Context Navigation

source: dassldapsync/dassldapsync.py@ 1224

Last change on this file since 1224 was 1221, checked in by joergs, on Nov 16, 2016 at 4:18:48 PM
added syncrepl
Property svn:executable set to ``*
File size: 23.2 KB

Rev	Line
[1218]	1	#!/usr/bin/python
	2	# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4
	3
[1221]	4	# core modules
[1219]	5	import argparse
	6	import ConfigParser
[1221]	7	import logging
	8	from pprint import pprint
	9	import signal
	10	import subprocess
	11	import sys
	12	import time
	13
	14	# external modules
[1219]	15	import datetime
	16	import dateutil.parser
	17	import dateutil.tz
[1218]	18	import ldap
[1221]	19	from ldap.ldapobject import ReconnectLDAPObject
[1219]	20	import ldap.modlist
[1221]	21	from ldap.syncrepl import SyncreplConsumer
	22	import ldapurl
[1218]	23	import ldif
	24
[1221]	25
	26
[1219]	27	def getArguments():
	28	configfile = '/etc/dassldapsync.conf'
[1221]	29	parser = argparse.ArgumentParser(description='Synchronize the content of two LDAP servers.')
[1219]	30	parser.add_argument('-d', '--debug', action='store_true', help="enable debug output")
[1221]	31	parser.add_argument('configfile', default=configfile,
	32	help="Configuration file [default: {}]".format(configfile))
	33	return parser.parse_args()
[1218]	34
[1219]	35
[1221]	36	class Options(object):
[1218]	37	def __init__(self):
[1221]	38	self.delete = True
	39	self.starttls = False
	40	self.updateonly = False
	41	self.filter = None
	42	self.attrlist = None
	43	self.exclude = None
	44	self.renameattr = None
	45	self.renamecommand = None
	46	self.pwd_max_days = 0
	47
[1219]	48	class ConfigParserDefaults(ConfigParser.ConfigParser, object):
[1221]	49	def get(self, section, option, default=None):
[1219]	50	try:
	51	result = super(self.__class__, self).get(section, option)
	52	except ConfigParser.NoOptionError:
	53	if default is None:
	54	raise
	55	else:
	56	result = default
	57	return result
[1218]	58
[1221]	59	def get_section(self, section):
	60	if section in self._sections:
	61	return self._sections[section]
	62
	63	def get0(self, section, option, default=None):
[1219]	64	try:
	65	result = super(self.__class__, self).get(section, option)
	66	except ConfigParser.NoOptionError:
	67	result = default
	68	return result
[1218]	69
[1221]	70	def getboolean(self, section, option, default=None):
[1219]	71	try:
	72	result = super(self.__class__, self).getboolean(section, option)
	73	except ConfigParser.NoOptionError:
	74	if default is None:
	75	raise
	76	else:
	77	result = default
	78	return result
[1218]	79
[1221]	80	def get_ldap_url_obj(self, section):
	81	baseurl = 'ldap://{server}:389/{basedn}'.format(**(self.get_section(section)))
	82	attrs = None
	83	if self.get0(section, 'attributes') is not None:
	84	attrs = self.get(section, 'attributes').split(',')
	85	return ldapurl.LDAPUrl(
	86	baseurl,
	87	dn=self.get(section, 'baseDn', ''),
	88	who=self.get0(section, 'bindDn'),
	89	cred=self.get0(section, 'basePassword'),
	90	filterstr=self.get0(section, 'filter'),
	91	attrs=attrs
	92	)
	93
	94
[1218]	95	def readLDIFSource(path):
[1219]	96	logger = logging.getLogger()
	97	logger.info("reading LDAP objects from file {}".format(path))
[1221]	98	with open(path, 'r') as f:
[1218]	99	parser = ldif.LDIFRecordList(f)
	100	parser.parse()
	101	result = parser.all_records
	102	return result
	103
[1221]	104	def readLdapSource(server, binddn, bindpw, basedn, filterstr, attrlist=None, starttls=False):
[1219]	105	logger = logging.getLogger()
	106	logger.info("reading LDAP objects from server {}".format(server))
