You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37 lines
1.3 KiB
37 lines
1.3 KiB
#!/usr/bin/env python3
|
|
"""
|
|
This is a script which adds the isClubRep attribute to all LDAP user records
|
|
whose most recent nonMemberTerm is later than their most recent (member) term.
|
|
|
|
GSSAPI is used for LDAP authentication, so make sure to run `kinit` first.
|
|
Also, make sure to run this script from the top-level of the git directory
|
|
(see the sys.path hack below).
|
|
"""
|
|
import os
|
|
import sys
|
|
|
|
import ldap3
|
|
|
|
sys.path.append(os.getcwd())
|
|
from ceod.model.utils import should_be_club_rep
|
|
|
|
# modify as necessary
|
|
LDAP_URI = "ldaps://auth1.csclub.uwaterloo.ca"
|
|
LDAP_MEMBERS_BASE = "ou=People,dc=csclub,dc=uwaterloo,dc=ca"
|
|
|
|
conn = ldap3.Connection(
|
|
LDAP_URI, authentication=ldap3.SASL, sasl_mechanism=ldap3.KERBEROS,
|
|
auto_bind=True, raise_exceptions=True)
|
|
conn.search(LDAP_MEMBERS_BASE, '(objectClass=member)',
|
|
attributes=['uid', 'isClubRep', 'term', 'nonMemberTerm'])
|
|
total_records_updated = 0
|
|
for entry in conn.entries:
|
|
if not should_be_club_rep(entry.term.values, entry.nonMemberTerm.values):
|
|
continue
|
|
if entry.isClubRep.value:
|
|
continue
|
|
changes = {'isClubRep': [(ldap3.MODIFY_REPLACE, [True])]}
|
|
conn.modify(entry.entry_dn, changes)
|
|
print('Modified %s' % entry.uid.value)
|
|
total_records_updated += 1
|
|
print('Total records updated: %d' % total_records_updated)
|
|
|