Skip to content

Commit

Permalink
Merge branch 'master' into production
Browse files Browse the repository at this point in the history
  • Loading branch information
xkostka2 committed Dec 16, 2021
2 parents ed84513 + fbb9ca8 commit c91c5ce
Show file tree
Hide file tree
Showing 13 changed files with 1,074 additions and 2 deletions.
124 changes: 124 additions & 0 deletions gen/ldap_it4i
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
#!/usr/bin/perl

use strict;
use warnings;
use perunServicesInit;
use perunServicesUtils;

our $SERVICE_NAME = "ldap_it4i";
local $::PROTOCOL_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.0";

perunServicesInit::init;
my $DIRECTORY = perunServicesInit::getDirectory;
my $fileName = "$DIRECTORY/$::SERVICE_NAME".".ldif";
my $baseDnFileName = "$DIRECTORY/baseDN";

my $data = perunServicesInit::getHashedHierarchicalData;

# constants
our $A_F_BASE_DN; *A_F_BASE_DN = \'urn:perun:facility:attribute-def:def:ldapBaseDN';
our $A_USER_LOGIN_EINFRA; *A_USER_LOGIN_EINFRA = \'urn:perun:user:attribute-def:def:login-namespace:einfra';
our $A_FIRST_NAME; *A_FIRST_NAME = \'urn:perun:user:attribute-def:core:firstName';
our $A_LAST_NAME; *A_LAST_NAME = \'urn:perun:user:attribute-def:core:lastName';
our $A_DISPLAY_NAME; *A_DISPLAY_NAME = \'urn:perun:user:attribute-def:core:displayName';
our $A_USER_PREFERRED_MAIL; *A_USER_PREFERRED_MAIL = \'urn:perun:user:attribute-def:def:preferredMail';
our $A_SSHKEYS; *A_SSHKEYS = \'urn:perun:user:attribute-def:def:sshPublicKey';
our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status';

our $STATUS_VALID; *STATUS_VALID = \'VALID';
our $STATUS_EXPIRED; *STATUS_EXPIRED = \'EXPIRED';
our $STATUS_DISABLED; *STATUS_DISABLED = \'DISABLED';

# check facility attribute
my $ldapBaseDN = $data->getFacilityAttributeValue( attrName => $A_F_BASE_DN );
if (!defined($ldapBaseDN)) {
exit 1;
}

# gather user data
my $users;

foreach my $resourceId ( $data->getResourceIds() ) {
foreach my $memberId ( $data->getMemberIdsForResource( resource => $resourceId )) {

my $login = $data->getUserAttributeValue( member => $memberId, attrName => $A_USER_LOGIN_EINFRA );
$users->{$login}->{$A_FIRST_NAME} = $data->getUserAttributeValue( member => $memberId, attrName => $A_FIRST_NAME );
$users->{$login}->{$A_LAST_NAME} = $data->getUserAttributeValue( member => $memberId, attrName => $A_LAST_NAME );
$users->{$login}->{$A_DISPLAY_NAME} = $data->getUserAttributeValue( member => $memberId, attrName => $A_DISPLAY_NAME );
$users->{$login}->{$A_USER_PREFERRED_MAIL} = $data->getUserAttributeValue( member => $memberId, attrName => $A_USER_PREFERRED_MAIL );
$users->{$login}->{$A_SSHKEYS} = $data->getUserAttributeValue( member => $memberId, attrName => $A_SSHKEYS );

my $status = $data->getMemberAttributeValue( member => $memberId, attrName => $A_MEMBER_STATUS );
if ($status eq $STATUS_VALID) {
$status = 'ACTIVE';
} elsif ($status eq $STATUS_EXPIRED) {
$status = 'INACTIVE';
} elsif ($status eq $STATUS_DISABLED) {
$status = 'ARCHIVED';
}
$users->{$login}->{$A_MEMBER_STATUS} = $status;
}
}

# print BASE_DN file
open FILE,">:encoding(UTF-8)","$baseDnFileName" or die "Cannot open $baseDnFileName: $! \n";
print FILE $ldapBaseDN;
close(FILE);

# print user data LDIF
open FILE,">:encoding(UTF-8)","$fileName" or die "Cannot open $fileName: $! \n";

for my $login (sort keys %$users) {

my $givenName = $users->{$login}->{$A_FIRST_NAME};
my $sn = $users->{$login}->{$A_LAST_NAME};

print FILE "dn: uid=" . $login . "," . $ldapBaseDN . "\n";
print FILE "uid: " . $login . "\n";

if (defined $givenName and length $givenName) {
print FILE "givenName: " . $givenName . "\n";
}

if (defined $sn and length $sn) {
print FILE "sn: " . $sn . "\n";
}

if (defined $sn and length $sn and defined $givenName and length $givenName) {
print FILE "cn: " . $givenName . " " . $sn . "\n";
} elsif (defined $sn and length $sn) {
print FILE "cn: " . $sn . "\n";
} elsif (defined $givenName and length $givenName) {
print FILE "cn: " . $givenName . "\n";
} else {
print FILE "cn: N/A\n";
}

print FILE "displayName: " . $users->{$login}->{$A_DISPLAY_NAME} . "\n";
print FILE "mail: " . $users->{$login}->{$A_USER_PREFERRED_MAIL} . "\n";
print FILE "userPassword: {SASL}" . $login . '@EINFRA' . "\n";
print FILE "status: " . $users->{$login}->{$A_MEMBER_STATUS} . "\n";

my $sshKeys = $users->{$login}->{$A_SSHKEYS};
if (defined $sshKeys and length $sshKeys) {
foreach my $sshKey (sort @$sshKeys) {
print FILE "sshPublicKey: " . $sshKey . "\n";
}
}

