diff options
Diffstat (limited to 'gitolite-tools/gitolite-groups')
| -rwxr-xr-x | gitolite-tools/gitolite-groups | 94 |
1 files changed, 47 insertions, 47 deletions
diff --git a/gitolite-tools/gitolite-groups b/gitolite-tools/gitolite-groups index e524fde..c5434bb 100755 --- a/gitolite-tools/gitolite-groups +++ b/gitolite-tools/gitolite-groups @@ -24,71 +24,71 @@ import urllib from ConfigParser import ConfigParser +sys.path.append(os.path.join(os.path.dirname(__file__), '..')) +import linaro_ldap + DEFAULT_CONFIG_FILE = "gitolite-tools.conf" CONFIG = ConfigParser() CONFIG.read(os.path.join(os.path.dirname(sys.argv[0]), DEFAULT_CONFIG_FILE)) +def get_crowd_user(user): + '''Crowd requires our LDAP's CN attribute as its "username" parameter''' + with linaro_ldap.ldap_client(linaro_ldap.build_config()) as client: + search_filter = "(uid={0})".format(user) + base_dn = 'ou=accounts,dc=linaro,dc=org' + result = client.search_s( + base_dn, ldap.SCOPE_SUBTREE, search_filter, attrlist=['cn']) + if result: + try: + return result[0][1]['cn'][0] + except KeyError: + sys.stderr.write( + "gitolite-groups: ERROR: User {0} does not have an email " + "address.\n".format(user)) + + def get_groups(user): crowd_usr = CONFIG.get("crowd", "crowd_name") crowd_pwd = CONFIG.get("crowd", "crowd_pwd") - ldap_uri = CONFIG.get("ldap", "ldap_uri") - ldap_user = CONFIG.get("ldap", "ldap_user") - ldap_key = CONFIG.get("ldap", "ldap_key") - base_dn = CONFIG.get("ldap", "base_dn") - - ldap_client = ldap.initialize(ldap_uri, trace_level=0) - ldap_client.set_option(ldap.OPT_REFERRALS, 0) - ldap_client.simple_bind(ldap_user, ldap_key) - - search_filter = "(uid={0})".format(user) - result = ldap_client.search_s(base_dn, ldap.SCOPE_SUBTREE, search_filter, - attrlist=['mail', 'cn']) + user = get_crowd_user(user) user_teams = "" crowd_error = False - if result: - try: - user = result[0][1]['cn'][0] - - params = {"username": user} - auth = base64.encodestring('{0}:{1}'.format(crowd_usr, crowd_pwd)) - headers = { - "Authorization": "Basic {0}".format(auth), - "Accept": "application/json" - } - url = "/user/group/nested?{0}".format( - urllib.urlencode(params)) + if user: + params = {"username": user} + auth = base64.encodestring('{0}:{1}'.format(crowd_usr, crowd_pwd)) + headers = { + "Authorization": "Basic {0}".format(auth), + "Accept": "application/json" + } + url = "/user/group/nested?{0}".format( + urllib.urlencode(params)) + + c = httplib.HTTPSConnection("login.linaro.org", 8443) + c.request("GET", "/crowd/rest/usermanagement/1{0}".format(url), + headers=headers) - c = httplib.HTTPSConnection("login.linaro.org", 8443) - c.request("GET", "/crowd/rest/usermanagement/1{0}".format(url), - headers=headers) + try: + resp = c.getresponse() - try: - resp = c.getresponse() - - if resp.status != 200: - sys.stderr.write("gitolite-groups: ERROR: Non-successful " - "response from Crowd: %s\n" % resp.status) - crowd_error = True - else: - data = json.load(resp) - names = [x["name"] for x in data["groups"]] - user_teams = " ".join(names) - except IOError, e: - sys.stderr.write("gitolite-groups: ERROR: No connection to " - "Crowd server.\n") - sys.stderr.write(e) + if resp.status != 200: + sys.stderr.write("gitolite-groups: ERROR: Non-successful " + "response from Crowd: %s\n" % resp.status) crowd_error = True - - except KeyError: - sys.stderr.write("gitolite-groups: ERROR: User {0} does not have " - "an email address.\n".format(user)) + else: + data = json.load(resp) + names = [x["name"] for x in data["groups"]] + user_teams = " ".join(names) + except IOError, e: + sys.stderr.write("gitolite-groups: ERROR: No connection to " + "Crowd server.\n") + sys.stderr.write(e) crowd_error = True - if crowd_error: + if crowd_error or not user: sys.stderr.write("gitolite-groups: Warning: Group memberships " "unavailble, access to some repositories may " "be blocked.\n") |