[Evolvis-commits] r203: copy from admin-scripts (private repo) r713 and add a README↵ note : these are administrative and, as such, will never be↵ installed with the . deb packages↵

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Nov 5 16:08:46 CET 2009


Author: mirabilos
Date: 2009-11-05 15:08:46 +0000 (Thu, 05 Nov 2009)
New Revision: 203

Added:
   trunk/gforge_base/gforge-4.8.1+evolvis/univention/
   trunk/gforge_base/gforge-4.8.1+evolvis/univention/README
   trunk/gforge_base/gforge-4.8.1+evolvis/univention/call_evolvis.sh
   trunk/gforge_base/gforge-4.8.1+evolvis/univention/testlst.py
   trunk/gforge_base/gforge-4.8.1+evolvis/univention/usync.sh
Log:
copy from admin-scripts (private repo) r713 and add a README
note: these are administrative and, as such, will never be
installed with the .deb packages


Added: trunk/gforge_base/gforge-4.8.1+evolvis/univention/README
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/univention/README	                        (rev 0)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/univention/README	2009-11-05 15:08:46 UTC (rev 203)
@@ -0,0 +1,21 @@
+$Id$
+
+These are an example of how to set up a Univention Corporate Server 2.2
+to dump changes in the user database (based on isMitarbeiter=1, an LDAP
+schema modification of ours) using a push method as soon as they happen
+(including a way to do them all at once, both for first-time setup, and
+for when the evolvis-forge has been unreachable during changes). It ac-
+and deactivates users as well, severing access upon removal from LDAP.
+
+This is a prototype and, as such, a bit hackish, but has worked for us,
+for a while.
+
+Install the testlst.py on the UCS Master DC after copying and modifying
+the call_evolvis.sh script (enter the FQDN(s) or IP address(es) of your
+evolvis-forge instances there) and making sure that ssh as root works –
+the known_hosts entry is also needed, since the actual run is batch.
+The usync.sh script belongs onto each instance.
+
+
+Thorsten Glaser
+tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH


Property changes on: trunk/gforge_base/gforge-4.8.1+evolvis/univention/README
___________________________________________________________________
Name: svn:keywords
   + Author CVSHeader Date Id LastChangedBy LastChangedDate LastChangedRevision Log Revision Source State

Added: trunk/gforge_base/gforge-4.8.1+evolvis/univention/call_evolvis.sh
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/univention/call_evolvis.sh	                        (rev 0)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/univention/call_evolvis.sh	2009-11-05 15:08:46 UTC (rev 203)
@@ -0,0 +1,12 @@
+#!/bin/sh
+# $Id$
+#-
+# root at ucs:/root/call_evolvis.sh
+
+#echo "D '$1' '$2' '$3' '$4' '$5' '$6' '$7'"
+
+for system in forge1.domain.com forge2.domain.org …; do
+	ssh -Tl root $system /bin/sh <<EOF
+/root/usync.sh '$1' '$2' '$3' '$4' '$5' '$6' '$7'
+EOF
+done


Property changes on: trunk/gforge_base/gforge-4.8.1+evolvis/univention/call_evolvis.sh
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Author CVSHeader Date Id LastChangedBy LastChangedDate LastChangedRevision Log Revision Source State