[1221]	107	con = ldap.open(server, port=389)
[1218]	108	if starttls:
[1221]	109	con.start_tls_s()
	110	con.simple_bind_s(binddn, bindpw)
	111	results = con.search_s(basedn, ldap.SCOPE_SUBTREE, filterstr, attrlist)
[1218]	112	return results
	113
[1220]	114	class LdapSync(object):
[1221]	115	def __init__(self, destserver,
	116	destbinddn, destbindpw,
	117	srcbasedn, destbasedn, options=Options()):
[1219]	118	self.logger = logging.getLogger()
[1221]	119
[1219]	120	self.destserver = destserver
	121	self.destbasedn = destbasedn
	122	self.destbinddn = destbinddn
	123	self.destbindpw = destbindpw
	124	self.options = options
[1221]	125
[1219]	126	self.srcbasedn = srcbasedn
[1218]	127
[1219]	128	self.con = None
[1218]	129
[1221]	130	self.attrmap = ldap.cidict.cidict({})
	131	self.classmap = {}
[1218]	132
[1221]	133	self.junk_attrs = ["memberof", "modifiersname", "modifytimestamp", "entryuuid",
	134	"entrycsn", "contextcsn", "creatorsname", "createtimestamp",
	135	"structuralobjectclass", "pwdchangedtime", "pwdfailuretime"]
	136
	137	self.reset_result()
	138
	139
	140	def reset_result(self):
	141	self.result = {
	142	'add': {'ok': [], 'failed': []},
	143	'update': {'ok': [], 'failed': []},
	144	'delete': {'ok': [], 'failed': []},
	145	}
	146
	147
	148	def _dest_ldap_connect(self):
[1219]	149	if self.con is None:
	150	self.logger.info("connect to destination LDAP server {}".format(self.destserver))
[1221]	151	self.con = ldap.open(self.destserver, port=389)
[1219]	152	if self.options.starttls:
	153	self.con.start_tls_s()
[1221]	154	self.con.simple_bind_s(self.destbinddn, self.destbindpw)
[1218]	155
[1219]	156	def __adapt_dn(self, dn):
	157	# move LDAP object to dest base
	158	if self.srcbasedn != self.destbasedn:
	159	dn_old = dn
[1221]	160	rpath = dn[:-len(self.srcbasedn)]
	161	dn = rpath+self.destbasedn
[1219]	162	self.logger.debug("moved {} to {}".format(dn_old, dn))
	163	# print "dn:",dn,"src:",srcbasedn,"rpath:",rpath,"dest:",destbasedn
	164	return dn
[1218]	165
[1219]	166	def __is_dn_included(self, dn):
	167	if self.options.exclude is None:
	168	return True
	169	if dn.lower().endswith(self.options.exclude):
	170	return False
	171	return True
[1218]	172
[1219]	173	def __adapt_source_ldap_objects(self, searchresult):
	174	"""
	175	Do configured modification to the source LDAP objects.
	176	"""
	177	self.logger.debug("modifying LDAP objects retrieved from source LDAP")
[1218]	178
[1221]	179	update_objects = []
	180
[1219]	181	for r in searchresult:
	182	dn = self.__adapt_dn(r[0])
[1221]	183	d = ldap.cidict.cidict(r[1])
[1218]	184
[1219]	185	if self.__is_dn_included(dn):
[1221]	186	objectclasses = d["objectclass"]
[1218]	187
[1221]	188	newObjectclasses = []
[1219]	189	for o in objectclasses:
	190	if o.lower() in self.classmap:
[1221]	191	new_oc = self.classmap[o.lower()]
	192	if new_oc not in newObjectclasses:
	193	newObjectclasses.append(new_oc)
[1219]	194	else:
[1221]	195	if o not in newObjectclasses:
[1219]	196	newObjectclasses.append(o)
	197
[1221]	198	d["objectclass"] = newObjectclasses
[1219]	199
	200	for a in d.keys():
[1221]	201	attr = a
[1219]	202	if self.attrmap.has_key(a.lower()):
[1221]	203	attr = self.attrmap[attr].lower()
	204	if attr.lower() != a.lower():
	205	values = d[a]
[1219]	206	del d[a]
[1221]	207	d[attr] = values
[1219]	208
[1221]	209	update_objects.append((dn, d))
[1219]	210	return update_objects
	211
	212
[1221]	213	def _get_dest_entry(self, dn, entry):
[1219]	214	"""
	215	In the destination LDAP, the objects should be named
	216	according to options.renameattr.
