give Account class a __getitem__ method and use it

diff --git a/UDLdap.py b/UDLdap.py
index ce25bbb..447368d 100644 (file)
--- a/UDLdap.py
+++ b/UDLdap.py
@@ -1,16 +1,45 @@
+import ldap
+import time
 
 class Account:
-    def __init__(self, user):
-        searchresult = lc.search_s(BaseDn,ldap.SCOPE_SUBTREE, 'uid=%s'%(user))
+    array_values = ['keyFingerPrint']
+    int_values = ['shadowExpire']
+    defaults = {
+                 'accountStatus': 'active',
+                 'keyFingerPrint': []
+               }
+
+    @staticmethod
+    def from_search(ldap_connection, base, user):
+        searchresult = ldap_connection.search_s(base, ldap.SCOPE_SUBTREE, 'uid=%s'%(user))
         if len(searchresult) < 1:
             sys.stderr.write("No such user: %s\n"%(user))
             return
         elif len(searchresult) > 1:
             sys.stderr.write("More than one hit when getting %s\n"%(user))
             return
+        else:
+            return Account(searchresult[0][0], searchresult[0][1])
+
+    def __init__(self, dn, attributes):
+        self.dn = dn
+        self.attributes = attributes
 
-        self.dn, self.attributes = searchresult[0]
+    def __getitem__(self, key):
+        if key in self.attributes:
+            if key in self.array_values:
+                return self.attributes[key]
+            elif key in self.int_values:
+                return int(self.attributes[key][0])
+            else:
+                return self.attributes[key][0]
+        elif key in self.defaults:
+            return self.defaults[key]
+        else:
+            raise IndexError
 
+    def __contains__(self, key):
+        return key in self.attributes
 
     def has_mail(self):
         if 'mailDisableMessage' in self.attributes:
@@ -19,27 +48,19 @@ class Account:
 
     # not locked locked,  just reset to something invalid like {crypt}*SSLRESET* is still active
     def pw_active(self):
-        if self.attributes['userPassword'][0] == '{crypt}*LK*':
+        if self['userPassword'] == '{crypt}*LK*':
             return False
         return True
 
     # not expired
     def shadow_active(self):
-        if 'shadowExpire' in self.attributes and \
-            int(self.attributes['shadowExpire'][0]) < (time.time() / 3600 / 24):
+        if 'shadowExpire' in self and \
+            self['shadowExpire'] < (time.time() / 3600 / 24):
             return False
         return True
 
     def numkeys(self):
-        if 'keyFingerPrint' in self.attributes:
-            return len(self.attributes['keyFingerPrint'])
-        return 0
-
-    def account_status(self):
-        if 'accountStatus' in self.attributes:
-            return self.attributes['accountStatus'][0]
-        return 'active'
-
+        return len(self['keyFingerPrint'])
 
     def verbose_status(self):
         status = []
@@ -47,7 +68,7 @@ class Account:
         status.append('pw: %s'    %(['locked', 'active'][ self.pw_active() ]))
         status.append('shadow: %s'%(['expired', 'active'][ self.shadow_active() ]))
         status.append('keys: %d'  %( self.numkeys() ))
-        status.append('status: %s'%( self.account_status() ))
+        status.append('status: %s'%( self['accountStatus'] ))
 
         return '(%s)'%(', '.join(status))
 

diff --git a/ud-lock b/ud-lock
index 7035ed0..a274274 100755 (executable)
--- a/ud-lock
+++ b/ud-lock
@@ -48,8 +48,8 @@ def connect(user):
     return l
 
 def do_one_user(lc, user, ticket):
-    u = UDLdap.Account(user)
-    if not u.account_status() == 'active':
+    u = UDLdap.Account.from_search(lc, BaseDn, user)
+    if not u['accountStatus'] == 'active':
         sys.stderr.write('%s: Account is not active, skipping.  (details: %s)\n'%(user, u.verbose_status()))
         return