|
|
|
@ -17,7 +17,6 @@
|
|
|
|
|
import os
|
|
|
|
|
import sys
|
|
|
|
|
import re
|
|
|
|
|
#import popen2
|
|
|
|
|
import ldap
|
|
|
|
|
import cStringIO, StringIO
|
|
|
|
|
from ldif import LDIFParser, LDIFWriter
|
|
|
|
@ -35,7 +34,6 @@ import types
|
|
|
|
|
import time
|
|
|
|
|
# Для ввода символа
|
|
|
|
|
import tty
|
|
|
|
|
import termios
|
|
|
|
|
# Работа со временем
|
|
|
|
|
import time
|
|
|
|
|
import datetime
|
|
|
|
@ -488,6 +486,8 @@ class shareLdap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
|
|
|
|
|
self.printERROR( _("Daemon %s was not started") %daemon)
|
|
|
|
|
flagError = True
|
|
|
|
|
break
|
|
|
|
|
if service == "ldap":
|
|
|
|
|
service = "LDAP"
|
|
|
|
|
if flagError:
|
|
|
|
|
self.printNotOK(_("Starting") + " " + service.capitalize() + " " +\
|
|
|
|
|
_("service"))
|
|
|
|
@ -3656,7 +3656,7 @@ class servJabber(shareLdap):
|
|
|
|
|
res = True
|
|
|
|
|
for userName in users:
|
|
|
|
|
userSearch = self.searchUserToNameOrId(userName)
|
|
|
|
|
if userSearch[0][0][1].has_key('departmentNumber'):
|
|
|
|
|
if userSearch and userSearch[0][0][1].has_key('departmentNumber'):
|
|
|
|
|
if not userSearch[0][0][1]['departmentNumber'][0] == \
|
|
|
|
|
groupSearch[0][0][1]['cn'][0]:
|
|
|
|
|
self.printERROR(_("User %s is not found in group")%\
|
|
|
|
@ -5143,7 +5143,7 @@ outdated. If the backup is obsolete, use cl-backup."))
|
|
|
|
|
return False
|
|
|
|
|
if not self.startServices([service], False):
|
|
|
|
|
return False
|
|
|
|
|
self.printOK(_("Restarting service %s")%service.capitalize())
|
|
|
|
|
self.printOK(_("Restarting service %s")%"LDAP")
|
|
|
|
|
# запишем переменные для сервера
|
|
|
|
|
if not flagError:
|
|
|
|
|
# Переменные для jabber
|
|
|
|
@ -5624,6 +5624,7 @@ class cl_ldap(shareLdap):
|
|
|
|
|
'cl-backup':8,
|
|
|
|
|
'cl-update':9,
|
|
|
|
|
'cl-rebuild':10,
|
|
|
|
|
'cl-replication':11,
|
|
|
|
|
}
|
|
|
|
|
# Cвязь сервисов и действующих опций
|
|
|
|
|
self.relServices = {"samba":[_("Common options"),
|
|
|
|
@ -6337,14 +6338,14 @@ the password will be changed only for Samba account")
|
|
|
|
|
'help':_("enabled or disabled jabber history logging, default disable.\
|
|
|
|
|
(on/off)")
|
|
|
|
|
},
|
|
|
|
|
#{'progAccess':(6,),
|
|
|
|
|
#'shortOption':"r",
|
|
|
|
|
#'optVal':"CONDITION",
|
|
|
|
|
#'longOption':"repl",
|
|
|
|
|
#'helpChapter':_("LDAP service options"),
|
|
|
|
|
#'help':_("enabled or disabled replication, default disable.\
|
|
|
|
|
#(on/off)")
|
|
|
|
|
#},
|
|
|
|
|
{'progAccess':(6,),
|
|
|
|
|
'shortOption':"r",
|
|
|
|
|
'optVal':"CONDITION",
|
|
|
|
|
'longOption':"repl",
|
|
|
|
|
'helpChapter':_("LDAP service options"),
|
|
|
|
|
