From c69fb3726c14a3ceac2edcdcfe24d810b042659a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sven=20M=C3=A4der?= <maeder@phys.ethz.ch>
Date: Thu, 23 Aug 2018 19:09:09 +0200
Subject: [PATCH] Use fast ldap search
---
bin/check-home-permissions.py | 28 ++++++++++++++++------------
lib/isg/dphysldap.py | 19 +++++++++++++++++++
2 files changed, 35 insertions(+), 12 deletions(-)
diff --git a/bin/check-home-permissions.py b/bin/check-home-permissions.py
index 5083dcf..bc68786 100755
--- a/bin/check-home-permissions.py
+++ b/bin/check-home-permissions.py
@@ -66,28 +66,32 @@ class Home(object):
def search_ldap():
ldap = dphysldap.Ldap()
- ldap_users = dphysldap.Users(ldap, ['uid', 'uidNumber', 'gidNumber', 'homeDirectory', 'blocked'])
- entries = dphysldap.Entries(ldap, ['cn', 'nisMapEntry'])
+ people = 'ou=people,dc=phys,dc=ethz,dc=ch'
auto_home = 'nisMapName=auto.home,ou=automount,dc=phys,dc=ethz,dc=ch'
- ldap_users.search('*')
+ ldap.search('(objectClass=posixAccount)', search_base=people, attributes=['uid', 'blocked', 'homeDirectory'])
+ ldap_users = ldap.response
for user in ldap_users:
user_attrs = {}
- user_attrs['homeDirectory'] = user['homeDirectory'][0]
- if user['blocked']:
- user_attrs['blocked'] = user['blocked'][0]
+ user_attrs['homeDirectory'] = user['attributes']['homeDirectory']
+ if user['attributes']['blocked']:
+ user_attrs['blocked'] = user['attributes']['blocked']
else:
- no_blocked.append(user['uid'][0])
+ no_blocked.append(user['attributes']['uid'][0])
user_attrs['blocked'] = 'no'
- users[user['uid'][0]] = user_attrs
+ users[user['attributes']['uid'][0]] = user_attrs
- entries.search('cn: *, nisMapEntry: phd-home*', ['nisObject'], base=auto_home)
+ ldap.search('(&(objectClass=nisObject)(cn=*)(nisMapEntry=phd-home*))',
+ search_base=auto_home, attributes=['cn', 'nisMapEntry'])
+ entries = ldap.response
for entry in entries:
- nis_homes[entry['cn'][0]] = entry['nisMapEntry'][0]
+ nis_homes[entry['attributes']['cn'][0]] = entry['attributes']['nisMapEntry']
- entries.search('cn: *, nisMapEntry: != phd-home*', ['nisObject'], base=auto_home)
+ ldap.search('(&(objectClass=nisObject)(cn=*)(!(nisMapEntry=phd-home*)))',
+ search_base=auto_home, attributes=['cn', 'nisMapEntry'])
+ entries = ldap.response
for entry in entries:
- nis_shares[entry['cn'][0]] = entry['nisMapEntry'][0]
+ nis_shares[entry['attributes']['cn'][0]] = entry['attributes']['nisMapEntry']
def check_homes(top):
diff --git a/lib/isg/dphysldap.py b/lib/isg/dphysldap.py
index 80b2c40..7aaeb68 100644
--- a/lib/isg/dphysldap.py
+++ b/lib/isg/dphysldap.py
@@ -241,6 +241,25 @@ class Ldap(object):
entries = self.get_entries(obj=self.obj_group, query=query, attributes=attributes)
return [Group(e) for e in entries]
+ def search(self, search_filter, search_base=None, search_scope=ldap3.SUBTREE,
+ attributes=[ldap3.ALL_ATTRIBUTES, ldap3.ALL_OPERATIONAL_ATTRIBUTES]):
+ """
+ LDAP search operation
+ """
+ if not search_base:
+ search_base = self.base
+ response = self.connection.search(search_base, search_filter,
+ search_scope=search_scope,
+ attributes=attributes)
+ return response
+
+ @property
+ def response(self):
+ """
+ Get search operation response
+ """
+ return self.connection.response
+
class Entries(list):
"""
--
GitLab