É necessário ter os grupos a seguir criados no samba, pois os usuarios serão adicionados e atualizados nesses grupos.
"tecadm", "professor", "aluno"
Adicionar no Cron da maquina do samba4
* * * * * cd /root/scripts/samba/importacao/SyncV4/; ./SyncV4.py>> /root/scripts/samba/importacao/SyncV4/Sync.log 2>&1>> /root/scripts/samba/importacao/SyncV4/Sync.log
Script de Importação de usuarios do Ldap Novo para o Samba 4: SyncV4.py
#!/usr/bin/python2
##
import ldap
import os
import subprocess
import time
import sys
import datetime
# Variaveis
campus = "AP" ## sigla campus ap,ct,cp,etc.
usuarioLdap = "adminap" ## seu usuario para consultar o ldaprt ex. adminap
senhaLdap = "senha" ## senha do seu usuario
servidor_ldap = "IP" ## ip do servidor ldap 10.10.0.3
# Variavies consulta ldap
dn_usuarios = "dc=utfpr,dc=edu,dc=br"
def gerarsambausers():
try:
proc = subprocess.Popen(['pdbedit', '-Lw'], stdout=subprocess.PIPE)
usuariosSamba = proc.stdout.readlines()
var_file = open("usuariosSambaV2.txt","w+")
conteudo_texto = var_file.writelines(usuariosSamba)
var_file.close()
return True
except:
return False
def cadastroLdap(cadastro, id, nome, grupos, hash):
try:
if ( cadastro ):
# cria o usuario no samba
os.system("samba-tool user create " + id + " apucarana")
# Altera o nome do usuario do samba
os.system("pdbedit " + id + " -f \""+ nome.title() + "\"")
# Adiciona o usuario os grupos em que ele faz parte tecadm professor aluno
for gp in grupos:
os.system("samba-tool group addmembers " + gp + " " + id)
# Altera o hash da senha do usuario
os.system("pdbedit --set-nt-hash=" + hash + " -u " + id)
# A senha o usuario nao expira
os.system("samba-tool user setexpiry " + id + " --noexpiry")
#Grava log
try:
with open('cadastros.log', 'a') as file:
file.write( str(datetime.datetime.now()) + " " + id + " " + nome.title() + " " + hash + " " + str(grupos) + "\n")
file.close()
except:
return False
return True
except:
return False
def busca_array(value, array):
for k in array:
if ( k[1]["uid"][0] == value ):
return True
return False
def conecta():
# Tenta conectar ao ldap
try:
l = ldap.open(servidor_ldap)
pass
except ldap.LDAPError, e:
print e
pass
return l
def conectado( l ):
try:
resultado = l.simple_bind ("cn=" + usuarioLdap + ",ou=" + campus + ",ou=dominios,dc=utfpr,dc=edu,dc=br", senhaLdap)
if (l.result(resultado)[0] == 97):
#print "Conectou LDAP Reitoria"
return True
pass
except ldap.LDAPError, e:
print "erro ao conectao ao ldap Reitoria. Tentando conectar novamente"
return False
return True
def executar(l):
print str(datetime.datetime.now()) + " - " + "Verificando Alteracoes"
if ( not conectado(l) ):
l = conecta()
# filtro apenas os usuarios que tem o NTPassword com vinculo no campus
filter_TA ='(&(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=ATIVO PERMANENTE))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=EXERC DESCENT CARREI))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=COLAB PCCTAE E MAGIS))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=ATIVO PERMANENTE))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=EXERC DESCENT CARREI))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=COLAB PCCTAE E MAGIS))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=ATIVO PERMANENTE))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=EXERC DESCENT CARREI))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=COLAB PCCTAE E MAGIS))))'
filter_PROFESSOR ='(&(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=ATIVO PERMANENTE))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=EXERC DESCENT CARREI))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=EXERCICIO PROVISORIO))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=COLAB PCCTAE E MAGIS))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=ATIVO PERMANENTE))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=EXERC DESCENT CARREI))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=EXERCICIO PROVISORIO))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=COLAB PCCTAE E MAGIS))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=ATIVO PERMANENTE))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=EXERC DESCENT CARREI))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=EXERCICIO PROVISORIO))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=COLAB PCCTAE E MAGIS))))'
filter_ALUNO = '(&(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprLocalityCourse1=' + campus + ')(utfprStudentSituationCourse1=Regular)(utfprStudentAffiliationType1=Aluno))(&(utfprLocalityCourse2=' + campus + ')(utfprStudentSituationCourse2=Regular)(utfprStudentAffiliationType2=Aluno))(&(utfprLocalityCourse3=' + campus + ')(utfprStudentSituationCourse3=Regular)(utfprStudentAffiliationType3=Aluno))(&(utfprLocalityCourse4=' + campus + ')(utfprStudentSituationCourse4=Regular)(utfprStudentAffiliationType4=Aluno))(&(utfprLocalityCourse5=' + campus + ')(utfprStudentSituationCourse5=Regular)(utfprStudentAffiliationType5=Aluno))))'
# soma as consulta aluno + servidores
busca_TA = l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_TA)
busca_DO = l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_PROFESSOR)
busca_AL = l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_ALUNO)
busca = busca_TA + busca_DO + busca_AL
# Percorre a lista de usuarios executando um script externo para inclusao/update
total = len(busca)
try:
f_texto = open("usuariosSambaV2.txt", "r")
usersSamba= conteudo_texto = f_texto.readlines()
except:
usersSamba=""
print "Gerando arquivo usuariosSambaV2.txt. Executar novamente o script !!"