Added: trunk/gforge_base/gforge-4.8.1+evolvis/univention/testlst.py
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/univention/testlst.py	                        (rev 0)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/univention/testlst.py	2009-11-05 15:08:46 UTC (rev 203)
@@ -0,0 +1,222 @@
+#!/usr/bin/python2.4
+# -*- coding: utf-8 -*-
+# $Id$
+#-
+# Copyright © 2009
+#	Thorsten Glaser <t.glaser at tarent.de>
+#
+# Provided that these terms and disclaimer and all copyright notices
+# are retained or reproduced in an accompanying document, permission
+# is granted to deal in this work without restriction, including un‐
+# limited rights to use, publicly perform, distribute, sell, modify,
+# merge, give away, or sublicence.
+#
+# This work is provided “AS IS” and WITHOUT WARRANTY of any kind, to
+# the utmost extent permitted by applicable law, neither express nor
+# implied; without malicious intent or gross negligence. In no event
+# may a licensor, author or contributor be held liable for indirect,
+# direct, other damage, loss, or other issues arising in any way out
+# of dealing in the work, even if advised of the possibility of such
+# damage or existence of a defect, except proven that it results out
+# of said person’s immediate fault when using the work as intended.
+#-
+# root at ucs:/usr/lib/univention-directory-listener/system/testlst.py
+
+name = 'testlst'
+description = 'Test for: sync Mitarbeiter into evolvis-ff'
+filter = '(isMitarbeiter=1)'
+# we get called if any of these change, but we always get them all
+attributes = ['givenName', 'mailPrimaryAddress', 'sn', 'uid', 'userPassword']
+
+import datetime
+import ldif
+import listener
+import os
+import string
+import subprocess
+import sys
+import types
+import univention.debug
+import univention.utf8
+import univention_baseconfig
+
+class ParseLDIF(ldif.LDIFParser):
+
+	entries = {}
+
+	def handle(self, dn, entry):
+		self.entries[dn] = entry
+
+class tarentTestListener(object):
+
+	f = None
+	t = None
+
+	def __init__(self):
+		self.f = open("/tmp/Testlst.out", "ab")
+		self.t = string.maketrans('\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F\x7F',
+		    '`````````````````````````````````')
+		if not self.f:
+			univention.debug.debug(univention.debug.LISTENER,
+			    univention.debug.ERROR,
+			    "Cannot open /tmp/Testlst.out for appending")
+		if not self.t:
+			univention.debug.debug(univention.debug.LISTENER,
+			    univention.debug.ERROR, "Internal Error")
+		if not self.f or not self.t:
+			raise "eh?"
+		univention.debug.debug(univention.debug.LISTENER,
+		    univention.debug.WARN, "testlst.py initialised OK")
+
+	def log(self, fmt, *args):
+		listener.setuid(0)
+		try:
+			self.f.writelines([
+			    "%s " % datetime.datetime.now().isoformat(' '),
+			    fmt % args, "\n"])
+			self.f.flush()
+		finally:
+			listener.unsetuid()
+
+	def initialise(self):
+		self.log("=== initialise called")
+
+	def clean(self):
+		self.log("=== clean called")
+
+	def postrun(self):
+		self.log("=== postrun called")
+
+	def run(self, dn, new, old):
+		action = 0
+		newkeys = []
+		oldkeys = []
+		if new:
+			newkeys = new.keys()
+			#newkeys.sort()
+		if old:
+			oldkeys = old.keys()
+			#oldkeys.sort()
+		allkeys = list(set(newkeys + oldkeys))
+		allkeys.sort()
+
+		if old:
+			if new:
+				t = "Modified"
+				action = 1
+			else:
+				t = "Deleted"
+				action = 2
+		else:
+			if new:
+				t = "Created"
+				action = 1
+			else:
+				t = "INVALID"
+		outlines = ["=> %s '%s' <=" % (t, dn)]
+		if action > 0:
+			outlines.append("{")
+			for key in allkeys:
+				oldvals = []
+				if old and old.has_key(key):
+					oldvals = old[key]
+				oldvals.sort()
+				newvals = []
+				if new and new.has_key(key):
+					newvals = new[key]
+				newvals.sort()
+				if len(newvals) < len(oldvals):
+					numvals = len(oldvals)
+				else:
+					numvals = len(newvals)
+				if numvals > 1:
+					outlines.append("\t'%s' ⇒ {" % key)
+					for index in range(numvals):
+						if index < len(oldvals):
+							o = "'%s'" % string.translate(
+							    oldvals[index], self.t)
+						else:
+							o = "./."
+						if index < len(newvals):
+							n = "'%s'" % string.translate(
+							    newvals[index], self.t)
+						else:
+							n = "./."
+						if n == o:
+							c = '⇿'
+						else:
+							c = '→'
+						outlines.append(
+						    "\t\t%d\t%s %s %s" % \
+						    (index, o, c, n))
+					outlines.append("\t}")
+				else:
+					if len(oldvals) > 0:
+						o = "'%s'" % string.translate(
+						    oldvals[0], self.t)
+					else:
+						o = "./."
+					if len(newvals) > 0:
+						n = "'%s'" % string.translate(
+						    newvals[0], self.t)
+					else:
+						n = "./."
+					if n == o:
+						c = '⇿'
+					else:
+						c = '→'
+					outlines.append("\t'%s': %s %s %s" % \
+					    (key, o, c, n))
+			outlines.append("}")
+
+			args = ["/root/call_evolvis.sh", "%d" % action]
+			for arg in ['modifyTimestamp', 'givenName',
+			    'mailPrimaryAddress', 'sn', 'uid', 'userPassword']:
+				v = ''
+				if new and new.has_key(arg):
+					v = new[arg]
+				elif old and old.has_key(arg):
+					v = old[arg]
+					args.append(old[arg][0])
+				else:
+					print "error arg %s on %s" % (arg, dn)
+				try:
+					args.append(v[0])
+				except Exception:
+					args.append(v)
+			listener.run(args[0], args, 0, True)
+		self.log("%s", '\n'.join(outlines))
+
+_singleton = tarentTestListener()
+
+def initialize():
+	return _singleton.initialise()
+
+def clean():
+	return _singleton.clean()
+
+def postrun():
+	return _singleton.postrun()
+
+def handler(*args):
+	return _singleton.run(*args)
+
+if __name__ == "__main__":
+    baseConfig = univention_baseconfig.baseConfig()
+    baseConfig.load()
+	try:
+		searchfilter = sys.argv[1]
+	except Exception:
+		searchfilter = filter
+	p = subprocess.Popen(["ldapsearch", "-LLL", "-x",
+	    "-D", "cn=admin,%s" % (baseConfig['ldap/base']), "-y",
+        # create this the same as /etc/ldap.secret w/o trailing newline!
+        "/etc/ldap.secret.y",
+	    "-H", "ldapi:///var/run/slapd/ldapi", searchfilter,
+	    "*", "modifyTimestamp"],
+	    stdout=subprocess.PIPE)
+	l = ParseLDIF(p.stdout)
+	l.parse()
+	dns = l.entries.keys()
+	for dn in dns:
+		_singleton.run(dn, l.entries[dn], None)


