[Freeipa-users] What is the best way to make batch changes to the LDAP?
Joe Linoff
jlinoff at tabula.com
Wed Jun 27 18:01:50 UTC 2012
Hi Martin:
Excellent! Thank you.
Regards,
Joe
-----Original Message-----
From: Martin Kosek [mailto:mkosek at redhat.com]
Sent: Tuesday, June 26, 2012 11:34 PM
To: Joe Linoff
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] What is the best way to make batch changes
to the LDAP?
On 06/27/2012 01:56 AM, Joe Linoff wrote:
> Hi Everybody:
>
>
>
> Here is a python approach that I am experimenting with based on
> reading the source code. It seems to work but it is re-entrant? Does
> this make sense? Is there a better way (like ldapmodify)?
>
>
>
> #!/usr/bin/env python
>
> #
>
> # Emulate the ipa command line interface in a script so that
>
> # to batch some updates.
>
> #
>
> import sys
>
> import shlex
>
> from ipalib import api, cli
>
>
>
> # ================================================================
>
> # bootstrap
>
> # ================================================================
>
> def bootstrap():
>
> """
>
> Bootstrap the script.
>
> I hope that all of this stuff is re-entrant.
>
> Also, api is defined in __init__.py.
>
> """
>
> api.bootstrap_with_global_options(context='cli')
>
> for klass in cli.cli_plugins:
>
> api.register(klass)
>
> api.load_plugins()
>
> api.finalize()
>
> if not 'config_loaded' in api.env:
>
> raise NotConfiguredError()
>
>
>
> # ================================================================
>
> # cmd
>
> # ================================================================
>
> def cmd(cmd):
>
> """
>
> Execute an IPA command.
>
> The command is entered as a string. I use shlex.split
>
> to break it into an args list.
>
> @param cmd The command to execute (as a string).
>
> """
>
> print
>
> print '# %s' % ('='*64)
>
> print '# CMD: %s' % (cmd)
>
> print '# %s' % ('='*64)
>
> args=shlex.split(cmd)
>
> api.Backend.cli.run(args)
>
>
>
> if __name__ == '__main__':
>
> bootstrap()
>
>
>
> # Some test calls.
>
> cmd('help')
>
> cmd('help user')
>
> cmd('help user-mod')
>
>
>
> # Update the fields.
>
> users=['bob', 'carol', 'ted', 'alice']
>
> mod='--street="123 Main Street" --city="Anytown" --state="AK"
> --postalcode="12345"'
>
> for user in users:
>
> cmd('user-mod %s %s' % (user, mod))
>
>
>
> Regards,
>
>
>
> Joe
>
>
>
> *From:*Joe Linoff
> *Sent:* Tuesday, June 26, 2012 3:04 PM
> *To:* freeipa-users at redhat.com
> *Cc:* Joe Linoff
> *Subject:* What is the best way to make batch changes to the LDAP?
>
>
>
> Hi Everybody:
>
>
>
> I need to change the mailing address information for a group of
> employees in the FreeIPA LDAP and would like to do it in a script. I
> know that I can do it using "ipa user-mod" in a shell script but I was
> wondering whether I could use python.
>
>
>
> Does using python make sense?
>
>
>
> If so, are there any examples that I can look at? It seems that I
> could import ipalib and go from there but I am not sure if there is a
> simple interface for doing user modifications.
>
>
>
> Any help would be greatly appreciated.
>
>
>
> Thanks,
>
>
>
> Joe
>
Hello Joe,
This is a very good start. But it can be made even easier, without any
command line option parsing. Please see the following example to simply
modify users in
Python:
# kinit admin
Password for admin at IDM.LAB.BOS.REDHAT.COM:
# python
>>> from ipalib import api
>>> api.bootstrap_with_global_options(context='cli')
>>> api.finalize()
>>> api.Backend.xmlclient.connect()
# Lets see custom user "fbar"
>>> api.Command['user_show'](u'admin')
{'result': {'dn':
u'uid=admin,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com',
'has_keytab': True, 'uid': (u'admin',), 'loginshell': (u'/bin/bash',),
'uidnumber': (u'65200000',), 'gidnumber': (u'65200000',),
'memberof_group':
(u'admins', u'trust admins'), 'has_password': True, 'sn':
(u'Administrator',),
'homedirectory': (u'/home/admin',), 'nsaccountlock': False}, 'value':
u'admin',
'summary': None}
# See that result is a native Python dictionary, i.e. very easy to
manipulate later # Now lets try to modify user's address:
>>> api.Command['user_mod'](u'fbar', street=u'221B Baker Street',
>>> l=u'London',
st=u'UK', postalcode=u'NW1 6XE')
{'result': {'has_keytab': True, 'street': (u'221B Baker Street',),
'uid':
(u'fbar',), 'loginshell': (u'/bin/sh',), 'uidnumber': (u'65200001',),
'l':
(u'London',), 'st': (u'UK',), 'gidnumber': (u'65200001',),
'memberof_group':
(u'ipausers',), 'has_password': True, 'sn': (u'Bar',), 'homedirectory':
(u'/home/fbar',), 'postalcode': (u'NW1 6XE',), 'memberof_role':
(u'foo',),
'givenname': (u'Foo',), 'nsaccountlock': False}, 'value': u'fbar',
'summary':
u'Modified user "fbar"'}
The user is now modified, I can verify it with standard CLI command:
# ipa user-show fbar --all
dn:
uid=fbar,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
User login: fbar
...
Street address: 221B Baker Street
City: London
State/Province: UK
ZIP: NW1 6XE
...
Our source code is a good source of information (I used it to find out
exact names of the command attributes). Besides that, you can check:
http://www.freeipa.org/page/DocumentationPortal
There are several doc guides, including "Extending IPA" guide which
should provide you with more info about additional extensions of
FreeIPA.
HTH,
Martin
More information about the Freeipa-users
mailing list