return False
if not usersSamba:
print "vazia"
return False
regerarUsuariosSamba = False
for b in busca:
b_dn = b[0]
b_attrs = b[1]
cadastrar = True
vinculo = []
if ( busca_array(b_attrs["uid"][0], busca_TA) ):
vinculo.append("tecadm")
if ( busca_array(b_attrs["uid"][0], busca_DO) ):
vinculo.append("professor")
if ( busca_array(b_attrs["uid"][0], busca_AL) ):
vinculo.append("aluno")
# Lista todos os usuarios do ldap para incluir no samba
#print vinculo + " | " + b_dn + " | " + b_attrs["uid"][0][1:] + " | " + b_attrs["cn"][0]
#print busca_array(b_attrs["uid"][0], busca_TA)
for line in usersSamba:
try:
userSamba = line.rstrip()
userSambaID = userSamba.split(":")[0]
userSambaHash = userSamba.split(":")[3]
except:
#print "erro ao processar arquivo usuariossamba na linha " + line
continue
if ( b_attrs["uid"][0] == userSambaID ) :
cadastrar = False
if ( b_attrs["uid"][0] == userSambaID and userSambaHash != b_attrs["sambaNTPassword"][0].upper() and userSambaHash !="00000000000000000000000000000000" and b_attrs["sambaNTPassword"][0] !="" ) :
cadastroLdap(False, b_attrs["uid"][0], b_attrs["cn"][0], vinculo, b_attrs["sambaNTPassword"][0])
regerarUsuariosSamba = True
break
if ( cadastrar ):
cadastroLdap(cadastrar, b_attrs["uid"][0], b_attrs["cn"][0], vinculo, b_attrs["sambaNTPassword"][0])
regerarUsuariosSamba = True
return regerarUsuariosSamba
def main():
l = conecta()
try:
f_texto = open("contextCSNV2.txt", "r")
conteudo_texto = f_texto.read()
except:
conteudo_texto = ""
contextCSN = l.search_s(dn_usuarios, ldap.SCOPE_BASE,'(objectclass=*)',['contextCSN'])[0][1]["contextCSN"][0]
#print contextCSN
if ( conteudo_texto != contextCSN ):
try:
var_file = open("contextCSNV2.txt","w")
conteudo_texto = var_file.write(contextCSN)
var_file.close()
executar(l)
gerarsambausers()
except:
exit
exit
if __name__ == '__main__':
main()
Script Auxiliar para listar todos os usuarios do samba que podem ser removidos, como alunos formados, servidores que ja nao fazem parte do quadro do campus.
#!/usr/bin/python2
##
import ldap
#import commands
import subprocess
## Conexao LDAP REITORIA
servidor_ldap = "ip do servidor ldap novo"
dn_usuarios = "dc=utfpr,dc=edu,dc=br"
campus = "AP" #ap ct ld cm etc..
usuario ="usuario" #ex. cn=adminap,ou=ap,ou=dominios,dc=utfpr,dc=edu,dc=br
senha = "Senha do usuario"
try:
l = ldap.open(servidor_ldap)
except ldap.LDAPError, e:
print e
exit(0)
try:
resultado = l.simple_bind (usuario, senha)
if (l.result(resultado)[0] == 97):
print "Conectou LDAP Reitoria"
pass
except ldap.LDAPError, e:
print "erro ao conectao ao ldap Reitoria"
pass
proc = subprocess.Popen(['samba-tool', 'user', 'list'], stdout=subprocess.PIPE)
for line in proc.stdout.readlines():
IDLOCAL=line.rstrip()
filter_TA ='(&(uid=' + IDLOCAL + ')(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=ATIVO PERMANENTE))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=EXERC DESCENT CARREI))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=COLAB PCCTAE E MAGIS))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=ATIVO PERMANENTE))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=EXERC DESCENT CARREI))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=COLAB PCCTAE E MAGIS))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=ATIVO PERMANENTE))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=EXERC DESCENT CARREI))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=COLAB PCCTAE E MAGIS))))'
filter_PROFESSOR ='(&(uid=' + IDLOCAL + ')(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=ATIVO PERMANENTE))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=EXERC DESCENT CARREI))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=EXERCICIO PROVISORIO))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=COLAB PCCTAE E MAGIS))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=ATIVO PERMANENTE))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=EXERC DESCENT CARREI))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=EXERCICIO PROVISORIO))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=COLAB PCCTAE E MAGIS))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=ATIVO PERMANENTE))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=EXERC DESCENT CARREI))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=EXERCICIO PROVISORIO))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=COLAB PCCTAE E MAGIS))))'
filter_ALUNO = '(&(uid=' + IDLOCAL + ')(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprLocalityCourse1=' + campus + ')(utfprStudentSituationCourse1=Regular)(utfprStudentAffiliationType1=Aluno))(&(utfprLocalityCourse2=' + campus + ')(utfprStudentSituationCourse2=Regular)(utfprStudentAffiliationType2=Aluno))(&(utfprLocalityCourse3=' + campus + ')(utfprStudentSituationCourse3=Regular)(utfprStudentAffiliationType3=Aluno))(&(utfprLocalityCourse4=' + campus + ')(utfprStudentSituationCourse4=Regular)(utfprStudentAffiliationType4=Aluno))(&(utfprLocalityCourse5=' + campus + ')(utfprStudentSituationCourse5=Regular)(utfprStudentAffiliationType5=Aluno))))'
busca = l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_TA)
busca = busca + l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_PROFESSOR)
busca = busca + l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_ALUNO)
# busca = l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter)
if ( len(busca) == 0 ):
#for b in busca:
# b_dn = b[0]
# b_attrs = b[1]
# print IDLOCAL, b_dn
print "remover" , IDLOCAL