	217	"""
[1221]	218	attrlist = self.options.attrlist
	219
[1219]	220	existingDestDn = None
	221	existingDestEntry = None
	222	if self.options.renameattr and entry.has_key(self.options.renameattr):
[1221]	223	searchresult = self.con.search_s(
	224	self.destbasedn,
	225	ldap.SCOPE_SUBTREE,
	226	'%s=%s' % (self.options.renameattr, entry[self.options.renameattr][0]), attrlist)
	227	if searchresult is not None and len(searchresult) > 0:
[1219]	228	existingDestDn, existingDestEntry = searchresult[0]
	229	if existingDestDn.lower() != dn.lower():
[1221]	230	self.con.modrdn_s(existingDestDn, dn)
	231	self.notify_renamed(existingDestDn, dn,
	232	existingDestEntry[self.options.renameattr][0],
	233	entry[self.options.renameattr][0],
	234	options)
[1219]	235	if existingDestDn is None:
[1221]	236	searchresult = self.con.search_s(dn, ldap.SCOPE_BASE, 'objectclass=*', attrlist)
[1219]	237	existingDestDn, existingDestEntry = searchresult[0]
	238	return (existingDestDn, existingDestEntry)
	239
	240
	241	def __handle_pwdAccountLockedTime(self, dn, entry, now, max_age):
	242	# hack for syncing accounts locked by password policy
	243	do_unlock = False
[1221]	244	if self.options.pwd_max_days > 0 and entry.has_key('pwdChangedTime'):
[1219]	245	# print "pwdChangedTime set for",dn
	246	pwdChange = entry['pwdChangedTime'][0]
	247	d = dateutil.parser.parse(pwdChange)
[1221]	248	if (now-d) > max_age:
	249	entry['pwdAccountLockedTime'] = ['000001010000Z']
	250	self.logger.info("locking {} {}".format(dn, pwdChange))
[1218]	251	else:
[1219]	252	# pwdAccountLockedTime is a operational attribute,
	253	# and therefore not part of entry.
	254	# Do extra search to retrieve attribute.
