/[adm]/puppet/modules/openssh/templates/ldap-sshkey2file.py
ViewVC logotype

Contents of /puppet/modules/openssh/templates/ldap-sshkey2file.py

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3379 - (show annotations) (download) (as text)
Thu Dec 5 13:45:59 2013 UTC (10 years, 3 months ago) by colin
File MIME type: text/x-python
File size: 2953 byte(s)
Partially revert part of r3378 which wasn't meant to be in the commit :(
1 #!/usr/bin/python
2
3 import sys
4 import os
5 import random
6 import shutil
7
8 try:
9 import ldap
10 except ImportError, e:
11 print "Please install python-ldap before running this program"
12 sys.exit(1)
13
14 basedn="<%= dc_suffix %>"
15 peopledn="ou=people,%s" % basedn
16 <%-
17 ldap_servers.map! { |l| "'ldaps://#{l}'" }
18 -%>
19 uris=[<%= ldap_servers.join(", ") %>]
20 random.shuffle(uris)
21 uri = " ".join(uris)
22 timeout=5
23 binddn="cn=<%= fqdn %>,ou=Hosts,%s" % basedn
24 pwfile="<%= ldap_pwfile %>"
25 # filter out disabled accounts also
26 # too bad uidNumber doesn't support >= filters
27 filter="(&(objectClass=inetOrgPerson)(objectClass=ldapPublicKey)(objectClass=posixAccount)(sshPublicKey=*))"
28 keypathprefix='/home'
29
30 def usage():
31 print "%s" % sys.argv[0]
32 print
33 print "Will fetch all enabled user accounts under %s" % peopledn
34 print "with ssh keys in them and write each one to"
35 print "%s/<login>/authorized_keys" % keypathprefix
36 print
37 print "This script is intented to be run from cron as root"
38 print
39
40 def get_pw(pwfile):
41 try:
42 f = open(pwfile, 'r')
43 except IOError, e:
44 print "Error while reading password file, aborting"
45 print e
46 sys.exit(1)
47 pw = f.readline().strip()
48 f.close()
49 return pw
50
51 def write_keys(keys, user, uid, gid):
52 if not os.path.isdir("%s/%s" % (keypathprefix,user)):
53 shutil.copytree('/etc/skel', "%s/%s" % (keypathprefix,user))
54 os.chown("%s/%s" % (keypathprefix,user), uid, gid)
55 for root, dirs, files in os.walk("%s/%s" % (keypathprefix,user)):
56 for d in dirs:
57 os.chown(os.path.join(root, d), uid, gid)
58 for f in files:
59 os.chown(os.path.join(root, f), uid, gid)
60 try:
61 os.makedirs("%s/%s/.ssh" % (keypathprefix,user), 0700)
62 except:
63 pass
64 keyfile = "%s/%s/.ssh/authorized_keys" % (keypathprefix,user)
65 f = open(keyfile, 'w')
66 for key in keys:
67 f.write(key.strip() + "\n")
68 f.close()
69 os.chmod(keyfile, 0600)
70 os.chown(keyfile, uid, gid)
71 os.chmod("%s/%s/.ssh" % (keypathprefix,user), 0700)
72 os.chown("%s/%s/.ssh" % (keypathprefix,user), uid, gid)
73
74 if len(sys.argv) != 1:
75 usage()
76 sys.exit(1)
77
78 bindpw = get_pw(pwfile)
79
80 try:
81 ld = ldap.initialize(uri)
82 ld.set_option(ldap.OPT_NETWORK_TIMEOUT, timeout)
83 if uri.startswith("ldap:/"):
84 ld.start_tls_s()
85 ld.bind_s(binddn, bindpw)
86 res = ld.search_s(peopledn, ldap.SCOPE_ONELEVEL, filter, ['uid','sshPublicKey','uidNumber','gidNumber'])
87 try:
88 os.makedirs(keypathprefix, 0701)
89 except:
90 pass
91 for result in res:
92 dn, entry = result
93 # skip possible system users
94 if int(entry['uidNumber'][0]) < 500:
95 continue
96 write_keys(entry['sshPublicKey'], entry['uid'][0], int(entry['uidNumber'][0]), int(entry['gidNumber'][0]))
97 ld.unbind_s()
98 except Exception, e:
99 print "Error"
100 raise
101
102 sys.exit(0)
103
104
105 # vim:ts=4:sw=4:et:ai:si

Properties

Name Value
svn:executable *

  ViewVC Help
Powered by ViewVC 1.1.30