38 lines
1.3 KiB
Python
38 lines
1.3 KiB
Python
|
#!/usr/bin/env python3
|
||
|
"""
|
||
|
This is a script which adds the isClubRep attribute to all LDAP user records
|
||
|
whose most recent nonMemberTerm is later than their most recent (member) term.
|
||
|
|
||
|
GSSAPI is used for LDAP authentication, so make sure to run `kinit` first.
|
||
|
Also, make sure to run this script from the top-level of the git directory
|
||
|
(see the sys.path hack below).
|
||
|
"""
|
||
|
import os
|
||
|
import sys
|
||
|
|
||
|
import ldap3
|
||
|
|
||
|
sys.path.append(os.getcwd())
|
||
|
from ceod.model.utils import should_be_club_rep
|
||
|
|
||
|
# modify as necessary
|
||
|
LDAP_URI = "ldaps://auth1.csclub.uwaterloo.ca"
|
||
|
LDAP_MEMBERS_BASE = "ou=People,dc=csclub,dc=uwaterloo,dc=ca"
|
||
|
|
||
|
conn = ldap3.Connection(
|
||
|
LDAP_URI, authentication=ldap3.SASL, sasl_mechanism=ldap3.KERBEROS,
|
||
|
auto_bind=True, raise_exceptions=True)
|
||
|
conn.search(LDAP_MEMBERS_BASE, '(objectClass=member)',
|
||
|
attributes=['uid', 'isClubRep', 'term', 'nonMemberTerm'])
|
||
|
total_records_updated = 0
|
||
|
for entry in conn.entries:
|
||
|
if not should_be_club_rep(entry.term.values, entry.nonMemberTerm.values):
|
||
|
continue
|
||
|
if entry.isClubRep.value:
|
||
|
continue
|
||
|
changes = {'isClubRep': [(ldap3.MODIFY_REPLACE, [True])]}
|
||
|
conn.modify(entry.entry_dn, changes)
|
||
|
print('Modified %s' % entry.uid.value)
|
||
|
total_records_updated += 1
|
||
|
print('Total records updated: %d' % total_records_updated)
|