[1221]	255	searchresult = self.con.search_s(
	256	dn, ldap.SCOPE_BASE,
	257	"objectclass=*", attrlist=['pwdAccountLockedTime'])
[1219]	258	tmp_dn, tmp_entry = searchresult[0]
	259	if tmp_entry.has_key('pwdAccountLockedTime'):
	260	do_unlock = True
	261	return do_unlock
[1218]	262
	263
[1221]	264	def _syncLdapObject(self, srcDn, srcAttributes):
[1219]	265	tzutc = dateutil.tz.gettz('UTC')
	266	now = datetime.datetime.now(tzutc)
	267	max_age = datetime.timedelta(days=self.options.pwd_max_days)
[1218]	268
[1221]	269	try:
	270	destDn, destAttributes = self._get_dest_entry(srcDn, srcAttributes)
[1218]	271
[1221]	272	# hack for syncing accounts locked by password policy
	273	do_unlock = self.__handle_pwdAccountLockedTime(srcDn, srcAttributes, now, max_age)
[1218]	274
[1221]	275	mod_attrs = ldap.modlist.modifyModlist(destAttributes, srcAttributes)
[1218]	276
[1221]	277	# hack for unlocking, see above
	278	if do_unlock:
	279	self.logger.info("unlocking {} {}".format(destDn, 'pwdAccountLockedTime'))
	280	mod_attrs.append((ldap.MOD_DELETE, 'pwdAccountLockedTime', None))
[1218]	281
[1221]	282	if self.options.attrlist is not None:
	283	mod_attrs = [a for a in mod_attrs if a[1].lower() in self.options.attrlist]
[1218]	284
[1221]	285	if self.junk_attrs is not None:
	286	mod_attrs = [a for a in mod_attrs if a[1].lower() not in self.junk_attrs]
[1218]	287
[1221]	288	if mod_attrs:
	289	try:
	290	self.logger.debug('mod_attrs: ' + str(mod_attrs))
	291	self.con.modify_s(srcDn, mod_attrs)
	292	self.notify_modified(srcDn)
	293	except:
	294	self.logger.exception('modify failed')
	295	self.notify_modified(srcDn, False)
[1218]	296
[1221]	297	except ldap.NO_SUCH_OBJECT:
	298	if not self.options.updateonly:
[1219]	299	try:
[1221]	300	self.con.add_s(srcDn, ldap.modlist.addModlist(srcAttributes, self.junk_attrs))
	301	self.notify_created(srcDn)
	302	except (ldap.OBJECT_CLASS_VIOLATION,
	303	ldap.NO_SUCH_OBJECT,
	304	ldap.CONSTRAINT_VIOLATION):
	305	self.notify_created(srcDn, False)
[1218]	306
[1221]	307
	308	def __syncLdapDestination(self, update_objects):
	309
	310	logger.debug("writing data to destination LDAP")
	311	for obj in update_objects:
	312	dn, entry = obj
	313	self._syncLdapObject(dn, entry)
	314
	315
[1219]	316	def __deleteDestLdapObjects(self, update_objects):
	317	"""
	318	Remove all LDAP objects in destination LDAP server
	319	that did not come from the source LDAP objects
	320	and are not excluded.
	321	"""
[1218]	322
[1221]	323	searchresult = self.con.search_s(self.destbasedn, ldap.SCOPE_SUBTREE, self.options.filter)
	324	existing = [x[0].lower() for x in searchresult]
[1218]	325
[1221]	326	morituri = existing
[1218]	327
[1219]	328	if self.destbasedn.lower() in existing:
	329	morituri.remove(self.destbasedn.lower())
[1218]	330
[1221]	331	for obj in update_objects:
	332	dn, entry = obj
[1218]	333	if dn.lower() in existing:
	334	morituri.remove(dn.lower())
	335	for dn in morituri:
[1219]	336	if self.__is_dn_included(dn):
	337	try:
	338	self.con.delete_s(dn)
[1221]	339	self.notify_deleted(dn)
[1219]	340	except:
[1221]	341	self.notify_deleted(dn, False)
[1218]	342
[1221]	343
[1219]	344	def sync(self, searchresult):
	345	"""
