From 150810f06fb16411cfdba3b3b6710194936243b7 Mon Sep 17 00:00:00 2001 From: Ricky Zhou Date: Sun, 2 Mar 2008 22:20:28 -0500 Subject: [PATCH] Clean up more old stuff. --- fas/fas/safasprovider.py | 5 - fas/fas/user.py | 2 +- fas/ldap/52fc-fedora-person.ldif | 22 -- fas/ldap/52fc-fedora-role.ldif | 28 -- fas/ldap/53fc-fedora-group.ldif | 17 -- fas/ldap/PgToLDAP.py | 434 ------------------------------- fas/ldap/fedoraGroup.schema | 45 ---- fas/ldap/fedoraPerson.schema | 57 ---- fas/ldap/fedoraRole.schema | 66 ----- 9 files changed, 1 insertion(+), 675 deletions(-) delete mode 100644 fas/ldap/52fc-fedora-person.ldif delete mode 100644 fas/ldap/52fc-fedora-role.ldif delete mode 100644 fas/ldap/53fc-fedora-group.ldif delete mode 100755 fas/ldap/PgToLDAP.py delete mode 100644 fas/ldap/fedoraGroup.schema delete mode 100644 fas/ldap/fedoraPerson.schema delete mode 100644 fas/ldap/fedoraRole.schema diff --git a/fas/fas/safasprovider.py b/fas/fas/safasprovider.py index c425096..ac0220e 100644 --- a/fas/fas/safasprovider.py +++ b/fas/fas/safasprovider.py @@ -126,10 +126,6 @@ class SaFasIdentityProvider(SqlAlchemyIdentityProvider): log.info(_("Loading: %(visitmod)s") % \ {'visitmod': visit_identity_class_path}) visit_identity_class = load_class(visit_identity_class_path) - # Default encryption algorithm is to use plain text passwords - algorithm = config.get("identity.saprovider.encryption_algorithm", None) - self.encrypt_password = lambda pw: \ - identity._encrypt_password(algorithm, pw) def create_provider_model(self): ''' @@ -190,7 +186,6 @@ class SaFasIdentityProvider(SqlAlchemyIdentityProvider): ''' return user.password == crypt.crypt(password, user.password) - return user.password == self.encrypt_password(password) def load_identity(self, visit_key): '''Lookup the principal represented by visit_key. diff --git a/fas/fas/user.py b/fas/fas/user.py index 516dc20..6e8c016 100644 --- a/fas/fas/user.py +++ b/fas/fas/user.py @@ -254,7 +254,7 @@ class User(controllers.Controller): @error_handler(error) @expose(template='fas.templates.new') def create(self, username, human_name, email, telephone, postal_address): - # TODO: Ensure that e-mails are unique- this should probably be done in the LDAP schema. + # TODO: Ensure that e-mails are unique? # Also, perhaps implement a timeout- delete account # if the e-mail is not verified (i.e. the person changes # their password) withing X days. diff --git a/fas/ldap/52fc-fedora-person.ldif b/fas/ldap/52fc-fedora-person.ldif deleted file mode 100644 index bc552a7..0000000 --- a/fas/ldap/52fc-fedora-person.ldif +++ /dev/null @@ -1,22 +0,0 @@ -#this is the fedoraPerson shema file for use with the Account system -#it is based on the inetOrgPerson shema, but has some spicific -#attribues added onto it for use by the Account system -#for now this is the contents -#sshkey bugzillaemail ircNick approvalStatus creationDate -dn: cn=schema -attributeTypes: ( 2.5.444.8 NAME 'fedoraPersonSshKey' DESC 'ssh key for this member' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{4096} SINGLE-VALUE) -attributeTypes: ( 2.5.444.9 NAME 'fedoraPersonBugzillaMail' DESC 'members preferred bugzilla email address' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -attributeTypes: ( 2.5.444.16 NAME 'fedoraPersonIrcNick' DESC 'irc nick of the user on freenode' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{100} ) -attributetypes: ( 2.5.444.17 NAME 'fedoraPersonCreationDate' DESC 'date entry was created' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -attributeTypes: ( 2.5.444.18 NAME 'fedoraPersonApprovalStatus' DESC 'users approval status' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) -attributeTypes: ( 2.5.444.19 NAME 'fedoraPersonKeyId' DESC 'users GPG key ID' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) -attributeTypes: ( 2.5.444.22 NAME 'fedoraPersonCertSerial' DESC 'users SSL cert serial' EQUALITY IntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributeTypes: ( 2.5.444.23 NAME 'fedoraPersonTimeZone' DESC 'time zone of the user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) -attributeTypes: ( 2.5.444.24 NAME 'fedoraPersonEmailConfirm' DESC 'user email confirmation' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) -attributeTypes: ( 2.5.444.25 NAME 'fedoraPersonEmailCode' DESC 'user email code' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) - -# fedoraPerson -# The fedoraPerson represents people who are a member of the fedora project -# in some way. It is a structural class and inherits -# from the inetOrgPerson class -objectClasses: ( 2.5.555.1 NAME 'fedoraPerson' DESC 'A member of the fedoraproject group' SUP inetOrgPerson STRUCTURAL MUST ( fedoraPersonSshKey $ mail $ fedoraPersonCreationDate $ fedoraPersonTimeZone ) MAY (fedoraPersonIrcNick $ fedoraPersonApprovalStatus $ fedoraPersonBugzillaMail $ fedoraPersonKeyId $ fedoraPersonCertSerial ) ) diff --git a/fas/ldap/52fc-fedora-role.ldif b/fas/ldap/52fc-fedora-role.ldif deleted file mode 100644 index 43d34e1..0000000 --- a/fas/ldap/52fc-fedora-role.ldif +++ /dev/null @@ -1,28 +0,0 @@ -#this is the fedoraMembership shema file for use with the Account system -#check out http://www.openldap.org/doc/admin23/schema.html#Extending%20Schema -#for more information -#for now this is the contents -#role_type -#role_domain -#role_status -#internal_comments -#sponsor (points to the sponsor's DN) -#creation (date) -#approval (date) -#don't have a name use cn instead -#attributeType ( 2.5.444.1 NAME 'name' -# DESC 'group name' -# EQUALITY caseIgnoreMatch -# SUBSTR caseIgnoreSubstringsMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) -dn: cn=schema -attributeTypes: ( 2.5.444.2 NAME 'fedoraRoleType' DESC 'the type of role' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{25} ) -attributeTypes: ( 2.5.444.15 NAME 'fedoraRoleDomain' DESC 'the domain of this role' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{15} ) -attributeTypes: ( 2.5.444.3 NAME 'fedoraRoleStatus' DESC 'the approval status of this role' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{15} ) -#attributeTypes: ( 2.5.444.4 NAME 'internalComments' -# DESC 'group membership comments' -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1000} ) -attributeTypes: ( 2.5.444.5 NAME 'fedoraRoleSponsor' DESC 'role sponsor' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{25} ) -attributeTypes: ( 2.5.444.6 NAME 'fedoraRoleCreationDate' DESC 'membership creation date' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -attributeTypes: ( 2.5.444.7 NAME 'fedoraRoleApprovalDate' DESC 'membership approval date' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -objectClasses: ( 2.5.555.2 NAME 'fedoraRole' DESC 'An object describing a persons roles with the fedora project' STRUCTURAL MUST ( cn ) MAY ( fedoraRoleApprovalDate $ fedoraRoleCreationDate $ fedoraRoleType $ fedoraRoleStatus $ fedoraRoleDomain $ fedoraRoleSponsor ) ) diff --git a/fas/ldap/53fc-fedora-group.ldif b/fas/ldap/53fc-fedora-group.ldif deleted file mode 100644 index 326d02b..0000000 --- a/fas/ldap/53fc-fedora-group.ldif +++ /dev/null @@ -1,17 +0,0 @@ -#this is the fedora group schema file for use with the accounts system2 -#it currently contains the following: -#owner (the owner's DN) -#group_type -#needs_sponsor -#user_can_remove (will be handled by ACLs, but we need to clue the interface about it) -#prerequisite_id (no idea what that is, so maybe not) -- not included yet -#joinmsg -dn: cn=schema -attributeTypes: ( 2.5.444.10 NAME 'fedoraGroupOwner' DESC 'group owner' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) -attributeTypes: ( 2.5.444.11 NAME 'fedoraGroupType' DESC 'the type of group' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) -attributeTypes: ( 2.5.444.12 NAME 'fedoraGroupNeedsSponsor' DESC 'boolean indicating whether or not the group needs a sponsor' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) -attributeTypes: ( 2.5.444.13 NAME 'fedoraGroupUserCanRemove' DESC 'boolean indicating whether or not the user can remove the group' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) -attributeTypes: ( 2.5.444.14 NAME 'fedoraGroupJoinMsg' DESC 'message received upon joining the group' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1000} ) -attributeTypes: ( 2.5.444.21 NAME 'fedoraGroupDesc' DESC 'group description' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{100} ) -attributeTypes: ( 2.5.444.20 NAME 'fedoraGroupRequires' DESC 'Requisites of this Group' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) -objectClasses: ( 2.5.555.3 NAME 'fedoraGroup' DESC 'A object describing a group entry' STRUCTURAL MUST ( cn $ fedoraGroupDesc $ fedoraGroupOwner ) MAY ( fedoraGroupJoinMsg $ fedoraGroupUsercanRemove $ fedoraGroupType $ fedoraGroupNeedsSponsor $ fedoraGroupRequires ) ) diff --git a/fas/ldap/PgToLDAP.py b/fas/ldap/PgToLDAP.py deleted file mode 100755 index 41a91f2..0000000 --- a/fas/ldap/PgToLDAP.py +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/bin/env python - -""" - PgToLDAP is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - PgToLDAP is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with PgToLDAP; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - Id: $Id: PgToLDAP.py,v 1.5 2006/12/07 01:40:06 lyz Exp $ -""" - -import sys, time -import ldap, ldif, pgdb, ldap.modlist -from optparse import OptionParser -import sha -import base64 -from random import randrange - - -version = "0.112" - -def encode_SSHA_password ( password ): - p_ssha = sha.new( password ) - salt = '' - - for n in range(7): - salt += chr(randrange(256)) - - - p_ssha.update( salt ) - p_ssha_base64 = base64.encodestring(p_ssha.digest() + salt + '' ) - return '%s%s' %( '{SSHA}', p_ssha_base64 ) - - - -def parseArgs(): - parser = OptionParser(version="%prog " + version) - parser.add_option ("-v", "--verbose", dest="verbose", action="store_true", default=False, - help="Verbose output") - - parser.add_option ("--pgUser", dest="pgUser", default="postgres", - help="PostgreSQL User [default: %default]", metavar="USER") - parser.add_option ("--pgPassword", dest="pgPassword", - help="PostgreSQL Password", metavar="PASSWORD") - parser.add_option ("--pgHost", dest="pgHost", default="localhost", - help="PostgreSQL Host [default: %default]", metavar="HOST") - parser.add_option ("--pgPort", dest="pgPort", default="5432", - help="PostgreSQL Port [default: %default]", metavar="PORT") - parser.add_option ("--pgDb", dest="pgDB", - help="PostgreSQL Database", metavar="DATABASE") - - parser.add_option ("-o", "--output", dest="outType", default="file", - help="Output Type [file|ldap] [default: %default]") - parser.add_option ("-f", "--file", dest="outFile", default="out.ldif", - help="Output file [default: %default]", metavar="FILE") - - parser.add_option ("--ldapUser", dest="ldapUser", default="cn=Directory Manager", - help="LDAP User [default: %default]", metavar="USER") - parser.add_option ("--ldapPassword", dest="ldapPassword", - help="LDAP Password", metavar="PASSWORD") - parser.add_option ("--ldapHost", dest="ldapHost", default="localhost", - help="LDAP Host [default: %default]", metavar="HOST") - parser.add_option ("--ldapPort", dest="ldapPort", default="389", - help="LDAP Port [default: %default]", metavar="PORT") - parser.add_option ("--ldapOU", dest="ldapBaseOU", default="dc=fedoraproject, dc=org", - help="LDAP Base OU [default: %default]", ) - (options, args) = parser.parse_args() - if options.outType != "file" and options.outType != "ldap": - parser.error("Output type must be file or ldap") - return (options, args) - -def connPostgres(user, password, db, host, port): - """Tries to connect to the Postgres db server. - Will exit with exit code 1 it it fails.""" - global verbose - if verbose: - print "Connecting to postgres://%s@%s:%s" % (user, host, port) - try: - dbConn = pgdb.connect(user=user, - password=password, - database=db, - host='%s:%s' %(host, port)) - return dbConn - except: - print "Error connecting to Postgres server" - # TODO: Remove exit comment - sys.exit(1) - -def connLDAP(user, password, host, port): - """Tries to bind to the LDAP server. - Will exit with exit code 1 it it fails.""" - global verbose - if verbose: - print "Connecting to ldap://%s@%s:%s" % (user, host, port) - try: - ldapConn = ldap.open(host) - ldapConn.protocol_version = ldap.VERSION3 - ldapConn.simple_bind_s(user, password) - return ldapConn - except ldap.LDAPError, error_message: - print 'Error connecting to LDAP Server' - print error_message - sys.exit(1) - -def openLdifFile(filename): - """Tries to open the output file for writing. - Will exit with exit code 1 it it fails.""" - global verbose - if verbose: - print "Opening output file %s" % filename - try: - #ldifWriter = ldif.LDIFWriter(ldap.initialize('ldap://localhost:1390'),filename) - fileHandel = open (filename,'w') - - # | __init__(self, output_file, base64_attrs=None, cols=76, line_sep='\n') - # | output_file - # | file object for output - # | base64_attrs - # | list of attribute types to be base64-encoded in any case - # | cols - # | Specifies how many columns a line may have before it's - # | folded into many lines. - # | line_sep - # | String used as line separator - - - - ldifWriter = ldif.LDIFWriter(fileHandel,"None") - return ldifWriter - except ldap.LDAPError, error_message: - print "Error opening output file: %s" % (filename) - print error_message - sys.exit(1) - -def cleanLDAP(ldapConn, ldapBaseOU): - """Removes all existing entries under ou=People and ou=Groups for - the defined base OU. - Will exit with exit code 1 if an LDAP error is encountered.""" - global verbose - if verbose: - print "Deleting existing users from LDAP" - try: - timeout = 0 - result_id = ldapConn.search("ou=People, " + ldapBaseOU, - ldap.SCOPE_ONELEVEL, - "cn=*", - None) - while 1: - result_type, result_data = ldapConn.result(result_id, timeout) - if (result_data == []): - break - else: - if result_type == ldap.RES_SEARCH_ENTRY: - if verbose: - print "Deleting LDAP user: " + result_data[0][1]['cn'][0] - ldapConn.delete_s(result_data[0][0]) - except ldap.LDAPError, error_message: - print "Error deleting existing users from LDAP" - print error_message - sys.exit(1) - - if verbose: - print "Deleting existing groups from LDAP" - try: - timeout = 0 - result_id = ldapConn.search("ou=Groups, " + ldapBaseOU, - ldap.SCOPE_ONELEVEL, - "cn=*", - None) - while 1: - result_type, result_data = ldapConn.result(result_id, timeout) - if (result_data == []): - break - else: - if result_type == ldap.RES_SEARCH_ENTRY: - if verbose: - print "Deleting LDAP group: " + result_data[0][1]['cn'][0] - ldapConn.delete_s(result_data[0][0]) - except ldap.LDAPError, error_message: - print "Error deleting existing groups from LDAP" - print error_message - sys.exit(1) - -def main(): - global verbose - (options, cruft) = parseArgs() - verbose = options.verbose - - dbConn = connPostgres(options.pgUser, options.pgPassword, - options.pgDB, options.pgHost, options.pgPort) - - # Cleanup LDAP (if necessary) - if options.outType == "ldap": - ldapConn = connLDAP(options.ldapUser, options.ldapPassword, - options.ldapHost, options.ldapPort) - #cleanLDAP(ldapConn, options.ldapBaseOU) - else: - ldifWriter = openLdifFile(options.outFile) - - # Copy all users from db to ldap/ldif - # this will to queries and mappings - - try: - if verbose: - print "Selecting all users from Postgres Database" - userCursor = dbConn.cursor() - userCursor.execute ("SELECT * FROM person") - - #id, username, email 2, human_name 3, gpg_keyid 4, ssh_key 5, password 6, comments 7, postal_address 8, telephone 9, facsimile 10, affiliation 11, creation 12, approval_status 13, internal_comments 14, wiki_prefs 15, ircnick 16 - except: - print "Error selecting users from db" - raise - sys.exit(1) - while 1: - user = userCursor.fetchone() - if user == None: - break - - date = str(user[12]).split('.')[0] - timestamp = time.strftime('%s', time.strptime(date, "%Y-%m-%d %H:%M:%S")) - - # TODO: Create method createLdapUserEntry(user) - #(dn, entry) = createLdapUserEntry(user) - if options.outType == "ldif": - ldifWriter.unparse(dn, entry) - else: - - - print "Adding ldif info for " + user[3] + "." - - #userLdif = [["objectClass",["fedoraPerson","organizationalUnit"]] , [ "displayName",[ user[1] ] ] ] - userLdif = [["objectClass",["fedoraPerson"]] , [ "displayName",[ user[1] ] ] ] - userLdif.append(["mail",[str(user[2])]]) - userLdif.append(["sn",[str(user[1])]]) - userLdif.append(["fedoraPersonBugzillaMail",[str(user[2])]]) - userLdif.append(["cn",[str(user[1])]]) - userLdif.append(["givenName",[str(user[3])]]) - userLdif.append(["fedoraPersonKeyId",[str(user[4])]]) - userLdif.append(["fedoraPersonCertSerial",['-1']]) - userLdif.append(["fedoraPersonSshKey",[str(user[5])]]) - userLdif.append(["userPassword",[encode_SSHA_password(str(user[6]))]]) - userLdif.append(["postalAddress",[str(user[8])]]) - userLdif.append(["telephoneNumber",[str(user[9])]]) - userLdif.append(["fax",[str(user[10]) or "None"]]) - userLdif.append(["o",[str(user[11]) or "None" ]]) # affiliation is set to the o -- another stretch ?? - userLdif.append(["fedoraPersonCreationDate",[str(timestamp)]]) - userLdif.append(["fedoraPersonApprovalStatus",[str(user[13])]]) - userLdif.append(["description",[str(user[14])]]) #this one may be a streach -- original field was internal comments - userLdif.append(["fedoraPersonTimeZone",["UTC"]]) - userLdif.append(["fedoraPersonIrcNick",[str(user[16])]]) - #userLdif.append(["ou",["Roles"]]) Adding an OU instead - - print userLdif - #for userKey in userLdif.keys(): - #print "Key Name -> " + userKey - #print ":::Key Value::: " - #print userLdif[userKey] - #ldifWriter.unparse("dc=fedoraproject,dc=org cn=" + user[3] , { userKey : [str(userLdif[userKey])] } ) - - #print userLdif.keys() - #print userLdif.values() - ldifWriter.unparse("cn=" + str(user[1]) +",ou=People,dc=fedoraproject,dc=org" , userLdif ) - - roleOuLdif = [["objectClass",["organizationalUnit"]] , [ "ou",[ "Roles" ] ] ] - ldifWriter.unparse("ou=Roles,cn=" + str(user[1]) +",ou=People,dc=fedoraproject,dc=org" , roleOuLdif ) - - #ldifWriter.unparse("dc=fedoraproject,dc=org, cn=" + user[3] , [ ['ano',['domini']],['uances',['od']] ]) - - #time.sleep (2) - - - #ldapConn.add_s(dn, entry) - - userCursor.close() - - - - # Select all groups from the DB - - try: - if verbose: - print "Selecting all groups from Postgres Database" - groupCursor = dbConn.cursor() - groupCursor.execute ("SELECT * FROM project_group") - - - - except: - print "Error selecting groups from db" - raise - sys.exit(1) - while 1: - group = groupCursor.fetchone() - if group == None: - break - # TODO: Create method createLdapGroupEntry(group) - #(dn, entry) = createLdapGroupEntry(group) - if options.outType == "ldif": - ldifWriter.unparse(dn, entry) - else: - #ldapConn.add_s(dn, entry) - - print "Adding group info for %s." % group[7] - #id0, owner_id1, group_type2, needs_sponsor3, user_can_remove4, prerequisite_id5, joinmsg6, name7 - - uidLookupCursor = dbConn.cursor() - uidLookupCursor.execute ("SELECT username FROM person where id =" + str(group[1]) ) - owner = uidLookupCursor.fetchone() - if str(group[5]) != "None" : - uidLookupCursor.execute ("SELECT name FROM project_group where id =" + str(group[5]) ) - prereq = uidLookupCursor.fetchone() - print prereq - else: - prereq=["None"] - - print owner - - #id0, name1, owner_id2, group_type3, needs_sponsor4, user_can_remove5, prerequisite_id6, joinmsg7 - userLdif = [["objectClass",["fedoraGroup"]] ] - userLdif.append(["cn",[str(group[7])]]) - userLdif.append(["fedoraGroupOwner",owner]) # need to get a cn for this not just the id - #userLdif.append(["groupOwner",[str(group[2])]]) # need to get a cn for this not just the id - userLdif.append(["fedoraGroupType",[str(group[3]) or "None" ]]) - - #we're using the boolean type for these. This means they need to be converted to the TRUE and FALSE strings - - if str(group[3]) == "0" : - group[3]="FALSE" - else: - group[3]="TRUE" - - if str(group[4]) == "0" : - group[4]="FALSE" - else: - group[4]="TRUE" - - if group[5] == None: - group[5] = "" - - userLdif.append(["fedoraGroupNeedsSponsor",[str(group[3])]]) #need to convert to bool - userLdif.append(["fedoraGroupUserCanRemove",[str(group[4])]]) #need to convert to bool - userLdif.append(["fedoraGroupDesc",[str('Please fill out a Group Description')]]) #need to convert to bool - #userLdif.append(["groupPrerequisite",[str(group[5])]]) - userLdif.append(["fedoraGroupRequires",[str(group[5])]]) # <- Hope this is added properly - Ricky - #userLdif.append(["groupPrerequisite",prereq]) not currently in the schema - userLdif.append(["fedoraGroupJoinMsg",[str(group[6]) or "None" ]]) - ldifWriter.unparse("cn=" + str(group[7]) +",ou=FedoraGroups,dc=fedoraproject,dc=org" , userLdif ) - - - groupCursor.close() - - # Select all roles from the DB - - try: - if verbose: - print "Selecting all roles from Postgres Database" - roleCursor = dbConn.cursor() - roleCursor.execute ("SELECT * FROM role") - #person_id, project_group_id, role_type, role_domain, role_status, internal_comments, sponsor_id (Points to a person), creation (TIMESTAMP), approval (TIMESTAMP) - except: - print "Error selecting roles from db" - raise - sys.exit(1) - while 1: - role = roleCursor.fetchone() - if role == None: - break - date1 = str(role[7]).split('.')[0] - date2 = str(role[8]).split('.')