[sysadmin-bin] Don't use the Directory Manager cn for handling read/write operations, go with individual service ac

From: Andrea Veri <averi src gnome org>
To: gnome-sysadmin gnome org,commits-list gnome org
Subject: [sysadmin-bin] Don't use the Directory Manager cn for handling read/write operations, go with individual service ac
Date: Tue, 27 Aug 2019 09:53:45 +0000 (UTC)
commit a8be25f99014f1ca1ada11bd29354994e42bb36e
Author: Andrea Veri <averi redhat com>
Date:   Tue Aug 27 11:50:43 2019 +0200

    Don't use the Directory Manager cn for handling read/write operations, go with individual service 
accounts instead

 cleanup-inactive-ldap-accounts.py   |  4 ++--
 create-auth                         |  4 ++--
 create-homedirs                     |  4 ++--
 gitlab/gitlab-operations.py         |  4 ++--
 mail/export-mail.py                 | 11 +++--------
 membership/foundation-operations.py |  4 ++--
 reset-my-password.py                |  4 ++--
 7 files changed, 15 insertions(+), 20 deletions(-)
---
diff --git a/cleanup-inactive-ldap-accounts.py b/cleanup-inactive-ldap-accounts.py
index 9c4d74a..8d5b33c 100755
--- a/cleanup-inactive-ldap-accounts.py
+++ b/cleanup-inactive-ldap-accounts.py
@@ -14,9 +14,9 @@ from email.MIMEText import MIMEText
 
 from gnome_ldap_utils import *
 
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_rw_ftpadmin_gnomecvs')
 
-glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', ldap_password)
+glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, LDAP_USER, LDAP_PASSWORD)
 GL_PATH = '/var/opt/gitlab/git-data/repositories/GNOME'
 
 parser = OptionParser()
diff --git a/create-auth b/create-auth
index 010ca73..322c297 100755
--- a/create-auth
+++ b/create-auth
@@ -29,14 +29,14 @@ def get_md5sum_hash():
             user_md5sums [file] = m.hexdigest ()
     return user_md5sums
 
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_ro')
 
 ## first you must open a connection to the server
 try:
     ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_PATH)
 
     l = ldap.initialize('ldaps://view.gnome.org:636')
-    l.simple_bind_s("cn=Directory Manager", ldap_password)
+    l.simple_bind_s(LDAP_USER, LDAP_PASSWORD)
 except ldap.LDAPError, e:
     print >>sys.stderr, e
     sys.exit(1)
diff --git a/create-homedirs b/create-homedirs
index 8412e1d..404c11f 100755
--- a/create-homedirs
+++ b/create-homedirs
@@ -7,9 +7,9 @@ import subprocess
 
 from gnome_ldap_utils import *
 
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_ro')
 
-glu = Gnome_ldap_utils(LDAP_GROUP_BASE, 'account.gnome.org', LDAP_USER_BASE, 'cn=Directory Manager', 
ldap_password)
+glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, LDAP_USER, LDAP_PASSWORD)
 
 
 def create_home_directory(uid):
diff --git a/gitlab/gitlab-operations.py b/gitlab/gitlab-operations.py
index e3d38b7..dd24e3a 100755
--- a/gitlab/gitlab-operations.py
+++ b/gitlab/gitlab-operations.py
@@ -10,10 +10,10 @@ import semi_rdf
 
 from xml.sax import SAXParseException
 
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_ro')
 execfile('/home/admin/secret/gitlab_rw')
 
-glu = gnome_ldap_utils.Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', 
ldap_password)
+glu = gnome_ldap_utils.Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, LDAP_USER, LDAP_PASSWORD)
 gl = gitlab.Gitlab('https://gitlab.gnome.org', GITLAB_PRIVATE_RW_TOKEN, api_version=4)
 
 DOAP = "http://usefulinc.com/ns/doap#";
diff --git a/mail/export-mail.py b/mail/export-mail.py
index a744a92..768077f 100755
--- a/mail/export-mail.py
+++ b/mail/export-mail.py
@@ -6,12 +6,7 @@ import ldap.filter
 import subprocess
 import sys
 
-LDAP_URL='ldaps://account.gnome.org:636/'
-LDAP_GROUP_BASE='cn=groups,cn=accounts,dc=gnome,dc=org'
-LDAP_USER_BASE='cn=users,cn=accounts,dc=gnome,dc=org'
-LDAP_CA_PATH = '/etc/ipa/ca.crt'
-
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_ro')
 
 ALIASES = [
     ('/etc/gnome.org/cvs-mail/virtual',    'cvs.gnome.org', ('gnomecvs', 'gnomevcs')),
@@ -70,8 +65,8 @@ if __name__ == '__main__':
     try:
         ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_PATH)
 
-        l = ldap.initialize(LDAP_URL)
-        l.simple_bind_s("cn=Directory Manager", ldap_password)
+        l = ldap.initialize('ldaps://account.gnome.org:636')
+        l.simple_bind_s(LDAP_USER, LDAP_PASSWORD)
     except ldap.LDAPError, e:
         print >>sys.stderr, e
         sys.exit(1)
diff --git a/membership/foundation-operations.py b/membership/foundation-operations.py
index 4960da3..290a09c 100755
--- a/membership/foundation-operations.py
+++ b/membership/foundation-operations.py
@@ -43,9 +43,9 @@ if len(sys.argv) == 1:
     parser.print_help()
     sys.exit(1)
 
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_foundation')
 
-glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', ldap_password)
+glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, LDAP_USER, LDAP_PASSWORD)
 
 today = dt.date.today()
 foundationmembers = glu.get_uids_from_group('foundation')
diff --git a/reset-my-password.py b/reset-my-password.py
index 8062196..a1e0c98 100755
--- a/reset-my-password.py
+++ b/reset-my-password.py
@@ -8,9 +8,9 @@ import os
 from email.MIMEText import MIMEText
 from gnome_ldap_utils import *
 
-execfile('/home/admin/secret/freeipa')
+execfile('/home/admin/secret/freeipa_rw_resets')
 
-glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', ldap_password)
+glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, LDAP_USER, LDAP_PASSWORD)
 
 
 def gen_passwd(length=12, chars=string.letters + string.digits):
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]