	346	Synchronize entries from searchresult to destination LDAP server.
	347	"""
[1221]	348	if len(searchresult) == 0:
[1219]	349	self.logger.error("empty source, aborting")
	350	return
	351
[1221]	352	self._dest_ldap_connect()
[1219]	353
	354	update_objects = self.__adapt_source_ldap_objects(searchresult)
[1221]	355	self.__syncLdapDestination(update_objects)
	356	if self.options.delete and not self.options.updateonly:
	357	self.__deleteDestLdapObjects(update_objects)
[1219]	358	self.con.unbind()
[1218]	359
[1221]	360	self.__log_summary(True)
[1218]	361
[1219]	362
[1221]	363	def __log_summary(self, show_failed=True, show_ok=False):
	364	result = self.result
[1219]	365	for action in result.keys():
	366	ok = len(result[action]['ok'])
	367	failed = len(result[action]['failed'])
	368	print "{} (ok: {}, failed: {}):".format(action, ok, failed)
	369
	370	if show_ok and ok > 0:
	371	print "succeeded:"
	372	print "\n".join(result[action]['ok'])
	373
	374	if show_failed and failed > 0:
	375	print "failed:"
	376	print "\n".join(result[action]['failed'])
	377
[1221]	378	def get_short_dn(self, dn):
	379	return dn.lower().replace(',' + self.srcbasedn.lower(), '')
[1219]	380
[1221]	381	def notify_created(self, dn, ok=True):
	382	if ok:
	383	logger.debug('{} created'.format(self.get_short_dn(dn)))
	384	self.result['add']['ok'].append(dn)
	385	else:
	386	self.logger.warning("failed to add {}".format(dn))
	387	self.result['add']['failed'].append(dn)
[1219]	388
[1221]	389	def notify_modified(self, dn, ok=True):
	390	if ok:
	391	logger.debug('{} modified'.format(self.get_short_dn(dn)))
	392	self.result['update']['ok'].append(dn)
	393	else:
	394	self.logger.error("failed to modify {}".format(dn))
	395	self.result['update']['failed'].append(dn)
[1219]	396
[1221]	397	def notify_deleted(self, dn, ok=True):
	398	if ok:
	399	logger.debug('{} deleted'.format(self.get_short_dn(dn)))
	400	self.result['delete']['ok'].append(dn)
	401	else:
	402	self.logger.error("failed to delete {}".format(dn))
	403	self.result['delete']['failed'].append(dn)
[1219]	404
	405	def notify_renamed(self, dn, newdn, uid, newuid, options):
[1221]	406	print "renamed", dn, newdn
	407	subprocess.check_call(
	408	"%s %s %s %s %s" % (options.renamecommand, dn, newdn, uid, newuid),
	409	shell=True)
[1219]	410
	411
[1221]	412
	413	class SyncReplConsumer(ReconnectLDAPObject, SyncreplConsumer):
	414	"""
	415	Syncrepl Consumer interface
	416	"""
	417
	418	def __init__(self, dest, syncrepl_entry_callback, args, *kwargs):
	419	self.logger = logging.getLogger()
	420	# Initialise the LDAP Connection first
	421	ldap.ldapobject.ReconnectLDAPObject.__init__(self, args, *kwargs)
	422	# We need this for later internal use
	423	self.__presentUUIDs = dict()
	424	self.cookie = None
	425	self.dest_ldap = dest
	426	self.syncrepl_entry_callback = syncrepl_entry_callback
	427
	428	def syncrepl_get_cookie(self):
	429	return self.cookie
	430
	431	def syncrepl_set_cookie(self, cookie):
	432	self.cookie = cookie
	433
	434	def syncrepl_entry(self, dn, attributes, uuid):
	435	# First we determine the type of change we have here
	436	# (and store away the previous data for later if needed)
	437	if uuid in self.__presentUUIDs:
	438	change_type = 'modify'
	439	else:
	440	change_type = 'add'
	441	# Now we store our knowledge of the existence of this entry
	442	self.__presentUUIDs[uuid] = dn
	443	# Debugging
	444	logger.debug('{}: {} ({})'.format(dn, change_type, ",".join(attributes.keys())))
	445	# If we have a cookie then this is not our first time being run,
	446	# so it must be a change
	447	if self.cookie is not None:
	448	self.syncrepl_entry_callback(dn, attributes)
	449
	450
	451	def syncrepl_delete(self, uuids):
	452	""" syncrepl_delete """
	453	# Make sure we know about the UUID being deleted, just in case...