[0] - try: - timestamp1 = time.strftime('%s', time.strptime(date1, "%Y-%m-%d %H:%M:%S")) - except: - timestamp1 = "None" - try: - timestamp2 = time.strftime('%s', time.strptime(date2, "%Y-%m-%d %H:%M:%S")) - except: - timestamp2 = "None" - # TODO: Create method createLdapRoleEntry(group) - #(dn, entry) = createLdapGroupRole(group) - if options.outType == "ldif": - ldifWriter.unparse(dn, entry) - else: - #ldapConn.add_s(dn, entry) - #person_id0, group_project_id1, role_type2, role_domain3, role_status4, internal_comments5, sponsor_id6, creation7, approval8 - - - uidRoleCursor = dbConn.cursor() - uidRoleCursor.execute ("SELECT username FROM person where id =" + str(role[0]) ) - username = uidRoleCursor.fetchone() - uidRoleCursor.execute ("SELECT name FROM project_group where id =" + str(role[1]) ) - group = uidRoleCursor.fetchone() - if str(role[6]) != "None" : - uidRoleCursor.execute ("SELECT username FROM person where id =" + str(role[6]) ) - sponsor = uidRoleCursor.fetchone() - else: - sponsor = ["None"] - - print "Adding " + str(role[4]) + " role info for " + group[0] + " for user " + username[0] + "." - #if str(group[6]) != "None" : - # uidLookupCursor.execute ("SELECT name FROM project_group where id =" + str(group[6]) ) - # prereq = uidLookupCursor.fetchone() - # print prereq - #else: - # prereq=["None"] - #print owner - - #person_id0, group_project_id1, role_type2, role_domain3, role_status4, internal_comments5, sponsor_id6, creation7, approval8 - - roleLdif = [["objectClass",["fedoraRole"]] ] - #roleLdif.append(["cn",[str(group[0]) + str(role[2])]]) #Fix me - roleLdif.append(["cn",[str(group[0])]]) #Fix me - roleLdif.append(["fedoraRoleType",[str(role[2])]]) - roleLdif.append(["fedoraRoleDomain",[str(role[3]) or "None" ]]) - roleLdif.append(["fedoraRoleStatus",[str(role[4])]]) - roleLdif.append(["fedoraRoleSponsor",sponsor]) - roleLdif.append(["fedoraRoleCreationDate",[str(timestamp1)]]) - roleLdif.append(["fedoraRoleApprovalDate",[str(timestamp2)]]) - - ldifWriter.unparse("cn=" + group[0] + ",ou=Roles,cn=" + username[0] + ",ou=People,dc=fedoraproject,dc=org" , roleLdif ) - - roleCursor.close() - - sys.exit(1) -if __name__ == "__main__": - main() diff --git a/fas/ldap/fedoraGroup.schema b/fas/ldap/fedoraGroup.schema deleted file mode 100644 index 90e06b3..0000000 --- a/fas/ldap/fedoraGroup.schema +++ /dev/null @@ -1,45 +0,0 @@ -#this is the fedora group schema file for use with the accounts system2 -#it currently contains the following: -#owner (the owner's DN) -#group_type -#needs_sponsor -#user_can_remove (will be handled by ACLs, but we need to clue the interface about it) -#prerequisite_id (no idea what that is, so maybe not) -- not included yet -#joinmsg - - -attributeType ( 2.5.444.10 NAME 'fedoraGroupOwner' - DESC 'group owner' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) - - -attributeType ( 2.5.444.11 NAME 'fedoraGroupType' - DESC 'the type of group' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) - -attributeType ( 2.5.444.12 NAME 'fedoraGroupNeedsSponsor' - DESC 'boolean indicating whether or not the group needs a sponsor' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -attributeType ( 2.5.444.13 NAME 'fedoraGroupUserCanRemove' - DESC 'boolean indicating whether or not the user can remove the group' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -attributeType ( 2.5.444.14 NAME 'fedoraGroupJoinMsg' - DESC 'message received upon joining the group' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1000} ) - - -objectclass ( 2.5.555.3 - NAME 'fedoraGroup' - DESC 'A object describing a group entry' - STRUCTURAL - MAY ( fedoraGroupJoinMsg $ fedoraGroupUsercanRemove $ fedoraGroupType $ fedoraGroupNeedsSponsor $ fedoraGroupUserCanRemove ) - MUST ( cn $ fedoraGroupOwner ) - ) diff --git a/fas/ldap/fedoraPerson.schema b/fas/ldap/fedoraPerson.schema deleted file mode 100644 index d20fdef..0000000 --- a/fas/ldap/fedoraPerson.schema +++ /dev/null @@ -1,57 +0,0 @@ -#this is the fedoraPerson shema file for use with the Account