Property changes on: trunk/gforge_base/gforge-4.8.1+evolvis/univention/testlst.py
___________________________________________________________________
Name: svn:keywords
   + Author CVSHeader Date Id LastChangedBy LastChangedDate LastChangedRevision Log Revision Source State

Added: trunk/gforge_base/gforge-4.8.1+evolvis/univention/usync.sh
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/univention/usync.sh	                        (rev 0)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/univention/usync.sh	2009-11-05 15:08:46 UTC (rev 203)
@@ -0,0 +1,102 @@
+#!/bin/mksh
+# $Id$
+#-
+# Copyright © 2009
+#	Thorsten Glaser <t.glaser at tarent.de>
+#
+# Provided that these terms and disclaimer and all copyright notices
+# are retained or reproduced in an accompanying document, permission
+# is granted to deal in this work without restriction, including un-
+# limited rights to use, publicly perform, distribute, sell, modify,
+# merge, give away, or sublicence.
+#
+# This work is provided "AS IS" and WITHOUT WARRANTY of any kind, to
+# the utmost extent permitted by applicable law, neither express nor
+# implied; without malicious intent or gross negligence. In no event
+# may a licensor, author or contributor be held liable for indirect,
+# direct, other damage, loss, or other issues arising in any way out
+# of dealing in the work, even if advised of the possibility of such
+# damage or existence of a defect, except proven that it results out
+# of said person's immediate fault when using the work as intended.
+#-
+# root at evolvis-ff:/root/usync.sh
+
+taction=$1
+modifyTimestamp=$2
+givenName=$3
+mailPrimaryAddress=$4
+sn=$5
+uid=$6
+userPassword=$7
+rn="$givenName $sn"
+
+vars="modifyTimestamp givenName mailPrimaryAddress sn uid userPassword"
+
+function out {
+	text="WARNING: $*"
+	for var in $vars; do
+		eval x=\$$var
+		text="$text $var='$x'"
+	done
+	logger -t usync "$text"
+	exit 1
+}
+
+[[ -z $2 || -z $3 || -z $4 || -z $5 || -z $6 || -z $7 ]] && out ignoring
+
+# escape, for psql
+for var in $vars rn; do
+	eval x=\$$var
+	x=E\'$(print -nr -- "$x" | hexdump -ve '1/1 "~x%02X"' | tr '~' '\\')\'
+	eval E$var=\$x
+done
+
+# check if user already exists in database
+user_id=0
+res=$(sudo -u postgres psql -d gforge -A -F = -P x -c \
+    "SELECT user_id, confirm_hash FROM users WHERE user_name=$Euid;" 2>&-)
+eval $res
+
+if (( user_id )); then
+	# check if database is newer
+	if [[ $confirm_hash = +([0-9])Z ]]; then
+		if [[ $confirm_hash > $modifyTimestamp ]]; then
+			out skipping, $confirm_hash is newer
+		fi
+	fi
+
+	# update existing user entry
+	cmd="UPDATE users SET confirm_hash=$EmodifyTimestamp"
+	if (( taction == 2 )); then
+		# delete
+		cmd="$cmd, status='D'"
+	else
+		# modify
+		cmd="$cmd, status='A'"
+		cmd="$cmd, email=$EmailPrimaryAddress"
+		cmd="$cmd, user_pw=$EuserPassword, unix_pw=''"
+		cmd="$cmd, realname=$Ern"
+		cmd="$cmd, firstname=$EgivenName"
+		cmd="$cmd, lastname=$Esn"
+	fi
+	cmd="$cmd WHERE user_name=$Euid;"
+else
+	# create new entry
+	cmd="INSERT INTO users (user_name, email, user_pw, realname,"
+	cmd="$cmd firstname, lastname, shell, unix_uid, unix_gid,"
+	cmd="$cmd add_date, confirm_hash, jabber_only, ccode,"
+	cmd="$cmd timezone, language, mail_siteupdates, mail_va, status,"
+	cmd="$cmd unix_status, theme_id, sys_state, type_id) VALUES ("
+	cmd="$cmd $Euid, $EmailPrimaryAddress, $EuserPassword, $Ern,"
+	cmd="$cmd $EgivenName, $Esn, '/lib/anonsvnsh', 11, 11,"
+	cmd="$cmd $(date -u +'%s'), $EmodifyTimestamp, 0, 'DE',"
+	cmd="$cmd 'Europe/Berlin', 6, 1, 0, 'A', 'A', 1, 'N', 1);"
+
+	cmd="$cmd UPDATE users"
+	cmd="$cmd SET unix_uid=(20000+user_id), unix_gid=(20000+user_id)"
+	cmd="$cmd WHERE unix_uid=11 OR unix_gid=11;"
+fi
+
+#logger -t usync "running 「$cmd」"
+sudo -u postgres psql -d gforge -A -F = -P x -c "$cmd" >/dev/null 2>&1
+exit 0


Property changes on: trunk/gforge_base/gforge-4.8.1+evolvis/univention/usync.sh
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:keywords
   + Author CVSHeader Date Id LastChangedBy LastChangedDate LastChangedRevision Log Revision Source State




More information about the evolvis-commits mailing list