	454	uuids = [uuid for uuid in uuids if uuid in self.__presentUUIDs]
	455	# Delete all the UUID values we know of
	456	for uuid in uuids:
	457	logger.debug('detected deletion of entry {} ({})', uuid, self.__presentUUIDs[uuid])
	458	del self.__presentUUIDs[uuid]
	459
	460	def syncrepl_present(self, uuids, refreshDeletes=False):
	461	""" called on initial sync """
	462	if uuids is not None:
	463	self.logger.debug('uuids: {}'.format(','.join(uuids)))
	464	# If we have not been given any UUID values,
	465	# then we have recieved all the present controls...
	466	if uuids is None:
	467	# We only do things if refreshDeletes is false as the syncrepl
	468	# extension will call syncrepl_delete instead when it detects a
	469	# delete notice
	470	if not refreshDeletes:
	471	deletedEntries = [
	472	uuid for uuid in self.__presentUUIDs
	473	]
	474	self.syncrepl_delete(deletedEntries)
	475	# Phase is now completed, reset the list
	476	self.__presentUUIDs = {}
	477	else:
	478	# Note down all the UUIDs we have been sent
	479	for uuid in uuids:
	480	self.__presentUUIDs[uuid] = True
	481
	482
	483	def syncrepl_refreshdone(self):
	484	self.logger.info('Initial synchronization is now done, persist phase begins')
	485	#self.logger.debug('UUIDs:\n' + '\n'.join(self.__presentUUIDs))
	486
	487
	488
	489	class LdapSyncRepl(LdapSync):
	490	def __init__(self, destsrv,
	491	destadmindn, destadminpw,
	492	basedn, destbasedn,
	493	options=Options(), source_ldap_url_obj=None):
	494	# Install our signal handlers
	495	signal.signal(signal.SIGTERM, self.shutdown)
	496	self.watcher_running = False
	497	self.source_ldap_url_obj = source_ldap_url_obj
	498	self.ldap_credentials = False
	499	self.source_ldap_connection = None
	500	super(LdapSyncRepl, self).__init__(destsrv,
	501	destadmindn, destadminpw,
	502	basedn, destbasedn, options)
	503
	504
	505	def sync(self):
	506	self._dest_ldap_connect()
	507	self.watcher_running = True
	508	while self.watcher_running:
	509	self.logger.info('Connecting to source LDAP server')
	510	# Prepare the LDAP server connection (triggers the connection as well)
	511	self.source_ldap_connection = SyncReplConsumer(self.con,
	512	self.perform_application_sync_callback,
	513	self.source_ldap_url_obj.initializeUrl())
	514
	515	if self.source_ldap_url_obj.who and self.source_ldap_url_obj.cred:
	516	self.ldap_credentials = True
	517	# Now we login to the LDAP server
	518	try:
	519	self.source_ldap_connection.simple_bind_s(
	520	self.source_ldap_url_obj.who, self.source_ldap_url_obj.cred)
	521	except ldap.INVALID_CREDENTIALS, e:
	522	print 'Login to LDAP server failed: ', str(e)
	523	sys.exit(1)
	524	except ldap.SERVER_DOWN:
	525	print 'LDAP server is down, going to retry.'
	526	time.sleep(5)
	527	continue
	528
	529	# Commence the syncing
	530	self.logger.info('Staring sync process')
	531	ldap_search = self.source_ldap_connection.syncrepl_search(
	532	self.source_ldap_url_obj.dn or '',
	533	self.source_ldap_url_obj.scope or ldap.SCOPE_SUBTREE,
	534	mode='refreshAndPersist',
	535	attrlist=self.source_ldap_url_obj.attrs,
	536	filterstr=self.source_ldap_url_obj.filterstr or '(objectClass=*)'
	537	)
	538
	539	try:
	540	while self.source_ldap_connection.syncrepl_poll(all=1, msgid=ldap_search):
	541	print ".",
	542	except KeyboardInterrupt:
	543	# User asked to exit
	544	print "aborted\n"
	545	self.shutdown(None, None)
	546	except Exception, e:
	547	# Handle any exception
	548	if self.watcher_running:
	549	self.logger.exception('Encountered a problem, going to retry.')
