-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into production
- Loading branch information
Showing
13 changed files
with
1,074 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
#!/usr/bin/perl | ||
|
||
use strict; | ||
use warnings; | ||
use perunServicesInit; | ||
use perunServicesUtils; | ||
|
||
our $SERVICE_NAME = "ldap_it4i"; | ||
local $::PROTOCOL_VERSION = "3.0.0"; | ||
my $SCRIPT_VERSION = "3.0.0"; | ||
|
||
perunServicesInit::init; | ||
my $DIRECTORY = perunServicesInit::getDirectory; | ||
my $fileName = "$DIRECTORY/$::SERVICE_NAME".".ldif"; | ||
my $baseDnFileName = "$DIRECTORY/baseDN"; | ||
|
||
my $data = perunServicesInit::getHashedHierarchicalData; | ||
|
||
# constants | ||
our $A_F_BASE_DN; *A_F_BASE_DN = \'urn:perun:facility:attribute-def:def:ldapBaseDN'; | ||
our $A_USER_LOGIN_EINFRA; *A_USER_LOGIN_EINFRA = \'urn:perun:user:attribute-def:def:login-namespace:einfra'; | ||
our $A_FIRST_NAME; *A_FIRST_NAME = \'urn:perun:user:attribute-def:core:firstName'; | ||
our $A_LAST_NAME; *A_LAST_NAME = \'urn:perun:user:attribute-def:core:lastName'; | ||
our $A_DISPLAY_NAME; *A_DISPLAY_NAME = \'urn:perun:user:attribute-def:core:displayName'; | ||
our $A_USER_PREFERRED_MAIL; *A_USER_PREFERRED_MAIL = \'urn:perun:user:attribute-def:def:preferredMail'; | ||
our $A_SSHKEYS; *A_SSHKEYS = \'urn:perun:user:attribute-def:def:sshPublicKey'; | ||
our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status'; | ||
|
||
our $STATUS_VALID; *STATUS_VALID = \'VALID'; | ||
our $STATUS_EXPIRED; *STATUS_EXPIRED = \'EXPIRED'; | ||
our $STATUS_DISABLED; *STATUS_DISABLED = \'DISABLED'; | ||
|
||
# check facility attribute | ||
my $ldapBaseDN = $data->getFacilityAttributeValue( attrName => $A_F_BASE_DN ); | ||
if (!defined($ldapBaseDN)) { | ||
exit 1; | ||
} | ||
|
||
# gather user data | ||
my $users; | ||
|
||
foreach my $resourceId ( $data->getResourceIds() ) { | ||
foreach my $memberId ( $data->getMemberIdsForResource( resource => $resourceId )) { | ||
|
||
my $login = $data->getUserAttributeValue( member => $memberId, attrName => $A_USER_LOGIN_EINFRA ); | ||
$users->{$login}->{$A_FIRST_NAME} = $data->getUserAttributeValue( member => $memberId, attrName => $A_FIRST_NAME ); | ||
$users->{$login}->{$A_LAST_NAME} = $data->getUserAttributeValue( member => $memberId, attrName => $A_LAST_NAME ); | ||
$users->{$login}->{$A_DISPLAY_NAME} = $data->getUserAttributeValue( member => $memberId, attrName => $A_DISPLAY_NAME ); | ||
$users->{$login}->{$A_USER_PREFERRED_MAIL} = $data->getUserAttributeValue( member => $memberId, attrName => $A_USER_PREFERRED_MAIL ); | ||
$users->{$login}->{$A_SSHKEYS} = $data->getUserAttributeValue( member => $memberId, attrName => $A_SSHKEYS ); | ||
|
||
my $status = $data->getMemberAttributeValue( member => $memberId, attrName => $A_MEMBER_STATUS ); | ||
if ($status eq $STATUS_VALID) { | ||
$status = 'ACTIVE'; | ||
} elsif ($status eq $STATUS_EXPIRED) { | ||
$status = 'INACTIVE'; | ||
} elsif ($status eq $STATUS_DISABLED) { | ||
$status = 'ARCHIVED'; | ||
} | ||
$users->{$login}->{$A_MEMBER_STATUS} = $status; | ||
} | ||
} | ||
|
||
