LDAP to Django Synchronization

Author:: Mogga
Posted:: July 18, 2008
Language:: Python
Version:: .96
Score:: 0 (after 0 ratings)

Download
Raw

I needed to be able to synchronize my LDAP users and groups to the Django database. This may not be as efficient as some might like but it works like a charm. It returns a list of messages that I pipe into request.user.messages in my template.

#!/usr/bin/env python
import ldap
from django.contrib.auth.models import User, Group

AUTH_LDAP_SERVER = 'ldap.server.com'
AUTH_LDAP_BASE_USER = "cn=Manager,dc=ldap,dc=server,dc=com"
AUTH_LDAP_BASE_PASS = "Manager Password"
AUTH_LDAP_BASE = "dc=ldap,dc=server,dc=com"
AUTH_LDAP_SCOPE = ldap.SCOPE_SUBTREE

def get_ldap_groups():
	scope = AUTH_LDAP_SCOPE
	filter = "(&(objectclass=posixGroup))"
	values = ['cn', 'memberUid']
	l = ldap.open(AUTH_LDAP_SERVER)
	l.protocol_version = ldap.VERSION3
	l.simple_bind_s(AUTH_LDAP_BASE_USER,AUTH_LDAP_BASE_PASS)
	result_id = l.search('ou=Groups,'+AUTH_LDAP_BASE, scope, filter, values)
	result_type, result_data = l.result(result_id, 1)
	l.unbind()
	return result_data
	
def sync_groups():
	messages = []
	ldap_groups = get_ldap_groups()
	for ldap_group in ldap_groups:
		try: group_name = ldap_group[1]['cn'][0]
		except: pass
		else:
			try: group = Group.objects.get(name=group_name)
			except Group.DoesNotExist:
				group = Group(name=group_name)
				group.save()
				message = "Group '%s' created." % group_name
				messages.append(message)
	message = "Groups are synchronized."
	messages.append(message)
	return messages

def get_ldap_users():
	scope = AUTH_LDAP_SCOPE
	filter = "(&(objectclass=posixAccount)(employeeType=active))"
	values = ['uid', 'mail', 'givenName', 'sn', ]
	l = ldap.open(AUTH_LDAP_SERVER)
	l.protocol_version = ldap.VERSION3
	l.simple_bind_s(AUTH_LDAP_BASE_USER,AUTH_LDAP_BASE_PASS)
	result_id = l.search('ou=Users,'+AUTH_LDAP_BASE, scope, filter, values)
	result_type, result_data = l.result(result_id, 1)
	l.unbind()
	return result_data
	
def sync_users():
	messages = sync_groups()
	ldap_users = get_ldap_users()
	ldap_groups = get_ldap_groups()
	for ldap_user in ldap_users:
		try: username = ldap_user[1]['uid'][0]
		except: pass
		else:
			try: email = ldap_user[1]['mail'][0]
			except: email = ''
			try: first_name = ldap_user[1]['givenName'][0]
			except: first_name = username
			try: last_name = ldap_user[1]['sn'][0]
			except: last_name = ''
			try: user = User.objects.get(username=username)
			except User.DoesNotExist:
				user = User.objects.create_user(username, email, username)
				user.first_name = first_name
				user.last_name = last_name
				message = "User '%s' created." % username
				messages.append(message)
			else:
				if not user.email == email:
					user.email = email
					message = "User '%s' email updated." % username
					messages.append(message)
				if not user.first_name == first_name:
					user.first_name = first_name
					message = "User '%s' first name updated." % username
					messages.append(message)
				if not user.last_name == last_name:
					user.last_name = last_name
					message = "User '%s' last name updated." % username
					messages.append(message)
			user.save()
			for ldap_group in ldap_groups:
				group_name = ldap_group[1]['cn'][0]
				group_members =	ldap_group[1]['memberUid']
				try:
					group = Group.objects.get(name=group_name)
				except:
					pass
				else:
					if not user.username in group_members:
						if group in user.groups.all():
							user.groups.remove(group)
							message = "User '%s' removed from group '%s'." % (user.username, group.name)
							messages.append(message)
					else:
						if not group in user.groups.all():
							user.groups.add(group)
							message = "User '%s' added to group '%s'." % (user.username, group.name)
							messages.append(message)
	message = "Users are synchronized."
	messages.append(message)
	return messages

Comments

Please login first before commenting.

LDAP to Django Synchronization

More like this

Comments