user: LDAP user management refactoring

2013-08-03 03:41:20 +03:00 · 2013-08-03 03:41:20 +03:00 · 0b73e7782c
commit 0b73e7782c
parent d784356112
3 changed files with 144 additions and 162 deletions
--- a/user/scripts/update-virtual.rb
+++ b/user/scripts/update-virtual.rb
@ -1,15 +1,14 @@
-
-require 'ldap'
+require 'set'
 require 'uri'
+require 'ldap'

 basedn = ''
 conn = ''

-f = File.new('/etc/openldap/ldap.conf', 'r')
-f.readlines.each do |line|
+File.readlines('/etc/openldap/ldap.conf').each do |line|
    line = line.strip
-    next if line =~ /^#/
-    next if line == ''
+    next if line.empty?
+    next if line.start_with?('#')
    line = line.split
    if line[0] == 'BASE'
        basedn = line[1]
@ -19,14 +18,10 @@ f.readlines.each do |line|
            uri = URI.parse(uri)
            begin
                if uri.scheme == 'ldaps'
-                    if ! uri.port
-                        uri.port = 636
-                    end
+                    uri.port = 636 unless uri.port
                    conn = LDAP::SSLConn.new(uri.host, uri.port)
                else
-                    if ! uri.port
-                        uri.port = 389
-                    end
+                    uri.port = 389 unless uri.port
                    conn = LDAP::Conn.new(uri.host, uri.port)
                end
                conn.bind
@ -37,76 +32,90 @@ f.readlines.each do |line|
        end
    end
 end
-f.close

 print "class user::virtual {\n"

-conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
-	    ['uid', 'uidNumber', 'gidNumber', 'gecos', 'homeDirectory',
-	     'loginShell' ]) { |entry|
-    groups = []
-    filter = '(&(objectClass=posixGroup)(|(uniqueMember=' + entry.get_dn \
-	     + ')(memberUid=' + entry['uid'][0] + ')))'
-    conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, ['cn']) { |group|
-	groups << group['cn'][0]
-    }
-    prigroup = nil
-    conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, \
-		'(&(objectClass=posixGroup)(gidNumber=' + entry['gidNumber'][0] + '))', \
-		['cn']) { |group|
-	prigroup = group['cn'][0]
-    }
+filter = 'objectClass=posixAccount'
+attrs = [
+    'uid',
+    'uidNumber',
+    'gidNumber',
+    'gecos',
+    'homeDirectory',
+    'loginShell',
+]
+conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, attrs) do |entry|
+    dn = entry.get_dn
+    uid = entry['uid'][0]
+    uidnumber=entry['uidNumber'][0]
+    gidnumber=entry['gidNumber'][0]
+
+    primarygroup = nil
+    groups = Set.new
+
+    filter = '(&(objectClass=posixGroup)(gidNumber=%s))' % gidnumber
+    conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, ['cn']) do |group|
+        primarygroup = group['cn'][0]
+    end
+
+    continue if primarygroup.nil?
+
+    filter = '(&(objectClass=posixGroup)(|(uniqueMember=%s)(memberUid=%s)))' % [ dn, uid ]
+    conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, ['cn']) do |group|
+        groups << group['cn'][0]
+    end

    print "\n"
-    print "    @user::newuser { '%s':\n" % entry['uid'][0]
-    print "        uid           => '%s',\n" % entry['uidNumber'][0]
-    print "        gid           => '%s',\n" % entry['gidNumber'][0]
+    print "    @user::add { \"%s\":\n" % uid
+    print "        uid     => \"%s\",\n" % uidnumber
+    print "        gid     => \"%s\",\n" % gidnumber
    begin
-        print "        comment       => '%s',\n" % entry['gecos'][0]
+        print "        comment => \"%s\",\n" % entry['gecos'][0]
    rescue
-        print "        comment       => '%s',\n" % entry['uid'][0]
+        print "        comment => \"%s\",\n" % entry['uid'][0]
    end
-    print "        home          => '%s',\n" % entry['homeDirectory'][0]
+    print "        home    => \"%s\",\n" % entry['homeDirectory'][0]
    begin
-        print "        shell         => '%s',\n" % entry['loginShell'][0]
+        print "        shell   => \"%s\",\n" % entry['loginShell'][0]
    rescue
-        print "        shell         => '%s',\n" % "/bin/bash"
+        print "        shell   => \"%s\",\n" % "/bin/bash"
    end
-    if groups.length > 0
-	print "        groups        => $operatingsystem ? {\n"
-	print "            openbsd => [ "
-	groups.each do |group|
-	    print "'" + group + "', "
-	end
-	print "'wheel', " if groups.include?('sysadm')
-	print "],\n"
-	print "            default => [ "
-	groups.each do |group|
-	    print "'" + group + "', "
-	end
-	print "],\n        },\n"
+    unless groups.empty?
+        print "        groups  => $::operatingsystem ? {\n"
+        print "            \"openbsd\" => [ "
+        groups.each do |group|
+            print "\"%s\", " % group
+        end
+        print "\"wheel\", " if groups.include?('sysadm')
+        print "],\n"
+        print "            default   => [ "
+        groups.each do |group|
+            print "\"%s\", " % group
+        end
+        print "],\n        },\n"
    end
-    print "        requiregroups => [ Group['" + prigroup + "'],"
+    print "        require => [\n"
+    print "            Group[\"%s\"],\n" % primarygroup
    groups.each do |group|
-	print "\n                           Group['" + group + "'],"
+        print "            Group[\"%s\"],\n" % group
    end
-    print " ],\n"
+    print "        ],\n"
    print "    }\n"
+end

-}
-
-
-conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixGroup',
-	    ['cn', 'gidNumber', 'memberUid', 'uniqueMember']) { |entry|
-
-    # generate virtual group entry
+filter = 'objectClass=posixGroup'
+attrs = [
+    'cn',
+    'gidNumber',
+    'memberUid',
+    'uniqueMember',
+]
+conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, attrs) do |entry|
    print "\n"
-    print "    @group { '" + entry['cn'][0] + "':\n"
+    print "    @group { \"%s\":\n" % entry['cn'][0]
    print "        ensure => present,\n"
-    print "        gid    => '" + entry['gidNumber'][0] + "',\n"
+    print "        gid    => %s,\n" % entry['gidNumber'][0]
    print "    }\n"
-
-}
-
+end

 print "\n}\n"