if DnRecord[1].has_key("supplementaryGid") == 0:
return 0;
- # Check the supplementary groups
- for I in DnRecord[1]["supplementaryGid"]:
- s = I.split('@', 1)
- group = s[0]
- if len(s) == 2 and s[1] != CurrentHost:
- continue;
- if Allowed.has_key(group):
+ supgroups=[]
+ addGroups(supgroups, DnRecord[1]["supplementaryGid"], GetAttr(DnRecord,"uid"))
+ for g in supgroups:
+ if Allowed.has_key(g):
return 1;
return 0;
continue
if not GroupIDMap.has_key(group):
- print "Group does not exist ",group,"but",uid,"is in it"
+ print "Group", group, "does not exist but", uid, "is in it"
continue
existingGroups.append(group)
if SubGroupMap.has_key(group):
- addGroups(existingGroups, SubGroupMap[group])
+ addGroups(existingGroups, SubGroupMap[group], uid)
# Generate the group list
def GenGroup(l,File):
raise;
Done(File,F,None);
+def isRoleAccount(pwEntry):
+ if not pwEntry.has_key("objectClass"):
+ raise "pwEntry has no objectClass"
+ oc = pwEntry['objectClass']
+ try:
+ i = oc.index('debianRoleAccount')
+ return True
+ except ValueError:
+ return False
+
# Generate the DNS Zone file
def GenDNS(l,File,HomePrefix):
F = None;
continue;
# If the account has no PGP key, do not write it
- if x[1].has_key("keyFingerPrint") == 0:
+ if x[1].has_key("keyFingerPrint") == 0 and not isRoleAccount(x[1]):
continue;
try:
F.write("; %s\n"%(EmailAddress(x)));
# Generate the debianhosts file (list of all IP addresses)
def GenHosts(l,File):
- F = None;
+ F = None
try:
- OldMask = os.umask(0022);
- F = open(File + ".tmp","w",0644);
- os.umask(OldMask);
-
- # Fetch all the hosts
- HostNames = l.search_s(HostBaseDn,ldap.SCOPE_ONELEVEL,"hostname=*",\
- ["hostname"]);
-
- if HostNames == None:
- raise "No Hosts";
-
- for x in HostNames:
- if x[1].has_key("hostname") == 0:
- continue;
- Host = GetAttr(x,"hostname");
- try:
- Addr = socket.gethostbyname(Host);
- F.write(Addr + "\n");
- except:
- pass
+ OldMask = os.umask(0022)
+ F = open(File + ".tmp","w",0644)
+ os.umask(OldMask)
+
+ # Fetch all the hosts
+ hostnames = l.search_s(HostBaseDn, ldap.SCOPE_ONELEVEL, "hostname=*",
+ ["hostname"])
+
+ if hostnames == None:
+ raise "No Hosts"
+
+ seen = set()
+ for x in hostnames:
+ host = GetAttr(x,"hostname", None)
+ if host:
+ addrs = []
+ try:
+ addrs += socket.getaddrinfo(host, None, socket.AF_INET)
+ except socket.error:
+ pass
+ try:
+ addrs += socket.getaddrinfo(host, None, socket.AF_INET6)
+ except socket.error:
+ pass
+
+ for addrinfo in addrs:
+ if addrinfo[0] in (socket.AF_INET, socket.AF_INET6):
+ addr = addrinfo[4][0]
+ if addr not in seen:
+ print >> F, addrinfo[4][0]
+ seen.add(addr)
# Oops, something unspeakable happened.
except:
- Die(File,F,None);
- raise;
- Done(File,F,None);
+ Die(File,F,None)
+ raise
+ Done(File,F,None)
def GenKeyrings(l,OutDir):
for k in Keyrings:
"allowedHost","sshRSAAuthKey","dnsZoneEntry","cn","sn",\
"keyFingerPrint","privateSub","mailDisableMessage",\
"mailGreylisting","mailCallout","mailRBL","mailRHSBL",\
- "mailWhitelist", "sudoPassword"]);
+ "mailWhitelist", "sudoPassword", "objectClass"]);
# Fetch all the hosts
HostAttrs = l.search_s(HostBaseDn,ldap.SCOPE_ONELEVEL,"sshRSAHostKey=*",\
["hostname","sshRSAHostKey","purpose"]);
projects / mirror / userdir-ldap.git / blobdiff