#!/usr/bin/env python
# nullanvoid :: bitjammin
try:
import configparser
import getopt
import ldap
import ldap.modlist as modlist
import logging
import sys
except ImportError:
print("Could not import modules!\nDid you install all the requirements!")
exit(1)
def usage():
print("Usage: ./update_experations.py -c /path/to/ipa_config\n")
exit(1)
def update_expirations(base_dn, host, dm_passwd):
logging.basicConfig(filename='/var/log/update_expirations.log',
filemode='a',
format='%(asctime)s,'
'%(msecs)d %(name)s %(levelname)s %(message)s',
level=logging.DEBUG)
search_scope = ldap.SCOPE_SUBTREE
ldap_attrs = ['uid', 'krbPasswordExpiration']
ldap_filter = 'uid=*'
logging.info("Running expiration updates")
try:
l = ldap.initialize("ldap://" + host)
except ldap.LDAPError, e:
logging.error("Failed initializing: %s", e)
else:
logging.info("Success initializing")
try:
l.simple_bind_s('cn=Directory Manager', dm_passwd)
except ldap.LDAPError, e:
logging.error("Failed binding: %s", e)
sys.exit(1)
else:
logging.info("Success binding")
update_count = 0
try:
results = l.search_ext_s(base_dn, search_scope,
ldap_filter, ldap_attrs)
except ldap.LDAPError, e:
logging.error("Failed performing search")
else:
logging.info("Returned %s from search", len(results))
for res in results:
if (len(res[1]) < 2):
logging.info("Entry %s has no krbPasswordExpiration"
"attribute... skipping", res[0])
continue
if (res[1]['krbPasswordExpiration'][0] != "20371231011529Z"):
old_exp = {'krbPasswordExpiration':
res[1]['krbPasswordExpiration'][0]}
new_exp = {'krbPasswordExpiration':['20371231011529Z']}
ldif = modlist.modifyModlist(old_exp,new_exp)
try:
l.modify_s(res[0], ldif)
except ldap.LDAPError, e:
logging.error("Failed updating expiration entry: %s,"
"message: %s", res[0], e)
else:
logging.info("Success updating expiration for: %s", res[0])
update_count = update_count + 1
logging.info("Updated %s records", update_count)
logging.info("Finished running expiration updates")
logging.shutdown()
l.unbind_s()
def main():
ipa_config_file = None
try:
opts, args = getopt.getopt(sys.argv[1:], "c:")
except getopt.GetoptError as err:
usage()
sys.exit(1)
for o, a in opts:
if o == "-c":
ipa_config_file = a
else:
assert False, "Invalid option: {}".format(o)
if ipa_config_file == None:
usage()
ipa_config = configparser.ConfigParser()
ipa_config.read(ipa_config_file)
base_dn = ipa_config['ipa']['base_dn']
host = ipa_config['ipa']['host']
dm_passwd = ipa_config['ipa']['dm_passwd']
update_expirations(base_dn, host, dm_passwd)
if __name__ == '__main__':
main()