provision_homedir.py.j2

#!/usr/bin/python
import ldap
import traceback
import os
import stat
import shutil
import subprocess

class ldapSearchConfig:
    def __init__(self):
        self.ldapserver=""
        self.binddn=""
        self.bindpw=""
        self.baseDN=""
        self.searchFilter=""
        self.cacertfile=''

class genericUser:
    def __init__(self):
        self.dn=""
        self.cn=""
        self.entry=""
        self.uid=""

def get_users(server):
#    ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,server.cacertfile)
    ldap.set_option( ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER )
    l=ldap.initialize(server.ldapserver)
    l.simple_bind_s(server.binddn,server.bindpw)
    retrieveAttributes = ["*"]
    searchScope=ldap.SCOPE_SUBTREE
    try:
        ldap_result_id = l.search(server.baseDN,searchScope,server.searchFilter,retrieveAttributes)
    except ldap.LDAPError, e:
        pass
    rtype,rdata = l.result(ldap_result_id,1)
    allusers={}
    for user in rdata:
        dn=user[0]
        attrs=user[1]
        allusers[dn]=genericUser()
        allusers[dn].dn=dn
        allusers[dn].entry=attrs
    return allusers

def mk_homedir(path,uidNumber,gidNumber):
	skelroot = path.rsplit("/", 1)[0]
	# fix this later if your common/skel is located elsewhere
	skelpath = os.path.join(skelroot, 'common', 'skel')
	try:
		statinfo = os.stat(path)
	except OSError as e:
		if 'No such file or directory' in e:
		    shutil.copytree(skelpath, path)
	statinfo = os.stat(path)
	os.chown(path,uidNumber,gidNumber)
	recursive_chown(path, uidNumber, gidNumber)

# adapted from http://stackoverflow.com/questions/5994840/how-to-change-the-user-and-group-permissions-for-a-directory-by-name
def recursive_chown(path,uidNumber,gidNumber):
	si = os.stat(path)
	# just a precaution before we recursively apply uid/gid to a path
	if si.st_uid != uidNumber or si.st_gid != gidNumber:
		raise Exception("user home %s uid %d != %d, gid %d != %d mismatch" % (path,si.st_uid,uidNumber,si.st_gid,gidNumber))
	for root, dirs, files in os.walk(path):
		for dname in dirs:
			os.chown(os.path.join(root, dname), uidNumber, gidNumber)
		for fname in files:
			os.chown(os.path.join(root, fname), uidNumber, gidNumber)

def check_homedir(path,uidNumber,gidNumber):
	try:
		si = os.stat(path)
		if si.st_uid != uidNumber or si.st_gid != gidNumber:
			raise Exception("user home %s uid %d != %d, gid %d != %d mismatch" % (path,si.st_uid,uidNumber,si.st_gid,gidNumber))
		return True
	except:
		return False



s=ldapSearchConfig()
s.ldapserver="{{ ldapURI }}"
s.binddn="{{ ldapBindDN }}"
s.bindpw="{{ ldapBindDNPassword }}"
s.baseDN="{{ ldapBase }}"
s.searchFilter = "{{ ldap_access_filter }}"
homeDirEntry= "{{ homeDirEntry }}"
mnthome = "{{ mnthome }}"

users=get_users(s)
for user in users:
	try:
		if mnthome != "":
			path=mnthome+"/"+users[user].entry[homeDirEntry][0].rsplit("/",1)[1]
		else:
			path=users[user].entry[homeDirEntry][0]
		if not check_homedir(path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0])):
			mk_homedir(path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0]))
	except:
		print traceback.format_exc()
		pass