#!/usr/bin/python import ldap import traceback import os import stat import shutil import subprocess class ldapSearchConfig: def __init__(self): self.ldapserver="" self.binddn="" self.bindpw="" self.baseDN="" self.searchFilter="" self.cacertfile='' class genericUser: def __init__(self): self.dn="" self.cn="" self.entry="" self.uid="" def get_users(server): # ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,server.cacertfile) ldap.set_option( ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER ) l=ldap.initialize(server.ldapserver) l.simple_bind_s(server.binddn,server.bindpw) retrieveAttributes = ["*"] searchScope=ldap.SCOPE_SUBTREE try: ldap_result_id = l.search(server.baseDN,searchScope,server.searchFilter,retrieveAttributes) except ldap.LDAPError, e: pass rtype,rdata = l.result(ldap_result_id,1) allusers={} for user in rdata: dn=user[0] attrs=user[1] allusers[dn]=genericUser() allusers[dn].dn=dn allusers[dn].entry=attrs return allusers def mk_homedir(path,uidNumber,gidNumber): skelroot = path.rsplit("/", 1)[0] # fix this later if your common/skel is located elsewhere skelpath = os.path.join(skelroot, 'common', 'skel') try: statinfo = os.stat(path) except OSError as e: if 'No such file or directory' in e: shutil.copytree(skelpath, path) statinfo = os.stat(path) os.chown(path,uidNumber,gidNumber) recursive_chown(path, uidNumber, gidNumber) # adapted from http://stackoverflow.com/questions/5994840/how-to-change-the-user-and-group-permissions-for-a-directory-by-name def recursive_chown(path,uidNumber,gidNumber): si = os.stat(path) # just a precaution before we recursively apply uid/gid to a path if si.st_uid != uidNumber or si.st_gid != gidNumber: raise Exception("user home %s uid %d != %d, gid %d != %d mismatch" % (path,si.st_uid,uidNumber,si.st_gid,gidNumber)) for root, dirs, files in os.walk(path): for dname in dirs: os.chown(os.path.join(root, dname), uidNumber, gidNumber) for fname in files: os.chown(os.path.join(root, fname), uidNumber, gidNumber) def check_homedir(path,uidNumber,gidNumber): try: si = os.stat(path) if si.st_uid != uidNumber or si.st_gid != gidNumber: raise Exception("user home %s uid %d != %d, gid %d != %d mismatch" % (path,si.st_uid,uidNumber,si.st_gid,gidNumber)) return True except: return False s=ldapSearchConfig() s.ldapserver="{{ ldapURI }}" s.binddn="{{ ldapBindDN }}" s.bindpw="{{ ldapBindDNPassword }}" s.baseDN="{{ ldapBase }}" s.searchFilter = "{{ ldap_access_filter }}" homeDirEntry= "{{ homeDirEntry }}" mnthome = "{{ mnthome }}" users=get_users(s) for user in users: try: if mnthome != "": path=mnthome+"/"+users[user].entry[homeDirEntry][0].rsplit("/",1)[1] else: path=users[user].entry[homeDirEntry][0] if not check_homedir(path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0])): mk_homedir(path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0])) except: print traceback.format_exc() pass