# print BASE_DN file | ||
open FILE,">:encoding(UTF-8)","$baseDnFileName" or die "Cannot open $baseDnFileName: $! \n"; | ||
print FILE $ldapBaseDN; | ||
close(FILE); | ||
|
||
# print user data LDIF | ||
open FILE,">:encoding(UTF-8)","$fileName" or die "Cannot open $fileName: $! \n"; | ||
|
||
for my $login (sort keys %$users) { | ||
|
||
my $givenName = $users->{$login}->{$A_FIRST_NAME}; | ||
my $sn = $users->{$login}->{$A_LAST_NAME}; | ||
|
||
print FILE "dn: uid=" . $login . "," . $ldapBaseDN . "\n"; | ||
print FILE "uid: " . $login . "\n"; | ||
|
||
if (defined $givenName and length $givenName) { | ||
print FILE "givenName: " . $givenName . "\n"; | ||
} | ||
|
||
if (defined $sn and length $sn) { | ||
print FILE "sn: " . $sn . "\n"; | ||
} | ||
|
||
if (defined $sn and length $sn and defined $givenName and length $givenName) { | ||
print FILE "cn: " . $givenName . " " . $sn . "\n"; | ||
} elsif (defined $sn and length $sn) { | ||
print FILE "cn: " . $sn . "\n"; | ||
} elsif (defined $givenName and length $givenName) { | ||
print FILE "cn: " . $givenName . "\n"; | ||
} else { | ||
print FILE "cn: N/A\n"; | ||
} | ||
|
||
print FILE "displayName: " . $users->{$login}->{$A_DISPLAY_NAME} . "\n"; | ||
print FILE "mail: " . $users->{$login}->{$A_USER_PREFERRED_MAIL} . "\n"; | ||
print FILE "userPassword: {SASL}" . $login . '@EINFRA' . "\n"; | ||
print FILE "status: " . $users->{$login}->{$A_MEMBER_STATUS} . "\n"; | ||
|
||
my $sshKeys = $users->{$login}->{$A_SSHKEYS}; | ||
if (defined $sshKeys and length $sshKeys) { | ||
foreach my $sshKey (sort @$sshKeys) { | ||
print FILE "sshPublicKey: " . $sshKey . "\n"; | ||
} | ||
} | ||
|
||
# print classes | ||
print FILE "objectclass: top\n"; | ||
print FILE "objectclass: person\n"; | ||
print FILE "objectclass: einfraPerson\n"; | ||
print FILE "objectclass: inetOrgPerson\n"; | ||
print FILE "objectclass: ldapPublicKey\n"; | ||
|
||
# there must be empty line after each entry | ||
print FILE "\n"; | ||
|
||
} | ||
|
||
close FILE; | ||
|
||
perunServicesInit::finalize; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,203 @@ | ||
#!/usr/bin/perl | ||
use strict; | ||
use warnings; | ||
use perunServicesInit; | ||
use perunServicesUtils; | ||
use Text::Unidecode; | ||
|
||
local $::SERVICE_NAME = "vmware_ldap"; | ||
local $::PROTOCOL_VERSION = "1.0.0"; | ||
my $SCRIPT_VERSION = "1.0.0"; | ||
|
||
perunServicesInit::init; | ||
my $DIRECTORY = perunServicesInit::getDirectory; | ||
my $fileName_users = "$DIRECTORY/$::SERVICE_NAME"."_users".".ldif"; | ||
my $fileName_groups = "$DIRECTORY/$::SERVICE_NAME"."_groups".".ldif"; | ||
|
||
my $baseDnFileName = "$DIRECTORY/baseDN"; | ||
|
||
my $data = perunServicesInit::getHashedHierarchicalData; | ||
|
||
#Constants | ||
our $A_F_BASE_DN; *A_F_BASE_DN = \'urn:perun:facility:attribute-def:def:ldapBaseDN'; | ||
our $A_R_VO_SHORT_NAME; *A_R_VO_SHORT_NAME = \'urn:perun:resource:attribute-def:virt:voShortName'; | ||
our $A_R_NAME; *A_R_NAME = \'urn:perun:resource:attribute-def:core:name'; | ||
|
||
# User attributes | ||
our $A_USER_LOGIN; *A_USER_LOGIN = \'urn:perun:user:attribute-def:def:login-namespace:einfra'; | ||