	550	time.sleep(5)
	551
	552	def perform_application_sync_callback(self, dn, attributes):
	553	logger.debug('{}: src: {}'.format(dn, str(attributes)))
	554	try:
	555	self._syncLdapObject(dn, attributes)
	556	except ldap.NO_SUCH_OBJECT:
	557	self.logger.info("SKIPPED: {} object does not exist on target".format(dn))
	558	return False
	559	return True
	560
	561	def shutdown(self, signum, stack):
	562	# Declare the needed global variables
	563	self.logger.info('Shutting down!')
	564
	565	# We are no longer running
	566	self.watcher_running = False
	567
	568
[1218]	569	if __name__ == "__main__":
[1219]	570	logging.basicConfig(format='%(levelname)s %(module)s.%(funcName)s: %(message)s', level=logging.INFO)
	571	logger = logging.getLogger()
	572
[1221]	573	args = getArguments()
[1219]	574	if args.debug:
	575	logger.setLevel(logging.DEBUG)
[1221]	576	conffile = args.configfile
[1219]	577
[1218]	578	exclude = None
	579
[1221]	580	config = ConfigParserDefaults()
[1218]	581	config.read(conffile)
	582
	583	srcfile = None
	584	try:
[1221]	585	srcfile = config.get("source", "file")
[1218]	586	except:
	587	pass
	588
[1221]	589	basedn = config.get("source", "baseDn")
	590	filterstr = config.get0("source", "filter", None)
[1218]	591
[1221]	592	if srcfile is None:
	593	srv = config.get("source", "server")
	594	admindn = config.get("source", "bindDn")
	595	adminpw = config.get("source", "bindPassword")
	596	starttls = config.getboolean("source", "starttls")
[1218]	597
[1221]	598	destsrv = config.get("destination", "server")
	599	destadmindn = config.get("destination", "bindDn")
	600	destadminpw = config.get("destination", "bindPassword")
	601	destbasedn = config.get("destination", "baseDn")
	602	destdelete = config.getboolean("destination", "delete")
[1218]	603	try:
[1221]	604	rdn = config.get("destination", "rdn")
[1219]	605	logger.warning("setting rdn is currently ignored")
[1218]	606	except:
[1219]	607	pass
[1218]	608
[1219]	609	options = Options()
[1218]	610	try:
[1221]	611	options.exclude = config.get("destination", "excludesubtree").lower()
[1218]	612	except:
[1219]	613	pass
[1218]	614
[1221]	615	options.updateonly = not config.getboolean("destination", "create", False)
	616	options.starttls = config.getboolean("destination", "starttls", False)
	617	options.renameattr = config.get0("destination", "detectRename", None)
	618	options.renamecommand = config.get0("destination", "detectRename", None)
	619	options.pwd_max_days = int(config.get("source", "pwd_max_days", 0))
	620	options.filter = filterstr
[1219]	621
[1221]	622	# Set source.attrlist as global option.
	623	# If source would use less attributes than dest,
	624	# all attributes not retrieved from source would be deleted from dest
[1218]	625	try:
[1221]	626	options.attrlist = config.get("source", "attributes").split(",")
[1218]	627	except:
[1221]	628	options.attrlist = None
[1218]	629
[1221]	630	if config.get0('source', 'mode') == 'syncrepl':
	631	ldapsync = LdapSyncRepl(
	632	destsrv, destadmindn, destadminpw, basedn, destbasedn,
	633	options,
	634	source_ldap_url_obj=config.get_ldap_url_obj('source'))
	635	ldapsync.sync()
[1218]	636	else:
[1221]	637	if srcfile:
	638	objects = readLDIFSource(srcfile)
	639	else:
	640	objects = readLdapSource(srv, admindn, adminpw,
	641	basedn, filterstr, options.attrlist, starttls)
[1218]	642
[1221]	643	ldapsync = LdapSync(destsrv, destadmindn, destadminpw, basedn, destbasedn, options)
	644	ldapsync.sync(objects)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: