[sysadmin-bin] cleanup-accounts.py: first version of the script, it will help us keeping our LDAP groups in good sh

[Andrea Veri <av src gnome org>]

commit ebfacaa28d60c55e860822f03d7ffd227bff714e
Author: Andrea Veri <av gnome org>
Date:   Fri Mar 21 23:16:00 2014 +0100

    cleanup-accounts.py: first version of the script, it will help us keeping our LDAP groups in good shape

 cleanup-accounts.py |   92 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 92 insertions(+), 0 deletions(-)
---
diff --git a/cleanup-accounts.py b/cleanup-accounts.py
new file mode 100755
index 0000000..b778685
--- /dev/null
+++ b/cleanup-accounts.py
@@ -0,0 +1,92 @@
+#!/usr/bin/python
+
+import os
+import calendar
+import time
+import ldap
+import ldap.filter
+
+LDAP_USER_BASE='ou=people,dc=gnome,dc=org'
+LDAP_GROUP_BASE='ou=groups,dc=gnome,dc=org'
+
+repositories = os.listdir('/git')
+last_pushed_times = {}
+
+file = open('/home/admin/secret/ldap','r')
+lines = file.readlines()
+
+for line in lines:
+        if line.find("ldap_password") > -1:
+                dirty_password = line.split()
+                ldap_password = str(dirty_password)
+
+                sanitize_file=["ldap_password","=","\""]
+                for i in range(len(sanitize_file)):
+                        ldap_password = ldap_password.replace(sanitize_file[i],"")
+file.close()
+
+for repository in repositories:
+    os.chdir('/git/%s' % repository)
+    pushlog = open('gnome_pushlog', 'r')
+    for line in pushlog.readlines():
+        fields = line.rstrip().split('\t')
+        username = fields[3]
+        pushtime = calendar.timegm(time.strptime(fields[4], '%a, %d %b %Y %H:%M:%S +0000'))
+        if not username in last_pushed_times or pushtime > last_pushed_times[username]:
+            last_pushed_times[username] = pushtime
+
+now = time.time()
+
+print 'The following users will be removed from the gnomevcs, ftpbasic groups:\n'
+
+for user, last_pushed in last_pushed_times.iteritems():
+    if last_pushed < now - 2 * 365 * 24 * 60 * 60:
+        last_pushed = time.gmtime(last_pushed)
+        print "%s: %s" % (user, time.strftime("%d-%m-%Y", last_pushed))
+
+def user_is_current(username):
+     return username in last_pushed_times and last_pushed_times[username] >= now - 2 * 365 * 24 * 60 * 60
+
+try:
+    l = ldap.open('ldap.gnome.org')
+    l.simple_bind("cn=Manager,dc=gnome,dc=org", ldap_password)
+except ldap.LDAPError, e:
+    print >>sys.stderr, e
+    sys.exit(1)
+
+# Import the various LDAP functions from the create-auth script.
+def _get_group_from_ldap(group):
+
+    filter = ldap.filter.filter_format('(&(objectClass=posixGroup)(cn=%s))', (group, ))
+    results = l.search_s(LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE, filter, ('memberUid', ))
+
+    members = set()
+    for entry in results:
+        id = entry[0]
+        attr = entry[1]
+
+        members.update(attr['memberUid'])
+
+    return members
+
+def get_uids_from_group(group):
+    people = _get_group_from_ldap(group)
+
+    people.discard('root')
+    people.discard('sysadmin')
+    people.discard('translations')
+    people.discard('otaylor')
+    people.discard('av')
+
+gnomecvs_users = (get_uids_from_group('gnomecvs'))
+ftpbasic_users = (get_uids_from_group('ftpbasic'))
+
+for gnomecvs_user in gnomecvs_users:
+    if not user_is_current(gnomecvs_user):
+        remove_members = [ (ldap.MOD_DELETE, 'memberUid','%s' % gnomecvs_user) ]
+        l.modify_s('cn=gnomecvs,ou=groups,dc=gnome,dc=org', remove_members)
+
+for ftpbasic_user in ftpbasic_users:
+    if not user_is_current(ftpbasic_user):
+        remove_members = [ (ldap.MOD_DELETE, 'memberUid','%s' % ftpbasic_user) ]
+        l.modify_s('cn=ftpbasic,ou=groups,dc=gnome,dc=org', remove_members)