") + ": " +\
|
|
|
|
|
|
|
|
_("Unix service is configured")+ ".")
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
if not clVars.Get("soft_ldap_setup") == "yes":
|
|
|
|
|
|
|
|
self.printERROR(_("Service LDAP not setup ..."))
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
# Проверим запущен ли ldap
|
|
|
|
|
|
|
|
if not self.getRunService("ldap"):
|
|
|
|
|
|
|
|
self.printWARNING (_("WARNING") + ": " +\
|
|
|
|
|
|
|
|
_("The LDAP service is not running") + ".")
|
|
|
|
|
|
|
|
print "1. " +_("Start the LDAP service")
|
|
|
|
|
|
|
|
print " /etc/init.d/slapd start"
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
#self.setParamIniFile("setup_LDAP","no")
|
|
|
|
|
|
|
|
clVars.Write("soft_unix_setup","no")
|
|
|
|
|
|
|
|
# Для тестовых целей устанавливаем директорию инсталяции
|
|
|
|
|
|
|
|
#clVars.Set("setup_path_install","/tmp/test1/")
|
|
|
|
|
|
|
|
# Cоздаем объект профиль устанавливая директорию ldap для
|
|
|
|
|
|
|
|
# файлов профилей
|
|
|
|
|
|
|
|
clProf = cl_profile.profile(clVars,"unix")
|
|
|
|
|
|
|
|
# Объединяем профили
|
|
|
|
|
|
|
|
clProf.applyProfiles()
|
|
|
|
|
|
|
|
# Удаляем предыдущую ветку сервиса Unix
|
|
|
|
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
|
|
|
|
if not ldapObj:
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
servicesDN = "%s,%s" % (self.servicesRelDN,\
|
|
|
|
|
|
|
|
clVars.Get("soft_ldap_base"))
|
|
|
|
|
|
|
|
resSearch = ldapObj.ldapSearch(servicesDN, ldap.SCOPE_ONELEVEL,
|
|
|
|
|
|
|
|
self.unixDN, [''])
|
|
|
|
|
|
|
|
ret = True
|
|
|
|
|
|
|
|
if resSearch:
|
|
|
|
|
|
|
|
delDN = "%s,%s" %(self.unixDN, servicesDN)
|
|
|
|
|
|
|
|
ret = self.deleteDN(delDN, ldapObj)
|
|
|
|
|
|
|
|
if ret:
|
|
|
|
|
|
|
|
self.printOK(_("Remove Unix DN in LDAP Database ..."))
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
self.printERROR(_("Not remove Unix DN in LDAP Database ..."))
|
|
|
|
|
|
|
|
if not ret:
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
ldifFile = "/usr/lib/calculate/calculate-server/ldif/unix_base.ldif"
|
|
|
|
|
|
|
|
baseLdif = self.createLdif(ldifFile, clVars)
|
|
|
|
|
|
|
|
#print baseLdif
|
|
|
|
|
|
|
|
#clVars.printVars()
|
|
|
|
|
|
|
|
if not ldapObj.getError():
|
|
|
|
|
|
|
|
ldapObj.ldapAdd(baseLdif)
|
|
|
|
|
|
|
|
if ldapObj.getError():
|
|
|
|
|
|
|
|
print _("LDAP Error") + ": " + ldapObj.getError()
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
self.printOK(_("Add ldif file ..."))
|
|
|
|
|
|
|
|
clVars.Write("soft_unix_setup","yes")
|
|
|
|
|
|
|
|
self.printOK(_("Unix service configured ..."))
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
def setupSambaServer(self, options):
|
|
|
|
def setupSambaServer(self, options):
|
|
|
|
"""Начальная настройка Samba сервиса"""
|
|
|
|
"""Начальная настройка Samba сервиса"""
|
|
|
|
# Принудительная установка
|
|
|
|
# Принудительная установка
|
|
|
@ -889,9 +973,10 @@ LDAP in backup directory")
|
|
|
|
# или были опция вывода на печать
|
|
|
|
# или были опция вывода на печать
|
|
|
|
#if not self.processOptionsForDatavars(options,clVars):
|
|
|
|
#if not self.processOptionsForDatavars(options,clVars):
|
|
|
|
#return ""
|
|
|
|
#return ""
|
|
|
|
if clVars.Get("soft_ldap_setup") != "yes":
|
|
|
|
if clVars.Get("soft_unix_setup") != "yes":
|
|
|
|
self.printERROR (_("ERROR") + ": " +\
|
|
|
|
self.printERROR (_("ERROR") + ": " +\
|
|
|
|
_("LDAP server is not configured")+ ".")
|
|
|
|
_("LDAP server is not configured")+ ".")
|
|
|
|
|
|
|
|
self.printWARNING(_("Not setup service Unix"))
|
|
|
|
return False
|
|
|
|
return False
|
|
|
|
# В случае если сервер установлен
|
|
|
|
# В случае если сервер установлен
|
|
|
|
if clVars.Get("soft_samba_setup") == "yes" and\
|
|
|
|
if clVars.Get("soft_samba_setup") == "yes" and\
|
|
|
@ -959,7 +1044,7 @@ Samba in backup directory")
|
|
|
|
if ret:
|
|
|
|
if ret:
|
|
|
|
self.printOK(_("Remove Samba DN in LDAP Database ..."))
|
|
|
|
self.printOK(_("Remove Samba DN in LDAP Database ..."))
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
self.printERROR(_("Remove Samba DN in LDAP Database ..."))
|
|
|
|
self.printERROR(_("Not remove Samba DN in LDAP Database ..."))
|
|
|
|
if not ret:
|
|
|
|
if not ret:
|
|
|
|
return False
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
@ -1032,7 +1117,8 @@ Samba in backup directory")
|
|
|
|
return False
|
|
|
|
return False
|
|
|
|
machineLogin = machineName.replace('$','') + "$"
|
|
|
|
machineLogin = machineName.replace('$','') + "$"
|
|
|
|
groupName = clVars.Get('soft_ldap_machine_group_name')
|
|
|
|
groupName = clVars.Get('soft_ldap_machine_group_name')
|
|
|
|
groupId = clVars.Get('soft_ldap_machine_gid')
|
|
|
|
# Находим следующий номер в диапазоне системных групп
|
|
|
|
|
|
|
|
groupId = str(self.getMaxGidSystem(ldapObj, clVars))
|
|
|
|
if not self.searchLdapGroupName(groupName, ldapObj, clVars):
|
|
|
|
if not self.searchLdapGroupName(groupName, ldapObj, clVars):
|
|
|
|
res = self.searchLdapGid(groupId, ldapObj, clVars)
|
|
|
|
res = self.searchLdapGid(groupId, ldapObj, clVars)
|
|
|
|
maxGid = self.getUidMax()
|
|
|
|
maxGid = self.getUidMax()
|
|
|
@ -1050,19 +1136,13 @@ Samba in backup directory")
|
|
|
|
_("not foung free GID in ldap") + userGid)
|
|
|
|
_("not foung free GID in ldap") + userGid)
|
|
|
|
return False
|
|
|
|
return False
|
|
|
|
groupId = str(numberGid)
|
|
|
|
groupId = str(numberGid)
|
|
|
|
clVars.Write('soft_ldap_machine_gid', groupId)
|
|
|
|
|
|
|
|
options = {'g':groupId,'c':'Computer group'}
|
|
|
|
options = {'g':groupId,'c':'Computer group'}
|
|
|
|
if not self.addGroupLdapServer(groupName, options, clVars):
|
|
|
|
if not self.addGroupLdapServer(groupName, options, clVars):
|
|
|
|
return False
|
|
|
|
return False
|
|
|
|
clVars.Set('soft_ldap_machine_login',machineLogin)
|
|
|
|
clVars.Set('soft_ldap_machine_login',machineLogin)
|
|
|
|
# Находим последний добавленный id компьютера
|
|
|
|
# Находим последний добавленный id
|
|
|
|
maxIdMachine = self.getMaxUidLdap(ldapObj, clVars, "ou=Computers")
|
|
|
|
userIdNumber = str(self.getMaxUid(ldapObj, clVars))
|
|
|
|
idMachineStart = int(clVars.Get('soft_ldap_machine_id'))
|
|
|
|
clVars.Set('soft_ldap_machine_id',userIdNumber)
|
|
|
|
if maxIdMachine:
|
|
|
|
|
|
|
|
userIdNumber = maxIdMachine + 1
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
userIdNumber = idMachineStart
|
|
|
|
|
|
|
|
clVars.Set('soft_ldap_machine_id',str(userIdNumber))
|
|
|
|
|
|
|
|
clVars.Set('soft_ldap_machine_gid',groupId)
|
|
|
|
clVars.Set('soft_ldap_machine_gid',groupId)
|
|
|
|
ldifFile="/usr/lib/calculate/calculate-server/ldif/samba_machine.ldif"
|
|
|
|
ldifFile="/usr/lib/calculate/calculate-server/ldif/samba_machine.ldif"
|
|
|
|
userLdif = self.createLdif(ldifFile, clVars)
|
|
|
|
userLdif = self.createLdif(ldifFile, clVars)
|
|
|
@ -1084,7 +1164,8 @@ Samba in backup directory")
|
|
|
|
modAttrs = [(ldap.MOD_DELETE, 'memberUid', userName)]
|
|
|
|
modAttrs = [(ldap.MOD_DELETE, 'memberUid', userName)]
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
ldapObj.conLdap.modify_s("cn=%s,%s,%s"\
|
|
|
|
ldapObj.conLdap.modify_s("cn=%s,%s,%s"\
|
|
|
|
%(groupName,"ou=Groups",clVars.Get("soft_ldap_base")),
|
|
|
|
%(groupName,"ou=Groups",
|
|
|
|
|
|
|
|
self.unixRelDN,clVars.Get("soft_ldap_base")),
|
|
|
|
modAttrs)
|
|
|
|
modAttrs)
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
self.printERROR(e[0]['desc'])
|
|
|
|
self.printERROR(e[0]['desc'])
|
|
|
@ -1142,7 +1223,7 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def delUserLdapServer(self, userName, options, clVars=False,
|
|
|
|
def delUserLdapServer(self, userName, options, clVars=False,
|
|
|
|
orgUnit="ou=Users"):
|
|
|
|
orgUnit="ou=Users,ou=Unix,ou=Services"):
|
|
|
|
"""Удаляем LDAP пользователя"""
|
|
|
|
"""Удаляем LDAP пользователя"""
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
|
ldapObj = self.getLdapObjInFile()
|
|
|
@ -1350,11 +1431,11 @@ Samba in backup directory")
|
|
|
|
if resLdap:
|
|
|
|
if resLdap:
|
|
|
|
userGid = resLdap[0][0][1]['gidNumber'][0]
|
|
|
|
userGid = resLdap[0][0][1]['gidNumber'][0]
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
if not self.addGroupLdapServer(self.nameBaseGroup,{},clVars):
|
|
|
|
if not self.addGroupLdapServer(userName,{},clVars):
|
|
|
|
return False
|
|
|
|
return False
|
|
|
|
clVars.Set("soft_ldap_user_gid",userGid)
|
|
|
|
clVars.Set("soft_ldap_user_gid",userGid)
|
|
|
|
|
|
|
|
|
|
|
|
ldifFile = "/usr/lib/calculate/calculate-server/ldif/ldap_user.ldif"
|
|
|
|
ldifFile = "/usr/lib/calculate/calculate-server/ldif/unix_user.ldif"
|
|
|
|
userLdif = self.createLdif(ldifFile, clVars)
|
|
|
|
userLdif = self.createLdif(ldifFile, clVars)
|
|
|
|
#ldifFile1 = \
|
|
|
|
#ldifFile1 = \
|
|
|
|
#"/usr/lib/calculate/calculate-server/ldif/ldap_account.ldif"
|
|
|
|
#"/usr/lib/calculate/calculate-server/ldif/ldap_account.ldif"
|
|
|
@ -1422,8 +1503,10 @@ Samba in backup directory")
|
|
|
|
modAttrs.append((ldap.MOD_ADD, 'memberUid', userName))
|
|
|
|
modAttrs.append((ldap.MOD_ADD, 'memberUid', userName))
|
|
|
|
if modAttrs:
|
|
|
|
if modAttrs:
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
ldapObj.conLdap.modify_s("cn=%s,ou=Groups,%s"\
|
|
|
|
ldapObj.conLdap.modify_s("cn=%s,ou=Groups,%s,%s"\
|
|
|
|
%(groupName,clVars.Get("soft_ldap_base")), modAttrs)
|
|
|
|
%(groupName,
|
|
|
|
|
|
|
|
self.unixRelDN,
|
|
|
|
|
|
|
|
clVars.Get("soft_ldap_base")), modAttrs)
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
self.printERROR(e[0]['desc'])
|
|
|
|
self.printERROR(e[0]['desc'])
|
|
|
|
return False
|
|
|
|
return False
|
|
|
@ -1478,7 +1561,7 @@ Samba in backup directory")
|
|
|
|
gecos = options['c']
|
|
|
|
gecos = options['c']
|
|
|
|
clVars.Set("soft_ldap_group_desc",gecos)
|
|
|
|
clVars.Set("soft_ldap_group_desc",gecos)
|
|
|
|
|
|
|
|
|
|
|
|
ldifFile = "/usr/lib/calculate/calculate-server/ldif/ldap_group.ldif"
|
|
|
|
ldifFile = "/usr/lib/calculate/calculate-server/ldif/unix_group.ldif"
|
|
|
|
userLdif = self.createLdif(ldifFile, clVars)
|
|
|
|
userLdif = self.createLdif(ldifFile, clVars)
|
|
|
|
if not userLdif:
|
|
|
|
if not userLdif:
|
|
|
|
print self.getError()
|
|
|
|
print self.getError()
|
|
|
@ -1495,7 +1578,7 @@ Samba in backup directory")
|
|
|
|
return True
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
def delGroupLdapServer(self, groupName, options, clVars=False,
|
|
|
|
def delGroupLdapServer(self, groupName, options, clVars=False,
|
|
|
|
orgUnit="ou=Groups"):
|
|
|
|
orgUnit="ou=Groups,ou=Unix,ou=Services"):
|
|
|
|
"""Удаляет группу пользователей LDAP"""
|
|
|
|
"""Удаляет группу пользователей LDAP"""
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
clVars = self.createClVars(clVars)
|
|
|
|
|
|
|
|
|
|
|
@ -1510,8 +1593,8 @@ Samba in backup directory")
|
|
|
|
return False
|
|
|
|
return False
|
|
|
|
groupId = res[0][0][1]['gidNumber'][0]
|
|
|
|
groupId = res[0][0][1]['gidNumber'][0]
|
|
|
|
if self.searchLdapUserPrimGroup(groupId, ldapObj, clVars):
|
|
|
|
if self.searchLdapUserPrimGroup(groupId, ldapObj, clVars):
|
|
|
|
self.printERROR(_("cannot remove user's primary group") + ".")
|
|
|
|
self.printWARNING(_("cannot remove user's primary group") + ".")
|
|
|
|
return False
|
|
|
|
return True
|
|
|
|
deleteDN = "cn=%s,%s,%s"\
|
|
|
|
deleteDN = "cn=%s,%s,%s"\
|
|
|
|
%(groupName,orgUnit,clVars.Get("soft_ldap_base"))
|
|
|
|
%(groupName,orgUnit,clVars.Get("soft_ldap_base"))
|
|
|
|
# Удаление группы
|
|
|
|
# Удаление группы
|
|
|
@ -1525,7 +1608,8 @@ Samba in backup directory")
|
|
|
|
return True
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def searchLdapUser(self, userName, ldapObj, clVars, orgUnit="ou=Users"):
|
|
|
|
def searchLdapUser(self, userName, ldapObj, clVars,
|
|
|
|
|
|
|
|
orgUnit="ou=Users,ou=Unix,ou=Services"):
|
|
|
|
"""Находит пользователя сервиса LDAP"""
|
|
|
|
"""Находит пользователя сервиса LDAP"""
|
|
|
|
baseDN = "%s,%s"%(orgUnit,clVars.Get("soft_ldap_base"))
|
|
|
|
baseDN = "%s,%s"%(orgUnit,clVars.Get("soft_ldap_base"))
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
@ -1538,7 +1622,8 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
|
|
def searchLdapUserPrimGroup(self, groupId, ldapObj, clVars):
|
|
|
|
def searchLdapUserPrimGroup(self, groupId, ldapObj, clVars):
|
|
|
|
"""Находит пользователей с первичной группой groupId"""
|
|
|
|
"""Находит пользователей с первичной группой groupId"""
|
|
|
|
baseDN = "%s,%s"%("ou=Users",clVars.Get("soft_ldap_base"))
|
|
|
|
baseDN = "%s,%s,%s"%("ou=Users",self.unixRelDN,
|
|
|
|
|
|
|
|
clVars.Get("soft_ldap_base"))
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchFilter = "gidNumber=%s" %(groupId)
|
|
|
|
searchFilter = "gidNumber=%s" %(groupId)
|
|
|
@ -1582,8 +1667,8 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
|
|
def searchUidLdap(self, userId, ldapObj, clVars):
|
|
|
|
def searchUidLdap(self, userId, ldapObj, clVars):
|
|
|
|
"""Находит пользователя по его идентефикатору из LDAP"""
|
|
|
|
"""Находит пользователя по его идентефикатору из LDAP"""
|
|
|
|
baseDN = "ou=Users,%s"\
|
|
|
|
baseDN = "ou=Users,%s,%s"\
|
|
|
|
% clVars.Get("soft_ldap_base")
|
|
|
|
% (self.unixRelDN,clVars.Get("soft_ldap_base"))
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchFilter = "uid=*"
|
|
|
|
searchFilter = "uid=*"
|
|
|
@ -1603,8 +1688,8 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
|
|
def searchLdapGroupName(self, groupName, ldapObj, clVars):
|
|
|
|
def searchLdapGroupName(self, groupName, ldapObj, clVars):
|
|
|
|
"""Находит группу сервиса LDAP по её имени"""
|
|
|
|
"""Находит группу сервиса LDAP по её имени"""
|
|
|
|
baseDN = "ou=Groups,%s"\
|
|
|
|
baseDN = "ou=Groups,%s,%s"\
|
|
|
|
% clVars.Get("soft_ldap_base")
|
|
|
|
% (self.unixRelDN,clVars.Get("soft_ldap_base"))
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchFilter = "cn=%s" %(groupName)
|
|
|
|
searchFilter = "cn=%s" %(groupName)
|
|
|
@ -1656,8 +1741,8 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
|
|
def searchLdapGid(self, groupId, ldapObj, clVars):
|
|
|
|
def searchLdapGid(self, groupId, ldapObj, clVars):
|
|
|
|
"""Находит группу сервиса LDAP по ёе id"""
|
|
|
|
"""Находит группу сервиса LDAP по ёе id"""
|
|
|
|
baseDN = "ou=Groups,%s"\
|
|
|
|
baseDN = "ou=Groups,%s,%s"\
|
|
|
|
% clVars.Get("soft_ldap_base")
|
|
|
|
%(self.unixRelDN,clVars.Get("soft_ldap_base"))
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchFilter = "gidNumber=%s" %(str(groupId))
|
|
|
|
searchFilter = "gidNumber=%s" %(str(groupId))
|
|
|
@ -1668,8 +1753,8 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
|
|
def searchLdapMemberGid(self, userName, ldapObj, clVars):
|
|
|
|
def searchLdapMemberGid(self, userName, ldapObj, clVars):
|
|
|
|
"""Находит группу сервиса LDAP по ёе id"""
|
|
|
|
"""Находит группу сервиса LDAP по ёе id"""
|
|
|
|
baseDN = "ou=Groups,%s"\
|
|
|
|
baseDN = "ou=Groups,%s,%s"\
|
|
|
|
% clVars.Get("soft_ldap_base")
|
|
|
|
% (self.unixRelDN,clVars.Get("soft_ldap_base"))
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchFilter = "memberUid=%s" %(userName)
|
|
|
|
searchFilter = "memberUid=%s" %(userName)
|
|
|
@ -1970,10 +2055,59 @@ Samba in backup directory")
|
|
|
|
return max(gids)
|
|
|
|
return max(gids)
|
|
|
|
return False
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def getMaxGidGroupSystem(self):
|
|
|
|
|
|
|
|
"""Получаем максимальный добавленный gid из /etc/group
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
системной группы
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
fileGroup = "/etc/group"
|
|
|
|
|
|
|
|
gidMax = self.maxSysGid
|
|
|
|
|
|
|
|
gidMin = self.minSysGid
|
|
|
|
|
|
|
|
gids = []
|
|
|
|
|
|
|
|
gids.append(0)
|
|
|
|
|
|
|
|
if os.path.exists(fileGroup):
|
|
|
|
|
|
|
|
FD = open(fileGroup)
|
|
|
|
|
|
|
|
lines = FD.readlines()
|
|
|
|
|
|
|
|
FD.close()
|
|
|
|
|
|
|
|
for line in lines:
|
|
|
|
|
|
|
|
gid = int(line.split(":")[2])
|
|
|
|
|
|
|
|
if gid<=gidMax and gid>=gidMin:
|
|
|
|
|
|
|
|
gids.append(gid)
|
|
|
|
|
|
|
|
return max(gids)
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def getMaxGidLdapSystem(self, ldapObj, clVars):
|
|
|
|
|
|
|
|
"""Находит максимальный добавленный gid в LDAP системной группы"""
|
|
|
|
|
|
|
|
baseDN = "ou=Groups,%s,%s"\
|
|
|
|
|
|
|
|
%(self.unixRelDN,clVars.Get("soft_ldap_base"))
|
|
|
|
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
|
|
|
|
searchFilter = "cn=*"
|
|
|
|
|
|
|
|
retrieveAttributes = None
|
|
|
|
|
|
|
|
resSearch = ldapObj.ldapSearch(baseDN, searchScope,
|
|
|
|
|
|
|
|
searchFilter, retrieveAttributes)
|
|
|
|
|
|
|
|
gidMax = self.maxSysGid
|
|
|
|
|
|
|
|
gidMin = self.minSysGid
|
|
|
|
|
|
|
|
gids = []
|
|
|
|
|
|
|
|
gids.append(0)
|
|
|
|
|
|
|
|
if resSearch:
|
|
|
|
|
|
|
|
for scope in resSearch:
|
|
|
|
|
|
|
|
if scope[0][1].has_key('gidNumber'):
|
|
|
|
|
|
|
|
# Пропускаем группы компьютеров
|
|
|
|
|
|
|
|
if scope[0][1].has_key('description') and\
|
|
|
|
|
|
|
|
scope[0][1]['description'][0] == "Computer group" and\
|
|
|
|
|
|
|
|
scope[0][1]['description'][0] == "Service group":
|
|
|
|
|
|
|
|
continue
|
|
|
|
|
|
|
|
gid = int(scope[0][1]['gidNumber'][0])
|
|
|
|
|
|
|
|
if gid<=gidMax and gid>=gidMin:
|
|
|
|
|
|
|
|
gids.append(gid)
|
|
|
|
|
|
|
|
return max(gids)
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
def getMaxGidLdap(self, ldapObj, clVars):
|
|
|
|
def getMaxGidLdap(self, ldapObj, clVars):
|
|
|
|
"""Находит максимальный добавленный gid в LDAP"""
|
|
|
|
"""Находит максимальный добавленный gid в LDAP"""
|
|
|
|
baseDN = "ou=Groups,%s"\
|
|
|
|
baseDN = "ou=Groups,%s,%s"\
|
|
|
|
% clVars.Get("soft_ldap_base")
|
|
|
|
%(self.unixRelDN,clVars.Get("soft_ldap_base"))
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
#searchScope = ldap.SCOPE_SUBTREE
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchScope = ldap.SCOPE_ONELEVEL
|
|
|
|
searchFilter = "cn=*"
|
|
|
|
searchFilter = "cn=*"
|
|
|
@ -2013,7 +2147,8 @@ Samba in backup directory")
|
|
|
|
return False
|
|
|
|
return False
|
|
|
|
return ldapObj
|
|
|
|
return ldapObj
|
|
|
|
|
|
|
|
|
|
|
|
def getMaxUidLdap(self, ldapObj, clVars, orgUnit="ou=Users"):
|
|
|
|
def getMaxUidLdap(self, ldapObj, clVars,
|
|
|
|
|
|
|
|
orgUnit="ou=Users,ou=Unix,ou=Services"):
|
|
|
|
"""Находит максимальный добавленный id в LDAP"""
|
|
|
|
"""Находит максимальный добавленный id в LDAP"""
|
|
|
|
baseDN = "%s,%s"\
|
|
|
|
baseDN = "%s,%s"\
|
|
|
|
% (orgUnit,clVars.Get("soft_ldap_base"))
|
|
|
|
% (orgUnit,clVars.Get("soft_ldap_base"))
|
|
|
@ -2041,12 +2176,13 @@ Samba in backup directory")
|
|
|
|
"""Находит максимальный id +1"""
|
|
|
|
"""Находит максимальный id +1"""
|
|
|
|
uidMax = self.getUidMax()
|
|
|
|
uidMax = self.getUidMax()
|
|
|
|
uidMin = self.getUidMin()
|
|
|
|
uidMin = self.getUidMin()
|
|
|
|
|
|
|
|
# Ветка компьютеры
|
|
|
|
|
|
|
|
uidMaxLdapComp = self.getMaxUidLdap(ldapObj, clVars,
|
|
|
|
|
|
|
|
"ou=Computers,%s" %self.sambaRelDN)
|
|
|
|
uidMaxLdap = self.getMaxUidLdap(ldapObj, clVars)
|
|
|
|
uidMaxLdap = self.getMaxUidLdap(ldapObj, clVars)
|
|
|
|
uidMaxPasswd = self.getMaxUidPasswd()
|
|
|
|
uidMaxPasswd = self.getMaxUidPasswd()
|
|
|
|
if uidMaxLdap > uidMaxPasswd:
|
|
|
|
listUid = [uidMaxLdapComp, uidMaxLdap, uidMaxPasswd]
|
|
|
|
uidMax = uidMaxLdap
|
|
|
|
uidMax = max(listUid)
|
|
|
|
else:
|
|
|
|
|
|
|
|
uidMax = uidMaxPasswd
|
|
|
|
|
|
|
|
if uidMax == 0:
|
|
|
|
if uidMax == 0:
|
|
|
|
return uidMin
|
|
|
|
return uidMin
|
|
|
|
else:
|
|
|
|
else:
|
|
|
@ -2067,6 +2203,21 @@ Samba in backup directory")
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
return gidMax+1
|
|
|
|
return gidMax+1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def getMaxGidSystem(self, ldapObj, clVars):
|
|
|
|
|
|
|
|
"""Находит максимальный gid +1 системной группы"""
|
|
|
|
|
|
|
|
gidMax = self.maxSysGid
|
|
|
|
|
|
|
|
gidMin = self.minSysGid
|
|
|
|
|
|
|
|
gidMaxLdap = self.getMaxGidLdapSystem(ldapObj, clVars)
|
|
|
|
|
|
|
|
gidMaxGroup = self.getMaxGidGroupSystem()
|
|
|
|
|
|
|
|
if gidMaxLdap > gidMaxGroup:
|
|
|
|
|
|
|
|
gidMax = gidMaxLdap
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
gidMax = gidMaxGroup
|
|
|
|
|
|
|
|
if gidMax == 0:
|
|
|
|
|
|
|
|
return gidMin
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
return gidMax+1
|
|
|
|
|
|
|
|
|
|
|
|
def delUserGroupLdap(self, users, groupName, ldapObj, clVars):
|
|
|
|
def delUserGroupLdap(self, users, groupName, ldapObj, clVars):
|
|
|
|
"""Удаление пользователей из списка из группы LDAP"""
|
|
|
|
"""Удаление пользователей из списка из группы LDAP"""
|
|
|
|
res = self.searchLdapGroupName(groupName, ldapObj, clVars)
|
|
|
|
res = self.searchLdapGroupName(groupName, ldapObj, clVars)
|
|
|
@ -2091,8 +2242,10 @@ Samba in backup directory")
|
|
|
|
for userName in users:
|
|
|
|
for userName in users:
|
|
|
|
modAttrs.append((ldap.MOD_DELETE, 'memberUid', userName))
|
|
|
|
modAttrs.append((ldap.MOD_DELETE, 'memberUid', userName))
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
ldapObj.conLdap.modify_s("cn=%s,%s,%s"\
|
|
|
|
ldapObj.conLdap.modify_s("cn=%s,%s,%s,%s"\
|
|
|
|
%(groupName,"ou=Groups",clVars.Get("soft_ldap_base")),
|
|
|
|
%(groupName,"ou=Groups",
|
|
|
|
|
|
|
|
self.unixRelDN,
|
|
|
|
|
|
|
|
clVars.Get("soft_ldap_base")),
|
|
|
|
modAttrs)
|
|
|
|
modAttrs)
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
self.printERROR(e[0]['desc'])
|
|
|
|
self.printERROR(e[0]['desc'])
|
|
|
@ -2105,8 +2258,10 @@ Samba in backup directory")
|
|
|
|
date = int(time.time()/86400)
|
|
|
|
date = int(time.time()/86400)
|
|
|
|
modAttrs = [(ldap.MOD_REPLACE, 'shadowLastChange', str(date))]
|
|
|
|
modAttrs = [(ldap.MOD_REPLACE, 'shadowLastChange', str(date))]
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
ldapObj.conLdap.modify_s("uid=%s,%s,%s"\
|
|
|
|
ldapObj.conLdap.modify_s("uid=%s,%s,%s,%s"\
|
|
|
|
%(userName,"ou=Users",clVars.Get("soft_ldap_base")),
|
|
|
|
%(userName,"ou=Users",
|
|
|
|
|
|
|
|
self.unixRelDN,
|
|
|
|
|
|
|
|
clVars.Get("soft_ldap_base")),
|
|
|
|
modAttrs)
|
|
|
|
modAttrs)
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
self.printERROR(_("Not modify shadowLastChange attribute"))
|
|
|
|
self.printERROR(_("Not modify shadowLastChange attribute"))
|
|
|
@ -2299,8 +2454,10 @@ Samba in backup directory")
|
|
|
|
userPwdHash))
|
|
|
|
userPwdHash))
|
|
|
|
if modAttrs:
|
|
|
|
if modAttrs:
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
ldapObj.conLdap.modify_s("uid=%s,%s,%s"\
|
|
|
|
ldapObj.conLdap.modify_s("uid=%s,%s,%s,%s"\
|
|
|
|
%(userName,"ou=Users",clVars.Get("soft_ldap_base")),
|
|
|
|
%(userName,"ou=Users",
|
|
|
|
|
|
|
|
self.unixRelDN,
|
|
|
|
|
|
|
|
clVars.Get("soft_ldap_base")),
|
|
|
|
modAttrs)
|
|
|
|
modAttrs)
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
self.printERROR(e[0]['desc'])
|
|
|
|
self.printERROR(e[0]['desc'])
|
|
|
@ -2382,8 +2539,10 @@ Samba in backup directory")
|
|
|
|
|
|
|
|
|
|
|
|
if modAttrs:
|
|
|
|
if modAttrs:
|
|
|
|
try:
|
|
|
|
try:
|
|
|
|
ldapObj.conLdap.modify_s("uid=%s,%s,%s"\
|
|
|
|
ldapObj.conLdap.modify_s("uid=%s,%s,%s,%s"\
|
|
|
|
%(userName,"ou=Users",clVars.Get("soft_ldap_base")),
|
|
|
|
%(userName,"ou=Users",
|
|
|
|
|
|
|
|
self.unixRelDN,
|
|
|
|
|
|
|
|
clVars.Get("soft_ldap_base")),
|
|
|
|
modAttrs)
|
|
|
|
modAttrs)
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
except ldap.LDAPError, e:
|
|
|
|
self.printERROR(e[0]['desc'])
|
|
|
|
self.printERROR(e[0]['desc'])
|
|
|
@ -2445,16 +2604,16 @@ Samba in backup directory")
|
|
|
|
# Добавим пользователя LDAP
|
|
|
|
# Добавим пользователя LDAP
|
|
|
|
userPwd = self.addUserLdapServer(userName, options,
|
|
|
|
userPwd = self.addUserLdapServer(userName, options,
|
|
|
|
clVars, 'passwd', pwDialog)
|
|
|
|
clVars, 'passwd', pwDialog)
|
|
|
|
if not userPwd:
|
|
|
|
#if not userPwd:
|
|
|
|
return False
|
|
|
|
#return False
|
|
|
|
else:
|
|
|
|
#else:
|
|
|
|
pwdA = getpass.getpass(pwDialog[0]+":")
|
|
|
|
pwdA = getpass.getpass(pwDialog[0]+":")
|
|
|
|
pwdB = getpass.getpass(pwDialog[1]+":")
|
|
|
|
pwdB = getpass.getpass(pwDialog[1]+":")
|
|
|
|
if not (pwdA == pwdB):
|
|
|
|
if not (pwdA == pwdB):
|
|
|
|
self.printERROR (_("ERROR") + ": " +\
|
|
|
|
self.printERROR (_("ERROR") + ": " +\
|
|
|
|
_("password incorrect")+ ": " + _("try again"))
|
|
|
|
_("password incorrect")+ ": " + _("try again"))
|
|
|
|
return False
|
|
|
|
return False
|
|
|
|
userPwd = pwdA
|
|
|
|
userPwd = pwdA
|
|
|
|
textLine = self.execProg("smbpasswd -a -s %s" %(userName),
|
|
|
|
textLine = self.execProg("smbpasswd -a -s %s" %(userName),
|
|
|
|
"%s\n%s\n" %(userPwd,userPwd))
|
|
|
|
"%s\n%s\n" %(userPwd,userPwd))
|
|
|
|
if "Added" in str(textLine):
|
|
|
|
if "Added" in str(textLine):
|
|
|
@ -2471,14 +2630,9 @@ class tsOpt:
|
|
|
|
shortOpt = obj.getAllOpt('short', obj.relOptions['h'])
|
|
|
|
shortOpt = obj.getAllOpt('short', obj.relOptions['h'])
|
|
|
|
longOpt = obj.getAllOpt('long', obj.relOptions['h'])
|
|
|
|
longOpt = obj.getAllOpt('long', obj.relOptions['h'])
|
|
|
|
if service in obj.allServ:
|
|
|
|
if service in obj.allServ:
|
|
|
|
if service == "ldap":
|
|
|
|
obj.clearAllOpt()
|
|
|
|
obj.clearAllOpt()
|
|
|
|
shortOpt = obj.getAllOpt('short',obj.relServices[service])
|
|
|
|
shortOpt = obj.getAllOpt('short', obj.relServices['ldap'])
|
|
|
|
longOpt = obj.getAllOpt('long', obj.relServices[service])
|
|
|
|
longOpt = obj.getAllOpt('long', obj.relServices['ldap'])
|
|
|
|
|
|
|
|
elif service == "samba":
|
|
|
|
|
|
|
|
obj.clearAllOpt()
|
|
|
|
|
|
|
|
shortOpt = obj.getAllOpt('short', obj.relServices['samba'])
|
|
|
|
|
|
|
|
longOpt = obj.getAllOpt('long', obj.relServices['samba'])
|
|
|
|
|
|
|
|
optObj = cl_base.opt(shortOpt, longOpt)
|
|
|
|
optObj = cl_base.opt(shortOpt, longOpt)
|
|
|
|
optObj.sysArgv = sys.argv[1:]
|
|
|
|
optObj.sysArgv = sys.argv[1:]
|
|
|
|
optObj.obj = obj
|
|
|
|
optObj.obj = obj
|
|
|
|