É necessário ter os grupos a seguir criados no samba, pois os usuarios serão adicionados e atualizados nesses grupos.
"tecadm", "professor", "aluno"
Adicionar no Cron da maquina do samba4
* * * * * cd /root/scripts/samba/importacao/SyncV4/; ./SyncV4.py>> /root/scripts/samba/importacao/SyncV4/Sync.log 2>&1>> /root/scripts/samba/importacao/SyncV4/Sync.log
Script de Importação de usuarios do Ldap Novo para o Samba 4: SyncV4.py
#!/usr/bin/python2 ## import ldap import os import subprocess import time import sys import datetime # Variaveis campus = "AP" ## sigla campus ap,ct,cp,etc. usuarioLdap = "adminap" ## seu usuario para consultar o ldaprt ex. adminap senhaLdap = "senha" ## senha do seu usuario servidor_ldap = "IP" ## ip do servidor ldap 10.10.0.3 # Variavies consulta ldap dn_usuarios = "dc=utfpr,dc=edu,dc=br" def gerarsambausers(): try: proc = subprocess.Popen(['pdbedit', '-Lw'], stdout=subprocess.PIPE) usuariosSamba = proc.stdout.readlines() var_file = open("usuariosSambaV2.txt","w+") conteudo_texto = var_file.writelines(usuariosSamba) var_file.close() return True except: return False def cadastroLdap(cadastro, id, nome, grupos, hash): try: if ( cadastro ): # cria o usuario no samba os.system("samba-tool user create " + id + " apucarana") # Altera o nome do usuario do samba os.system("pdbedit " + id + " -f \""+ nome.title() + "\"") # Adiciona o usuario os grupos em que ele faz parte tecadm professor aluno for gp in grupos: os.system("samba-tool group addmembers " + gp + " " + id) # Altera o hash da senha do usuario os.system("pdbedit --set-nt-hash=" + hash + " -u " + id) # A senha o usuario nao expira os.system("samba-tool user setexpiry " + id + " --noexpiry") #Grava log try: with open('cadastros.log', 'a') as file: file.write( str(datetime.datetime.now()) + " " + id + " " + nome.title() + " " + hash + " " + str(grupos) + "\n") file.close() except: return False return True except: return False def busca_array(value, array): for k in array: if ( k[1]["uid"][0] == value ): return True return False def conecta(): # Tenta conectar ao ldap try: l = ldap.open(servidor_ldap) pass except ldap.LDAPError, e: print e pass return l def conectado( l ): try: resultado = l.simple_bind ("cn=" + usuarioLdap + ",ou=" + campus + ",ou=dominios,dc=utfpr,dc=edu,dc=br", senhaLdap) if (l.result(resultado)[0] == 97): #print "Conectou LDAP Reitoria" return True pass except ldap.LDAPError, e: print "erro ao conectao ao ldap Reitoria. Tentando conectar novamente" return False return True def executar(l): print str(datetime.datetime.now()) + " - " + "Verificando Alteracoes" if ( not conectado(l) ): l = conecta() # filtro apenas os usuarios que tem o NTPassword com vinculo no campus filter_TA ='(&(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=ATIVO PERMANENTE))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=EXERC DESCENT CARREI))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=COLAB PCCTAE E MAGIS))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=ATIVO PERMANENTE))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=EXERC DESCENT CARREI))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=COLAB PCCTAE E MAGIS))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=ATIVO PERMANENTE))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=EXERC DESCENT CARREI))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=COLAB PCCTAE E MAGIS))))' filter_PROFESSOR ='(&(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=ATIVO PERMANENTE))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=EXERC DESCENT CARREI))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=EXERCICIO PROVISORIO))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=COLAB PCCTAE E MAGIS))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=ATIVO PERMANENTE))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=EXERC DESCENT CARREI))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=EXERCICIO PROVISORIO))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=COLAB PCCTAE E MAGIS))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=ATIVO PERMANENTE))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=EXERC DESCENT CARREI))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=EXERCICIO PROVISORIO))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=COLAB PCCTAE E MAGIS))))' filter_ALUNO = '(&(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprLocalityCourse1=' + campus + ')(utfprStudentSituationCourse1=Regular)(utfprStudentAffiliationType1=Aluno))(&(utfprLocalityCourse2=' + campus + ')(utfprStudentSituationCourse2=Regular)(utfprStudentAffiliationType2=Aluno))(&(utfprLocalityCourse3=' + campus + ')(utfprStudentSituationCourse3=Regular)(utfprStudentAffiliationType3=Aluno))(&(utfprLocalityCourse4=' + campus + ')(utfprStudentSituationCourse4=Regular)(utfprStudentAffiliationType4=Aluno))(&(utfprLocalityCourse5=' + campus + ')(utfprStudentSituationCourse5=Regular)(utfprStudentAffiliationType5=Aluno))))' # soma as consulta aluno + servidores busca_TA = l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_TA) busca_DO = l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_PROFESSOR) busca_AL = l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_ALUNO) busca = busca_TA + busca_DO + busca_AL # Percorre a lista de usuarios executando um script externo para inclusao/update total = len(busca) try: f_texto = open("usuariosSambaV2.txt", "r") usersSamba= conteudo_texto = f_texto.readlines() except: usersSamba="" print "Gerando arquivo usuariosSambaV2.txt. Executar novamente o script !!" return False if not usersSamba: print "vazia" return False regerarUsuariosSamba = False for