'help':_("enabled or disabled replication, default disable.\
|
|
|
|
|
(on/off)")
|
|
|
|
|
},
|
|
|
|
|
# Опции cl-passwd
|
|
|
|
|
# LDAP пользователь
|
|
|
|
|
{'progAccess':(7,),
|
|
|
|
@ -6448,7 +6449,19 @@ the password will be changed only for Samba account")
|
|
|
|
|
'helpChapter':_("Common options"),
|
|
|
|
|
'help':_("displays additional information")
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
{'progAccess':(11,),
|
|
|
|
|
'shortOption':"l",
|
|
|
|
|
'optVal':"LOGIN",
|
|
|
|
|
'longOption':"login",
|
|
|
|
|
'helpChapter':_("Common options"),
|
|
|
|
|
'help':_("user name the logged on in server")
|
|
|
|
|
},
|
|
|
|
|
{'progAccess':(11,),
|
|
|
|
|
'shortOption':"s",
|
|
|
|
|
'longOption':"silent",
|
|
|
|
|
'helpChapter':_("Common options"),
|
|
|
|
|
'help':_("silent mode messages")
|
|
|
|
|
},
|
|
|
|
|
#{'progAccess':(0,1,2,4,5,6),
|
|
|
|
|
#'shortOption':"s",
|
|
|
|
|
#'longOption':"set",
|
|
|
|
@ -6558,7 +6571,7 @@ the password will be changed only for Samba account")
|
|
|
|
|
" " + _("service")
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(8,),
|
|
|
|
|
'progAccess':(8,11),
|
|
|
|
|
'helpChapter':_("Usage"),
|
|
|
|
|
'help': cmdName + " [" + _("options") + "]"
|
|
|
|
|
},
|
|
|
|
@ -6627,7 +6640,13 @@ the password will be changed only for Samba account")
|
|
|
|
|
'progAccess':(10,),
|
|
|
|
|
'helpChapter':"Function",
|
|
|
|
|
'help':_("Rebuild configuration files and LDAP database for all \
|
|
|
|
|
services")
|
|
|
|
|
services")
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(11,),
|
|
|
|
|
'helpChapter':"Function",
|
|
|
|
|
'help':_("Writes information about the user in the LDAP branch \
|
|
|
|
|
'Replication'.")
|
|
|
|
|
},
|
|
|
|
|
# Примеры
|
|
|
|
|
{
|
|
|
|
@ -6709,6 +6728,14 @@ the password will be changed only for Samba account")
|
|
|
|
|
"# "+_("rebuild all services") + ".",
|
|
|
|
|
self.consolewidth-self.column_width)
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
'progAccess':(11,),
|
|
|
|
|
'helpChapter':_("Examples"),
|
|
|
|
|
'help':pcs(" cl-replication -l test", self.column_width,
|
|
|
|
|
"# "+_("user information 'test' is recorded in the branch \
|
|
|
|
|
'Replication'") + ".",
|
|
|
|
|
self.consolewidth-self.column_width)
|
|
|
|
|
},
|
|
|
|
|
#{
|
|
|
|
|
#'helpChapter':_("Examples"),
|
|
|
|
|
#'help':pcs(" " + cmdName + " --env boot", self.column_width,
|
|
|
|
@ -7227,9 +7254,14 @@ class servRepl(shareLdap):
|
|
|
|
|
# Имя пользователя, машина на которой хостимся
|
|
|
|
|
self.ldifFileWorkedUser =\
|
|
|
|
|
"/usr/lib/calculate/calculate-server/ldif/ldap_repl_worked_user.ldif"
|
|
|
|
|
# Сервис Samba
|
|
|
|
|
self.servSambaObj = servSamba()