# print classes
print FILE "objectclass: top\n";
print FILE "objectclass: person\n";
print FILE "objectclass: einfraPerson\n";
print FILE "objectclass: inetOrgPerson\n";
print FILE "objectclass: ldapPublicKey\n";

# there must be empty line after each entry
print FILE "\n";

}

close FILE;

perunServicesInit::finalize;
203 changes: 203 additions & 0 deletions gen/vmware_ldap
Original file line number Diff line number Diff line change
@@ -0,0 +1,203 @@
#!/usr/bin/perl
use strict;
use warnings;
use perunServicesInit;
use perunServicesUtils;
use Text::Unidecode;

local $::SERVICE_NAME = "vmware_ldap";
local $::PROTOCOL_VERSION = "1.0.0";
my $SCRIPT_VERSION = "1.0.0";

perunServicesInit::init;
my $DIRECTORY = perunServicesInit::getDirectory;
my $fileName_users = "$DIRECTORY/$::SERVICE_NAME"."_users".".ldif";
my $fileName_groups = "$DIRECTORY/$::SERVICE_NAME"."_groups".".ldif";

my $baseDnFileName = "$DIRECTORY/baseDN";

my $data = perunServicesInit::getHashedHierarchicalData;

#Constants
our $A_F_BASE_DN; *A_F_BASE_DN = \'urn:perun:facility:attribute-def:def:ldapBaseDN';
our $A_R_VO_SHORT_NAME; *A_R_VO_SHORT_NAME = \'urn:perun:resource:attribute-def:virt:voShortName';
our $A_R_NAME; *A_R_NAME = \'urn:perun:resource:attribute-def:core:name';

# User attributes
our $A_USER_LOGIN; *A_USER_LOGIN = \'urn:perun:user:attribute-def:def:login-namespace:einfra';
our $A_FIRST_NAME; *A_FIRST_NAME = \'urn:perun:user:attribute-def:core:firstName';
our $A_LAST_NAME; *A_LAST_NAME = \'urn:perun:user:attribute-def:core:lastName';
our $A_MAIL; *A_MAIL = \'urn:perun:user:attribute-def:def:preferredMail';

# CHECK ON FACILITY ATTRIBUTES
my $ldapBaseDN = $data->getFacilityAttributeValue( attrName => $A_F_BASE_DN );
if (!defined($ldapBaseDN)) {
exit 1;
}

# GATHER USERS
my $users; # $users->{$login}->{ATTR} = $attrValue;
my $usersVos; # $users->{$login}->{$voShortName} = 1;
# GATHER VOS and RESOURCES
my $allVosAndResources; # $allVosAndResources->{$voShortName}->{$resourceName} = 1;
# GATHER USERS FROM RESOURCES
my $usersByResource; # $usersByResource->{$resourceName}->{$login}->{ATTR} = $attrValue;

# FOR EACH RESOURCE
foreach my $resourceId ( $data->getResourceIds() ) {

my $voShortName = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_VO_SHORT_NAME );
my $resourceName = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_NAME );

# Fill all VOs reference
$allVosAndResources->{$voShortName}->{$resourceName} = 1;

# FOR EACH MEMBER ON RESOURCE
foreach my $memberId ($data->getMemberIdsForResource( resource => $resourceId )) {

my $login = $data->getUserAttributeValue( member => $memberId, attrName => $A_USER_LOGIN );
my $firstName = $data->getUserAttributeValue( member => $memberId, attrName => $A_FIRST_NAME );
my $lastName = $data->getUserAttributeValue( member => $memberId, attrName => $A_LAST_NAME );
my $mail = $data->getUserAttributeValue( member => $memberId, attrName => $A_MAIL );

# Store users in Resources structure
$usersByResource->{$resourceName}->{$login}->{$A_FIRST_NAME} = $firstName;
$usersByResource->{$resourceName}->{$login}->{$A_LAST_NAME} = $lastName;
if (defined $mail and length $mail) {
$usersByResource->{$resourceName}->{$login}->{$A_MAIL} = $mail;
}

# Store same user in flat structure
$users->{$login}->{$A_FIRST_NAME} = $firstName;
$users->{$login}->{$A_LAST_NAME} = $lastName;
$users->{$login}->{$A_MAIL} = $mail;

# Store VOS for member
$usersVos->{$login}->{$voShortName} = 1;

}

}

#
# PRINT BASE_DN FILE
#
open FILE,">:encoding(UTF-8)","$baseDnFileName" or die "Cannot open $baseDnFileName: $! \n";
print FILE $ldapBaseDN;
close(FILE);