b in busca: b_dn = b[0] b_attrs = b[1] cadastrar = True vinculo = [] if ( busca_array(b_attrs["uid"][0], busca_TA) ): vinculo.append("tecadm") if ( busca_array(b_attrs["uid"][0], busca_DO) ): vinculo.append("professor") if ( busca_array(b_attrs["uid"][0], busca_AL) ): vinculo.append("aluno") # Lista todos os usuarios do ldap para incluir no samba #print vinculo + " | " + b_dn + " | " + b_attrs["uid"][0][1:] + " | " + b_attrs["cn"][0] #print busca_array(b_attrs["uid"][0], busca_TA) for line in usersSamba: try: userSamba = line.rstrip() userSambaID = userSamba.split(":")[0] userSambaHash = userSamba.split(":")[3] except: #print "erro ao processar arquivo usuariossamba na linha " + line continue if ( b_attrs["uid"][0] == userSambaID ) : cadastrar = False if ( b_attrs["uid"][0] == userSambaID and userSambaHash != b_attrs["sambaNTPassword"][0].upper() and userSambaHash !="00000000000000000000000000000000" and b_attrs["sambaNTPassword"][0] !="" ) : cadastroLdap(False, b_attrs["uid"][0], b_attrs["cn"][0], vinculo, b_attrs["sambaNTPassword"][0]) regerarUsuariosSamba = True break if ( cadastrar ): cadastroLdap(cadastrar, b_attrs["uid"][0], b_attrs["cn"][0], vinculo, b_attrs["sambaNTPassword"][0]) regerarUsuariosSamba = True return regerarUsuariosSamba def main(): l = conecta() try: f_texto = open("contextCSNV2.txt", "r") conteudo_texto = f_texto.read() except: conteudo_texto = "" contextCSN = l.search_s(dn_usuarios, ldap.SCOPE_BASE,'(objectclass=*)',['contextCSN'])[0][1]["contextCSN"][0] #print contextCSN if ( conteudo_texto != contextCSN ): try: var_file = open("contextCSNV2.txt","w") conteudo_texto = var_file.write(contextCSN) var_file.close() executar(l) gerarsambausers() except: exit exit if __name__ == '__main__': main()
Script Auxiliar para listar todos os usuarios do samba que podem ser removidos, como alunos formados, servidores que ja nao fazem parte do quadro do campus.
#!/usr/bin/python2 ## import ldap #import commands import subprocess ## Conexao LDAP REITORIA servidor_ldap = "ip do servidor ldap novo" dn_usuarios = "dc=utfpr,dc=edu,dc=br" campus = "AP" #ap ct ld cm etc.. usuario ="usuario" #ex. cn=adminap,ou=ap,ou=dominios,dc=utfpr,dc=edu,dc=br senha = "Senha do usuario" try: l = ldap.open(servidor_ldap) except ldap.LDAPError, e: print e exit(0) try: resultado = l.simple_bind (usuario, senha) if (l.result(resultado)[0] == 97): print "Conectou LDAP Reitoria" pass except ldap.LDAPError, e: print "erro ao conectao ao ldap Reitoria" pass proc = subprocess.Popen(['samba-tool', 'user', 'list'], stdout=subprocess.PIPE) for line in proc.stdout.readlines(): IDLOCAL=line.rstrip() filter_TA ='(&(uid=' + IDLOCAL + ')(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=ATIVO PERMANENTE))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=EXERC DESCENT CARREI))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality1=' + campus + ')(utfprTechnicianSituation1=COLAB PCCTAE E MAGIS))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=ATIVO PERMANENTE))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=EXERC DESCENT CARREI))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality2=' + campus + ')(utfprTechnicianSituation2=COLAB PCCTAE E MAGIS))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=ATIVO PERMANENTE))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=EXERC DESCENT CARREI))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=EXERCICIO PROVISORIO))(&(utfprTechnicianLocality3=' + campus + ')(utfprTechnicianSituation3=COLAB PCCTAE E MAGIS))))' filter_PROFESSOR ='(&(uid=' + IDLOCAL + ')(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=ATIVO PERMANENTE))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=EXERC DESCENT CARREI))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=EXERCICIO PROVISORIO))(&(utfprTeacherLocality1=' + campus + ')(utfprTeacherSituation1=COLAB PCCTAE E MAGIS))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=ATIVO PERMANENTE))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=EXERC DESCENT CARREI))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=EXERCICIO PROVISORIO))(&(utfprTeacherLocality2=' + campus + ')(utfprTeacherSituation2=COLAB PCCTAE E MAGIS))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=ATIVO PERMANENTE))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=CONT.PROF.SUBSTITUTO))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=EXERC DESCENT CARREI))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=EXERCICIO PROVISORIO))(&(utfprTeacherLocality3=' + campus + ')(utfprTeacherSituation3=COLAB PCCTAE E MAGIS))))' filter_ALUNO = '(&(uid=' + IDLOCAL + ')(sambaNTPassword=*)(utfprUserSituation=ativo)(|(&(utfprLocalityCourse1=' + campus + ')(utfprStudentSituationCourse1=Regular)(utfprStudentAffiliationType1=Aluno))(&(utfprLocalityCourse2=' + campus + ')(utfprStudentSituationCourse2=Regular)(utfprStudentAffiliationType2=Aluno))(&(utfprLocalityCourse3=' + campus + ')(utfprStudentSituationCourse3=Regular)(utfprStudentAffiliationType3=Aluno))(&(utfprLocalityCourse4=' + campus + ')(utfprStudentSituationCourse4=Regular)(utfprStudentAffiliationType4=Aluno))(&(utfprLocalityCourse5=' + campus + ')(utfprStudentSituationCourse5=Regular)(utfprStudentAffiliationType5=Aluno))))' busca = l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_TA) busca = busca + l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_PROFESSOR) busca = busca + l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter_ALUNO) # busca = l.search_s(dn_usuarios, ldap.SCOPE_SUBTREE, filter) if ( len(busca) == 0 ): #for b in busca: # b_dn = b[0] # b_attrs = b[1] # print IDLOCAL, b_dn print "remover" , IDLOCAL