Added LDAP crosschecks

3b2991c3 · Enrico Zini · 6fc912de · 3b2991c3 · 3b2991c3 · 3b2991c3
Commit 3b2991c3 authored Mar 12, 2012 by Enrico Zini
--- a/dsa/models.py
+++ b/dsa/models.py
 from django.db import models
+from django.conf import settings
+import ldap

-# Create your models here.
+LDAP_SERVER = getattr(settings, "LDAP_SERVER", "ldap://db.debian.org")
+
+class Entry(object):
+    def __init__(self):
+        self.dn = None
+        self.attrs = None
+        self.uid = None
+
+    def init(self, dn, attrs):
+        """
+        Init entry to point at these attributes
+        """
+        self.dn = dn
+        self.attrs = attrs
+        self.uid = attrs["uid"][0]
+
+    def single(self, name):
+        """
+        Return a single value for a LDAP attribute
+        """
+        if name not in self.attrs:
+            return None
+        val = self.attrs[name]
+        if not val:
+            return None
+        return val[0]
+
+def list_people():
+    search_base = "dc=debian,dc=org"
+    l = ldap.initialize(LDAP_SERVER)
+    l.simple_bind_s("","")
+    # Create the object only once
+    entry = Entry()
+    for dn, attrs in l.search_s(search_base, ldap.SCOPE_SUBTREE, "objectclass=inetOrgPerson"):
+        entry.init(dn, attrs)
+        yield entry
--- a/maintenance/management/commands/maintenance.py
+++ b/maintenance/management/commands/maintenance.py
@@ -23,10 +23,10 @@ import optparse
 import sys
 import datetime
 import logging
-import ldap
 from backend import models as bmodels
 from backend import const
 import keyring.models as kmodels
+import dsa.models as dmodels

 log = logging.getLogger(__name__)

@@ -150,6 +150,9 @@ class Checker(object):
            log.warning("%d entries still have a NULL status_changed date", c)

    def check_keyring_consistency(self, **kw):
+        """
+        Show entries that do not match between keyrings and our DB
+        """
        # Prefetch people and index them by fingerprint
        people_by_fpr = dict()
        for p in bmodels.Person.objects.all():
@@ -182,6 +185,26 @@ class Checker(object):
                elif p.status not in status:
                    log.warning("Fingerprint %s is in %s keyring its corresponding person %s has status %s", fpr, keys, repr(p), p.status)

+    def check_ldap_consistency(self, **kw):
+        """
+        Show entries that do not match between LDAP and our DB
+        """
+        # Prefetch people and index them by fingerprint
+        people_by_uid = dict()
+        for p in bmodels.Person.objects.all():
+            if p.uid is None: continue
+            people_by_uid[p.uid] = p
+
+        for entry in dmodels.list_people():
+            try:
+                person = bmodels.Person.objects.get(uid=entry.uid)
+            except bmodels.Person.DoesNotExist:
+                log.warning("Person %s exists in LDAP but not in our db", entry.uid)
+                continue
+
+            if entry.single("gidNumber") == "800":
+                if person.status not in (const.STATUS_DD_U, const.STATUS_DD_NU):
+                    log.warning("%s has gidNumber 800 but the db has state %s", repr(person), person.status)

    def run(self, **opts):
        """

--- a/settings.py.devel
+++ b/settings.py.devel
@@ -177,3 +177,4 @@ LOGGING = {
 }

 KEYRINGS = "/home/enrico/dev/deb/keyring.debian.org/keyrings"
+LDAP_SERVER = "ldap://db.debian.org"