our $A_FIRST_NAME; *A_FIRST_NAME = \'urn:perun:user:attribute-def:core:firstName'; | ||
our $A_LAST_NAME; *A_LAST_NAME = \'urn:perun:user:attribute-def:core:lastName'; | ||
our $A_MAIL; *A_MAIL = \'urn:perun:user:attribute-def:def:preferredMail'; | ||
|
||
# CHECK ON FACILITY ATTRIBUTES | ||
my $ldapBaseDN = $data->getFacilityAttributeValue( attrName => $A_F_BASE_DN ); | ||
if (!defined($ldapBaseDN)) { | ||
exit 1; | ||
} | ||
|
||
# GATHER USERS | ||
my $users; # $users->{$login}->{ATTR} = $attrValue; | ||
my $usersVos; # $users->{$login}->{$voShortName} = 1; | ||
# GATHER VOS and RESOURCES | ||
my $allVosAndResources; # $allVosAndResources->{$voShortName}->{$resourceName} = 1; | ||
# GATHER USERS FROM RESOURCES | ||
my $usersByResource; # $usersByResource->{$resourceName}->{$login}->{ATTR} = $attrValue; | ||
|
||
# FOR EACH RESOURCE | ||
foreach my $resourceId ( $data->getResourceIds() ) { | ||
|
||
my $voShortName = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_VO_SHORT_NAME ); | ||
my $resourceName = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_NAME ); | ||
|
||
# Fill all VOs reference | ||
$allVosAndResources->{$voShortName}->{$resourceName} = 1; | ||
|
||
# FOR EACH MEMBER ON RESOURCE | ||
foreach my $memberId ($data->getMemberIdsForResource( resource => $resourceId )) { | ||
|
||
my $login = $data->getUserAttributeValue( member => $memberId, attrName => $A_USER_LOGIN ); | ||
my $firstName = $data->getUserAttributeValue( member => $memberId, attrName => $A_FIRST_NAME ); | ||
my $lastName = $data->getUserAttributeValue( member => $memberId, attrName => $A_LAST_NAME ); | ||
my $mail = $data->getUserAttributeValue( member => $memberId, attrName => $A_MAIL ); | ||
|
||
# Store users in Resources structure | ||
$usersByResource->{$resourceName}->{$login}->{$A_FIRST_NAME} = $firstName; | ||
$usersByResource->{$resourceName}->{$login}->{$A_LAST_NAME} = $lastName; | ||
if (defined $mail and length $mail) { | ||
$usersByResource->{$resourceName}->{$login}->{$A_MAIL} = $mail; | ||
} | ||
|
||
# Store same user in flat structure | ||
$users->{$login}->{$A_FIRST_NAME} = $firstName; | ||
$users->{$login}->{$A_LAST_NAME} = $lastName; | ||
$users->{$login}->{$A_MAIL} = $mail; | ||
|
||
# Store VOS for member | ||
$usersVos->{$login}->{$voShortName} = 1; | ||
|
||
} | ||
|
||
} | ||
|
||
# | ||
# PRINT BASE_DN FILE | ||
# | ||
open FILE,">:encoding(UTF-8)","$baseDnFileName" or die "Cannot open $baseDnFileName: $! \n"; | ||
print FILE $ldapBaseDN; | ||
close(FILE); | ||
|
||
# | ||
# PRINT LDIF FILE | ||
# | ||
open FILE,">:encoding(UTF-8)","$fileName_users" or die "Cannot open $fileName_users: $! \n"; | ||
|
||
# print base entry | ||
|
||
print FILE "dn: ou=perun,ou=users," . $ldapBaseDN . "\n"; | ||
print FILE "ou: perun\n"; | ||
print FILE "objectClass: top\n"; | ||
print FILE "objectClass: organizationalUnit\n"; | ||
print FILE "\n"; | ||
|
||
# FLAT structure is stored in ou=perun,ou=users + base DN | ||
for my $login (sort keys %$users) { | ||
|
||
print FILE "dn: cn=" . $login . ",ou=perun,ou=users," . $ldapBaseDN . "\n"; | ||
