optimize udpate-reverse-group

tags/ipasserelle-base-0.2.65-1
Daniel Berteaud 13 years ago
parent 005048900b
commit e192df1880
  1. 44
      root/etc/e-smith/events/actions/update-reverse-group

@ -39,14 +39,12 @@ my $i = $c->get('ipasserelle');
my $ip = $i->prop('status') || 'disabled'; my $ip = $i->prop('status') || 'disabled';
my $reverse = $i->prop('LdapReverseGroups') || 'disabled'; my $reverse = $i->prop('LdapReverseGroups') || 'disabled';
if (($ip eq 'disabled') || ($reverse eq 'disabled')){ exit (0) if (($ip eq 'disabled') || ($reverse eq 'disabled')){
exit (0);
}
my $l = $c->get('ldap'); my $l = $c->get('ldap');
my $status = $l->prop('status') || "disabled"; my $status = $l->prop('status') || "disabled";
unless ($status eq "enabled" ) unless ($status eq "enabled" ){
{
warn "Not running action script $0, LDAP service not enabled!\n"; warn "Not running action script $0, LDAP service not enabled!\n";
exit(0); exit(0);
} }
@ -64,18 +62,15 @@ my $account;
my $event = shift || die "Event name must be specified"; my $event = shift || die "Event name must be specified";
if ($event eq 'ldap-update' or if ($event eq 'ldap-update' or
$event eq 'bootstrap-ldap-save' or $event eq 'bootstrap-ldap-save' or
$event =~ m/group\-(create|modify|delete)/) $event =~ m/group\-(create|modify|delete)/){
{
@accounts = ($a->users); @accounts = ($a->users);
push(@accounts, $a->get('admin')); push(@accounts, $a->get('admin'));
} }
else else{
{
my @name = @ARGV; my @name = @ARGV;
die "Account name argument missing." unless scalar (@name) >= 1; die "Account name argument missing." unless scalar (@name) >= 1;
foreach my $name (@name) foreach my $name (@name){
{
$account = $a->get($name); $account = $a->get($name);
die "Account $name not found.\n" unless defined $account; die "Account $name not found.\n" unless defined $account;
my $type = $account->prop('type') || "unknown"; my $type = $account->prop('type') || "unknown";
@ -89,8 +84,7 @@ else
my $base = esmith::util::ldapBase ($domain); my $base = esmith::util::ldapBase ($domain);
my $pw = esmith::util::LdapPassword(); my $pw = esmith::util::LdapPassword();
my $ldap = Net::LDAP->new('localhost') my $ldap = Net::LDAP->new('localhost') or die "$@";
or die "$@";
$ldap->bind( $ldap->bind(
dn => "cn=root,$base", dn => "cn=root,$base",
@ -98,8 +92,7 @@ $ldap->bind(
); );
my $result; my $result;
foreach my $acct (@accounts) foreach my $acct (@accounts){
{
my $key = $acct->key; my $key = $acct->key;
# Ensure this account has the iPasserelleUser objectclass # Ensure this account has the iPasserelleUser objectclass
@ -110,30 +103,39 @@ foreach my $acct (@accounts)
); );
$result->code && warn "Error looking for entry uid=$key,ou=Users,$base: ", $result->error; $result->code && warn "Error looking for entry uid=$key,ou=Users,$base: ", $result->error;
my @oc = (); my @oc = ();
my @oldgroups = ();
foreach my $entry ($result->all_entries()){ foreach my $entry ($result->all_entries()){
push @oc, $entry->get_value('objectClass'); push @oc, $entry->get_value('objectClass');
push @oldgroups, $entry->get_value('posixMemberOf');
} }
push @oc, 'iPasserelleUser' unless (grep { $_ =~ /iPasserelleUser/i } @oc); unless (grep { $_ =~ /iPasserelleUser/i } @oc){
push @oc, 'iPasserelleUser';
$result = $ldap->modify( $result = $ldap->modify(
"uid=$key,ou=Users,$base", "uid=$key,ou=Users,$base",
replace => { replace => {
objectClass => \@oc objectClass => \@oc
} }
); );
$result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error; $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error;
}
my @groups = $a->user_group_list($key); my @groups = $a->user_group_list($key);
@oldgroups = sort @oldgroups;
@groups = sort @groups;
my $oldgroups = join('\0', @oldgroups);
my $groups = join('\0', @groups);
$result = $ldap->modify( unless ($oldgroups eq $groups){
$result = $ldap->modify(
"uid=$key,ou=Users,$base", "uid=$key,ou=Users,$base",
replace => { replace => {
posixMemberOf => \@groups posixMemberOf => \@groups
} }
); );
$result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error; $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error;
}
} }
$ldap->unbind; $ldap->unbind;

Loading…
Cancel
Save