From 42e1e16c5acc991134ff5f6e34d4812c3720eefe Mon Sep 17 00:00:00 2001 From: Daniel STAN Date: Sun, 27 Nov 2016 23:27:31 +0100 Subject: [PATCH] =?UTF-8?q?autogen=20conf=20crans=20(premi=C3=A8re=20versi?= =?UTF-8?q?on)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- utils/genconf_crans.py | 76 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100755 utils/genconf_crans.py diff --git a/utils/genconf_crans.py b/utils/genconf_crans.py new file mode 100755 index 0000000..1577f37 --- /dev/null +++ b/utils/genconf_crans.py @@ -0,0 +1,76 @@ +#!/bin/bash /usr/scripts/python.sh +# -*- coding: utf-8 -*- + +from __future__ import print_function, unicode_literals + +from lc_ldap import shortcuts +import pprint + +ROLES_FILE = '/var/lib/cpasswords/roles.py' +KEYS_FILE = '/var/lib/cpasswords/keys.py' + + +conn = shortcuts.lc_ldap_readonly() + +# Pour ne faire pas de conf à rallonge, cette liste ne contient pas +# tous les droits crans (par exemple multimachine ou apprenti sont exclus) +TOUS_DROITS = ["nounou", "apprenti", "bureau", "tresorier", "rtc", "president"] + +# Cette liste ne contient que les EXTRA (on rajoute les canoniques juste après) +ROLES_OF_DROITS = { + 'nounou': ['apprenti', 'apprenti-w'], + 'rtc': ['tresorier', 'tresorier-w'], + 'president': ['tresorier', 'tresorier-w'], +} +for droits in TOUS_DROITS: + if droits not in ROLES_OF_DROITS: + ROLES_OF_DROITS[droits] = [] + ROLES_OF_DROITS[droits] += [droits, droits+'-w'] + +def format_fpr(fpr): + return fpr.replace(' ','') + +roles = dict() +keys = dict() + +fa = '(|%s)' % ''.join(u'(droits=%s)' % x for x in TOUS_DROITS) + +#filterstr = '(&(!(droits=ancien))%s)' % fa +filterstr = fa + +for member in conn.search(filterstr): + # Member again ? + login = member['uid'][0].value + + # On remplit la clé + if member['gpgFingerprint']: + fpr = format_fpr(member['gpgFingerprint'][0].value) + else: + continue + #fpr = None + + # Now le mail associé + if member['gpgMail']: + mail = member['gpgMail'][0].value + else: + mail = member['mail'][0].value + + keys[login] = (mail, fpr) + + # Tous les droits pour login (sans doublon) + their_roles = set() + for droit in member['droits']: + their_roles.update(ROLES_OF_DROITS.get(droit.value.lower(), [])) + + # On remplit roles + for role in their_roles: + if role not in roles: + roles[role] = [] + roles[role].append(login) + +pp = pprint.PrettyPrinter(indent=4) +with open(KEYS_FILE, 'w') as f: + f.write('value = %s' % pp.pformat(keys)) + +with open(ROLES_FILE, 'w') as f: + f.write('value = %s' % pp.pformat(roles))