print FILE "cn: " . $login . "\n"; | ||
print FILE "uid: " . $login . "\n"; | ||
|
||
my $givenName = $users->{$login}->{$A_FIRST_NAME}; | ||
if (defined $givenName and length $givenName) { | ||
print FILE "givenname: " . $givenName . "\n"; | ||
} | ||
my $sn = $users->{$login}->{$A_LAST_NAME}; | ||
if (defined $givenName and length $givenName) { | ||
print FILE "sn: " . $users->{$login}->{$A_LAST_NAME} . "\n"; | ||
} | ||
|
||
my $mail = $users->{$login}->{$A_MAIL}; | ||
if (defined $mail and length $mail) { | ||
print FILE "mail: " . $mail . "\n"; | ||
} | ||
|
||
print FILE "userpassword: {SASL}" . $login . '@EINFRA' . "\n"; | ||
|
||
# print VO membership information | ||
my @vos = keys %{$usersVos->{$login}}; | ||
for my $vo (@vos) { | ||
print FILE "ou: " . $vo . "\n"; | ||
} | ||
|
||
# print classes | ||
print FILE "objectclass: top\n"; | ||
print FILE "objectclass: inetOrgPerson\n"; | ||
|
||
# There MUST be an empty line after each entry, so entry sorting and diff works on slave part | ||
print FILE "\n"; | ||
|
||
} | ||
|
||
close(FILE); | ||
|
||
# | ||
# PRINT LDIF FILE | ||
# | ||
open FILE,">:encoding(UTF-8)","$fileName_groups" or die "Cannot open $fileName_groups: $! \n"; | ||
|
||
# print base entry | ||
|
||
print FILE "dn: ou=perun,ou=groups," . $ldapBaseDN . "\n"; | ||
print FILE "ou: perun\n"; | ||
print FILE "objectClass: top\n"; | ||
print FILE "objectClass: organizationalUnit\n"; | ||
print FILE "\n"; | ||
|
||
# Print VOs entries like "ou=voShortName,ou=perun,ou=groups + baseDN" | ||
# Then Print also Resources inside VOs like: "cn=resourceName,ou=voShortName,ou=groups + baseDN" and their uniqueMembers | ||
|
||
# PRINT ALL VOS | ||
my @vos = sort keys %{$allVosAndResources}; | ||
for my $vo (@vos) { | ||
|
||
# PRINT VO | ||
print FILE "dn: ou=" . $vo . ",ou=perun,ou=groups," . $ldapBaseDN . "\n"; | ||
print FILE "ou: " . $vo . "\n"; | ||
print FILE "objectclass: top\n"; | ||
print FILE "objectclass: organizationalUnit\n"; | ||
|
||
# There MUST be an empty line after each entry, so entry sorting and diff works on slave part | ||
print FILE "\n"; | ||
|
||
# PRINT ALL RESOURCES | ||
my @resources = sort keys %{$allVosAndResources->{$vo}}; | ||
for my $resource (@resources) { | ||
|
||
my @usrs = sort keys %{$usersByResource->{$resource}}; | ||
|
||
# skip printing resource and it's users, if there are no users | ||
unless (@usrs) { | ||
next; | ||
} | ||
|
||
# PRINT RESOURCE | ||
print FILE "dn: cn=" . $resource . ",ou=" . $vo . ",ou=perun,ou=groups," . $ldapBaseDN . "\n"; | ||
print FILE "cn: " . $resource . "\n"; | ||
print FILE "ou: " . $vo . "\n"; | ||
print FILE "objectclass: top\n"; | ||
print FILE "objectclass: groupOfUniqueNames\n"; | ||
|
||
# PRINT ALL USERS FROM RESOURCE | ||
for my $u (@usrs) { | ||
print FILE "uniquemember: cn=" . $u . ",ou=perun,ou=users," . $ldapBaseDN . "\n"; | ||
} | ||
|
||
# There MUST be an empty line after each entry, so entry sorting and diff works on slave part | ||
print FILE "\n"; | ||
|
||
} | ||
|
||
} | ||
|
||
close(FILE); | ||
|
||
perunServicesInit::finalize; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.