system -#it is based on the inetOrgPerson shema, but has some spicific -#attribues added onto it for use by the Account system -#for now this is the contents -#sshkey bugzillaemail ircNick approvalStatus creationDate -attributeType ( 2.5.444.8 NAME 'fedoraPersonSshKey' - DESC 'ssh key for this member' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{4096} - SINGLE-VALUE) - -attributeType ( 2.5.444.9 NAME 'fedoraPersonBugzillaMail' - DESC 'members preferred bugzilla email address' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributeType ( 2.5.444.16 NAME 'fedoraPersonIrcNick' - DESC 'irc nick of the user on freenode' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{100} ) - -attributetype ( 2.5.444.17 NAME 'fedoraPersonCreationDate' - DESC 'date entry was created' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE ) - -attributeType ( 2.5.444.18 NAME 'fedoraPersonApprovalStatus' - DESC 'users approval status' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) - - -attributeType ( 2.5.444.19 NAME 'fedoraPersonKeyId' - DESC 'users GPG key ID' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) - - -# fedoraPerson -# The fedoraPerson represents people who are a member of the fedora project -# in some way. It is a structural class and inherits -# from the inetOrgPerson class -objectclass ( 2.5.555.1 - NAME 'fedoraPerson' - DESC 'A member of the fedoraproject group' - SUP inetOrgPerson - STRUCTURAL - MUST ( fedoraPersonSshKey $ mail $ fedoraPersonCreationDate ) - MAY (fedoraPersonIrcNick $ fedoraPersonApprovalStatus $ fedoraPersonBugzillaMail $ fedoraPersonKeyId ) - ) diff --git a/fas/ldap/fedoraRole.schema b/fas/ldap/fedoraRole.schema deleted file mode 100644 index 8dd6058..0000000 --- a/fas/ldap/fedoraRole.schema +++ /dev/null @@ -1,66 +0,0 @@ -#this is the fedoraMembership shema file for use with the Account system -#check out http://www.openldap.org/doc/admin23/schema.html#Extending%20Schema -#for more information -#for now this is the contents -#role_type -#role_domain -#role_status -#internal_comments -#sponsor (points to the sponsor's DN) -#creation (date) -#approval (date) -#don't have a name use cn instead -#attributeType ( 2.5.444.1 NAME 'name' -# DESC 'group name' -# EQUALITY caseIgnoreMatch -# SUBSTR caseIgnoreSubstringsMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} ) - -attributeType ( 2.5.444.2 NAME 'fedoraRoleType' - DESC 'the type of role' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{25} ) - - -attributeType ( 2.5.444.15 NAME 'fedoraRoleDomain' - DESC 'the domain of this role' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{15} ) - -attributeType ( 2.5.444.3 NAME 'fedoraRoleStatus' - DESC 'the approval status of this role' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{15} ) - - -#attributeType ( 2.5.444.4 NAME 'internalComments' -# DESC 'group membership comments' -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1000} ) - - -attributeType ( 2.5.444.5 NAME 'fedoraRoleSponsor' - DESC 'role sponsor' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{25} ) - -attributeType ( 2.5.444.6 NAME 'fedoraRoleCreationDate' - DESC 'membership creation date' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributeType ( 2.5.444.7 NAME 'fedoraRoleApprovalDate' - DESC 'membership approval date' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -objectclass ( 2.5.555.2 - NAME 'fedoraRole' - DESC 'An object describing a persons roles with the fedora project' - STRUCTURAL - MAY ( fedoraRoleApprovalDate $ fedoraRoleCreationDate $ fedoraRoleType $ fedoraRoleStatus $ fedoraRoleDomain $ fedoraRoleSponsor ) - MUST ( cn ) - )