#
# PRINT LDIF FILE
#
open FILE,">:encoding(UTF-8)","$fileName_users" or die "Cannot open $fileName_users: $! \n";

# print base entry

print FILE "dn: ou=perun,ou=users," . $ldapBaseDN . "\n";
print FILE "ou: perun\n";
print FILE "objectClass: top\n";
print FILE "objectClass: organizationalUnit\n";
print FILE "\n";

# FLAT structure is stored in ou=perun,ou=users + base DN
for my $login (sort keys %$users) {

print FILE "dn: cn=" . $login . ",ou=perun,ou=users," . $ldapBaseDN . "\n";
print FILE "cn: " . $login . "\n";
print FILE "uid: " . $login . "\n";

my $givenName = $users->{$login}->{$A_FIRST_NAME};
if (defined $givenName and length $givenName) {
print FILE "givenname: " . $givenName . "\n";
}
my $sn = $users->{$login}->{$A_LAST_NAME};
if (defined $givenName and length $givenName) {
print FILE "sn: " . $users->{$login}->{$A_LAST_NAME} . "\n";
}

my $mail = $users->{$login}->{$A_MAIL};
if (defined $mail and length $mail) {
print FILE "mail: " . $mail . "\n";
}

print FILE "userpassword: {SASL}" . $login . '@EINFRA' . "\n";

# print VO membership information
my @vos = keys %{$usersVos->{$login}};
for my $vo (@vos) {
print FILE "ou: " . $vo . "\n";
}

# print classes
print FILE "objectclass: top\n";
print FILE "objectclass: inetOrgPerson\n";

# There MUST be an empty line after each entry, so entry sorting and diff works on slave part
print FILE "\n";

}

close(FILE);

#
# PRINT LDIF FILE
#
open FILE,">:encoding(UTF-8)","$fileName_groups" or die "Cannot open $fileName_groups: $! \n";

# print base entry

print FILE "dn: ou=perun,ou=groups," . $ldapBaseDN . "\n";
print FILE "ou: perun\n";
print FILE "objectClass: top\n";
print FILE "objectClass: organizationalUnit\n";
print FILE "\n";

# Print VOs entries like "ou=voShortName,ou=perun,ou=groups + baseDN"
# Then Print also Resources inside VOs like: "cn=resourceName,ou=voShortName,ou=groups + baseDN" and their uniqueMembers

# PRINT ALL VOS
my @vos = sort keys %{$allVosAndResources};
for my $vo (@vos) {

# PRINT VO
print FILE "dn: ou=" . $vo . ",ou=perun,ou=groups," . $ldapBaseDN . "\n";
print FILE "ou: " . $vo . "\n";
print FILE "objectclass: top\n";
print FILE "objectclass: organizationalUnit\n";

# There MUST be an empty line after each entry, so entry sorting and diff works on slave part
print FILE "\n";

# PRINT ALL RESOURCES
my @resources = sort keys %{$allVosAndResources->{$vo}};
for my $resource (@resources) {

my @usrs = sort keys %{$usersByResource->{$resource}};

# skip printing resource and it's users, if there are no users
unless (@usrs) {
next;
}

# PRINT RESOURCE
print FILE "dn: cn=" . $resource . ",ou=" . $vo . ",ou=perun,ou=groups," . $ldapBaseDN . "\n";
print FILE "cn: " . $resource . "\n";
print FILE "ou: " . $vo . "\n";
print FILE "objectclass: top\n";
print FILE "objectclass: groupOfUniqueNames\n";

# PRINT ALL USERS FROM RESOURCE
for my $u (@usrs) {
print FILE "uniquemember: cn=" . $u . ",ou=perun,ou=users," . $ldapBaseDN . "\n";
}

# There MUST be an empty line after each entry, so entry sorting and diff works on slave part
print FILE "\n";

}

}

close(FILE);

perunServicesInit::finalize;
4 changes: 2 additions & 2 deletions send/ADConnector.pm
Original file line number Diff line number Diff line change
Expand Up @@ -319,7 +319,7 @@ sub load_perun($){
ldap_log('ad_connection', "Error read Perun ldif: " . $entry->get_value('cn') . " | " . $ldif->error());
} else {
# push valid entry
push(@perun_entries, $entry) if (defined $entry and ($entry->get_value('cn') or $entry->get_value('ou')));
push(@perun_entries, $entry) if (defined $entry and ($entry->get_value('cn') or $entry->get_value('ou') or $entry->get_value('uid')));
}
}

Expand Down Expand Up @@ -363,7 +363,7 @@ sub load_ad($$$$) {

for my $entry ($mesg->entries) {
# store only valid entry from AD
push(@ad_entries,$entry) if ($entry->get_value('cn') or $entry->get_value('ou'));
push(@ad_entries,$entry) if ($entry->get_value('cn') or $entry->get_value('ou') or $entry->get_value('uid'));
}

# Paging Control
Expand Down
Loading

0 comments on commit c91c5ce

Please sign in to comment.