checkpoint, update get/set users

scripts/get_ldap_users.py

@@ -27,9 +27,10 @@ def fetch_user_details(ldap_server_url, bind_dn, bind_password, search_base, gro
     """
     Fetches user details from the LDAP server and processes their attributes.
 
-    The function binds to an LDAP server and retrieves user entries based on 
-    the specified search base and filter. It also checks group memberships for 
-    each user and processes attributes like `cn`, `mail`, `telephoneNumber`, etc.
+    The function binds to an LDAP server and retrieves user entries based on
+    the specified search base and filter. It also checks group memberships for
+    each user and processes attributes like `cn`, `mail`, `telephoneNumber`, etc.,
+    including posixAccount attributes.
 
     Args:
         ldap_server_url (str): The URL of the LDAP server (e.g., ldap://localhost).
@@ -45,28 +46,28 @@ def fetch_user_details(ldap_server_url, bind_dn, bind_password, search_base, gro
     try:
         parsed_url = urlparse(ldap_server_url)
         host = parsed_url.hostname
-        port = parsed_url.port
+        port = parsed_url.port if parsed_url.port else (636 if parsed_url.scheme == 'ldaps' else 389)
         use_ssl = parsed_url.scheme == 'ldaps'
 
         # Initialize and bind to the LDAP server
         server = Server(host, port=port, use_ssl=use_ssl, get_info=ALL)
         conn = Connection(server, user=bind_dn, password=bind_password, auto_bind=True)
 
-        # Search for user entries
-        search_filter = '(objectClass=inetOrgPerson)'
-        retrieve_attributes = [
-            'uid', 'cn', 'sn', 'mail', 'telephoneNumber',
-            'givenName', 'displayName', 'o', 'ou',
-            'runAsUser', 'runAsGroup', 'fsGroup', 'supplementalGroups'
-        ]
-
         # Check if the search base exists
         base_check = conn.search(search_base, '(objectClass=*)', search_scope=SUBTREE, attributes=[])
         if not base_check:
             print(f"Search base '{search_base}' does not exist.")
             return []
 
-        # Search for users and process the results
+        # Search for user entries
+        search_filter = '(|(objectClass=inetOrgPerson)(objectClass=posixAccount))'
+        retrieve_attributes = [
+            'uid', 'cn', 'sn', 'mail', 'telephoneNumber',
+            'givenName', 'displayName', 'o', 'ou',
+            'runAsUser', 'runAsGroup', 'fsGroup', 'supplementalGroups',
+            'uidNumber', 'gidNumber', 'homeDirectory', 'loginShell'
+        ]
+
         conn.search(search_base, search_filter, search_scope=SUBTREE, attributes=retrieve_attributes)
 
         # Return an empty list if no users are found
@@ -82,14 +83,20 @@ def fetch_user_details(ldap_server_url, bind_dn, bind_password, search_base, gro
             # Process each attribute and handle missing attributes
             for attr in retrieve_attributes:
                 if attr in entry_dict and entry_dict[attr]:
-                    if attr in ['runAsUser', 'runAsGroup', 'fsGroup']:
+                    if attr in ['runAsUser', 'runAsGroup', 'fsGroup', 'uidNumber', 'gidNumber']:
                         processed_entry[attr] = int(entry_dict[attr][0])
                     elif attr == 'supplementalGroups':
                         processed_entry[attr] = [int(x) for x in entry_dict[attr]]
                     else:
                         processed_entry[attr] = entry_dict[attr][0]
                 else:
-                    processed_entry[attr] = ""
+                    # Assign default values for certain attributes
+                    if attr in ['uidNumber', 'gidNumber']:
+                        processed_entry[attr] = None
+                    elif attr == 'supplementalGroups':
+                        processed_entry[attr] = []
+                    else:
+                        processed_entry[attr] = ""
 
             # Fetch group memberships for the user
             user_dn = entry.entry_dn

scripts/set_ldap_users.py

@@ -51,12 +51,12 @@ def create_ldap_user(user, ldap_config):
     """
     Create or update an LDAP user and manage group memberships.
 
-    This function creates a new LDAP user if they don't exist or updates the user's 
+    This function creates a new LDAP user if they don't exist or updates the user's
     attributes if they already exist. It also handles assigning the user to LDAP groups.
 
     Args:
         user (dict): Dictionary containing user details such as UID, CN, SN, and groups.
-        ldap_config (dict): Dictionary containing LDAP configuration details such as 
+        ldap_config (dict): Dictionary containing LDAP configuration details such as
                             LDAP server URL, bind DN, and base DNs.
 
     Returns:
@@ -83,7 +83,7 @@ def create_ldap_user(user, ldap_config):
         # Create or update the user
         user_dn = f"uid={user['uid']},{ldap_config['user_base']}"
         attrs = {
-            'objectClass': ['inetOrgPerson', 'organizationalPerson', 'person', 'kubernetesSC', 'top'],
+            'objectClass': ['inetOrgPerson', 'organizationalPerson', 'person', 'posixAccount', 'kubernetesSC', 'top'],
             'uid': user['uid'],
             'cn': user['cn'],
             'sn': user['sn'],
@@ -96,7 +96,11 @@ def create_ldap_user(user, ldap_config):
             'supplementalGroups': [str(group) for group in user.get('supplementalGroups', [])],
             'runAsUser': str(user['runAsUser']),
             'runAsGroup': str(user['runAsGroup']),
-            'fsGroup': str(user['fsGroup'])
+            'fsGroup': str(user['fsGroup']),
+            'uidNumber': str(user.get('uidNumber', user['runAsUser'])),
+            'gidNumber': str(user.get('gidNumber', user['runAsGroup'])),
+            'homeDirectory': user.get('homeDirectory', f"/home/{user['uid']}"),
+            'loginShell': user.get('loginShell', '/bin/bash'),
         }
 
         # Check if the user already exists