|
|
|
|
|
# Сервис Unix
|
|
|
|
|
self.servUnixObj = self.servSambaObj.servUnixObj
|
|
|
|
|
# DN ветки Worked
|
|
|
|
|
self.relWorkedDN = False
|
|
|
|
|
# Файл для определения выхода пользователя.
|
|
|
|
|
self.logOutFile = ".logout"
|
|
|
|
|
|
|
|
|
|
@adminConnectLdap
|
|
|
|
|
def isSysDNExists(self):
|
|
|
|
@ -7241,6 +7273,86 @@ class servRepl(shareLdap):
|
|
|
|
|
else:
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
@adminConnectLdap
|
|
|
|
|
def isExistsLogout(self, userName):
|
|
|
|
|
"""Проверяет существует ли в директории профиля пользователя
|
|
|
|
|
файл .logout"""
|
|
|
|
|
logoutFile = os.path.join(self.clVars.Get("sr_samba_linprof_path"),
|
|
|
|
|
userName,self.logOutFile)
|
|
|
|
|
if os.path.exists(logoutFile):
|
|
|
|
|
return True
|
|
|
|
|
else:
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
@adminConnectLdap
|
|
|
|
|
def deleteLogoutFile(userName, logoutFile):
|
|
|
|
|
"""Удаляет .logout файл"""
|
|
|
|
|
if os.path.exists(logoutFile):
|
|
|
|
|
try:
|
|
|
|
|
FD = open(logoutFile)
|
|
|
|
|
exitStr = FD.read()
|
|
|
|
|
FD.close()
|
|
|
|
|
except:
|
|
|
|
|
return False
|
|
|
|
|
if exitStr:
|
|
|
|
|
exitStr = exitStr.strip()
|
|
|
|
|
else:
|
|
|
|
|
exitStr = "EMPTY"
|
|
|
|
|
try:
|
|
|
|
|
os.remove(logoutFile)
|
|
|
|
|
except:
|
|
|
|
|
return False
|
|
|
|
|
return exitStr
|
|
|
|
|
return "NOFILE"
|
|
|
|
|
|
|
|
|
|
def createUserDirs(self, userName):
|
|
|
|
|
"""Если пользовательские директории не существуют то создаем их
|
|
|
|
|
"""
|
|
|
|
|
resSearchUnix = self.servUnixObj.searchUnixUser(userName)
|
|
|
|
|
resPasswd = False
|
|
|
|
|
uid = None
|
|
|
|
|
gid = None
|
|
|
|
|
if resSearchUnix:
|
|
|
|
|
uid = int(resSearchUnix[0][0][1]['uidNumber'][0])
|
|
|
|
|
gid = int(resSearchUnix[0][0][1]['gidNumber'][0])
|
|
|
|
|
else:
|
|
|
|
|
resPasswd = self.servUnixObj.searchPasswdUser(userName)
|
|
|
|
|
if resPasswd:
|
|
|
|
|
uid = int(resPasswd.split(":")[2])
|
|
|
|
|
gid = int(resPasswd.split(":")[3])
|
|
|
|
|
if uid == None or gid == None:
|
|
|
|
|
print _("User %s not found in Unix service")
|
|
|
|
|
return False
|
|
|
|
|
winProfDir =\
|
|
|
|
|
os.path.join(self.clVars.Get("sr_samba_winprof_path"),
|
|
|
|
|
userName)
|
|
|
|
|
linProfDir =\
|
|
|
|
|
os.path.join(self.clVars.Get("sr_samba_linprof_path"),
|
|
|
|
|
userName)
|
|
|
|
|
userHomeDir =\
|
|
|
|
|
os.path.join(self.clVars.Get("sr_samba_home_path"),
|
|
|
|
|
userName)
|
|
|
|
|
userNetlogonDir =\
|
|
|
|
|
os.path.join(self.clVars.Get("sr_samba_winlogon_path"),
|
|
|
|
|
userName)
|
|
|
|
|
userDirs = [winProfDir, linProfDir, userHomeDir, userNetlogonDir]
|
|
|
|
|
flagError = False
|
|
|
|
|
for userDir in userDirs:
|
|
|
|
|
if not os.path.exists(userDir):
|
|
|
|
|
if not self.createUserDir(uid, gid, userDir):
|
|
|
|
|
flagError = True
|
|
|
|
|
break
|
|
|
|
|
if flagError:
|
|
|
|
|
return False
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
def isLoginUser(self, userName):
|
|
|
|
|
"""Логинится ли пользователь"""
|
|
|
|
|
if self.isExistsLogout(userName):
|
|
|
|
|
return False
|
|
|
|
|
else:
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
@adminConnectLdap
|
|
|
|
|
def isReplDNExists(self):
|
|
|
|
|
"""Существуют ли ветка репликации LDAP"""
|
|
|
|
@ -7304,7 +7416,7 @@ class servRepl(shareLdap):
|
|
|
|
|
|
|
|
|
|
@adminConnectLdap
|
|
|
|
|
def addReplWorkedUser(self, userName):
|
|
|
|
|
"""Добавляем запись в Worked ветку (id, имя сервера)"""
|
|
|
|
|
"""Добавляем запись в Worked ветку (uid, имя сервера)"""
|
|
|
|
|
rez = self.searchWorkedUser(userName)
|
|
|
|
|
if not rez:
|
|
|
|
|
ldifFile = self.ldifFileWorkedUser
|
|
|
|
@ -7320,14 +7432,87 @@ class servRepl(shareLdap):
|
|
|
|
|
if not replHost:
|
|
|
|
|
print _("Variable Error: not set a variable ld_repl_host")
|
|
|
|
|
return False
|
|
|
|
|
# Изменяемые аттрибуты
|
|
|
|
|
modAttrs = [(ldap.MOD_REPLACE, 'host', replHost)]
|
|
|
|
|
relWorkedDN = self.getRelWorkedDN()
|
|
|
|
|
DN = self.addDN("uid="+userName, relWorkedDN)
|
|
|
|
|
if not self.modAttrsDN(DN, modAttrs):
|
|
|
|
|
if rez:
|
|
|
|
|
host = rez[0][0][1]['host'][0]
|
|
|
|
|
if host != replHost:
|
|
|
|
|
# Изменяемые аттрибуты
|
|
|
|
|
modAttrs = [(ldap.MOD_REPLACE, 'host', replHost)]
|
|
|
|
|
relWorkedDN = self.getRelWorkedDN()
|
|
|
|
|
DN = self.addDN("uid="+userName, relWorkedDN)
|
|
|
|
|
if not self.modAttrsDN(DN, modAttrs):
|
|
|
|
|
return False
|
|
|
|
|
else:
|
|
|
|
|
print _("Incorrect added user %s in branch 'Replication'")%userName
|
|
|
|
|
return False
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
@adminConnectLdap
|
|
|
|
|
def addUserReplServer(self, options, logObj=False):
|
|
|
|
|
verboseMode = True
|
|
|
|
|
errMessage = ""
|
|
|
|
|
errorFlag = False
|
|
|
|
|
# Опция выключает вывод cообщений на экран
|
|
|
|
|
if options.has_key('s'):
|
|
|
|
|
verboseMode = False
|
|
|
|
|
login = ""
|
|
|
|
|
# Если нет логина пользователя - ошибка
|
|
|
|
|
if not options.has_key('l'):
|
|
|
|
|
errorFlag = True
|
|
|
|
|
errMessage = _("command line option '-l, --login' is not set")
|
|
|
|
|
else:
|
|
|
|
|
login = options['l']
|
|
|
|
|
# Проверка установку сервиса LDAP
|
|
|
|
|
if not errorFlag and self.clVars.Get("sr_ldap_set") != "on":
|
|
|
|
|
errorFlag = True
|
|
|
|
|
errMessage = _("LDAP service not setuped")
|
|
|
|
|
# Проверка на установку samba
|
|
|
|
|
if not errorFlag and self.clVars.Get("sr_samba_set") != "on":
|
|
|
|
|
errorFlag = True
|
|
|
|
|
errMessage = _("Samba service not setuped")
|
|
|
|
|
# Проверка на включение репликации
|
|
|
|
|
if not errorFlag and self.clVars.Get("ld_repl_set") != "on":
|
|
|
|
|
errorFlag = True
|
|
|
|
|
errMessage = _("Replication off")
|
|
|
|
|
if not errorFlag:
|
|
|
|
|
if self.servSambaObj.searchSambaUser(login):
|
|
|
|
|
if self.isLoginUser(login):
|
|
|
|
|
if not createUserDirs(login):
|
|
|
|
|
errorFlag = True
|
|
|
|
|
errMessage = \
|
|
|
|
|
_("Can not create user %s directories")%str(login)
|
|
|
|
|
else:
|
|
|
|
|
# Удаляем файл .logout
|
|
|
|
|
logoutFile =\
|
|
|
|
|
os.path.join(self.clVars.Get("sr_samba_linprof_path"),
|
|
|
|
|
userName,self.logOutFile)
|
|
|
|
|
retStr = self.deleteLogoutFile(login, logoutFile)
|
|
|
|
|
if not retStr:
|
|
|
|
|
errorFlag = True
|
|
|
|
|
errMessage = \
|
|
|
|
|
_("No access to the file %s")%logoutFile
|
|
|
|
|
if retStr == "SUCCESS":
|
|
|
|
|
# Добавляем пользователя в ветку репликации
|
|
|
|
|
if not self.addReplWorkedUser(login):
|
|
|
|
|
errorFlag = True
|
|
|
|
|
errMessage = _("Can not add user %s in LDAP branch \
|
|
|
|
|
'Replication'")%str(login)
|
|
|
|
|
else:
|
|
|
|
|
errorFlag = True
|
|
|
|
|
errMessage = _("Samba user %s is not found")%str(login)
|
|
|
|
|
if errorFlag:
|
|
|
|
|
if errMessage:
|
|
|
|
|
if verboseMode:
|
|
|
|
|
self.printERROR(errMessage)
|
|
|
|
|
if logObj:
|
|
|
|
|
logObj.writeError(errMessage)
|
|
|
|
|
return False
|
|
|
|
|
messages = _("User %s is added in LDAP branch 'Replication'")%login
|
|
|
|
|
if verboseMode:
|
|
|
|
|
self.printSUCCESS(messages)
|
|
|
|
|
if logObj:
|
|
|
|
|
logObj.writeSuccess(messages)
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
def setupReplServer(self, options):
|
|
|
|
|
"""Начальная настройка репликации"""
|
|
|
|
|
# Cоздаем объект переменные
|
|
|
|
|