Recent Changes - Search:

Bob Brandt

Linux Projects

Server Projects

Desktop Projects

Novell Projects

VMware Projects

N900 (Maemo) Projects

Python Projects

OpenOffice.org Projects

Other Projects

PmWiki

edit SideBar

Novell /

UpdateGUID.py

Novell.Updateguidpy History

Hide minor edits - Show changes to output

November 05, 2007, at 03:04 PM by 82.141.254.184 -
Added lines 1-56:
(:title UpdateGUID.py :)

Integrating eDirectory with other Databases is very useful when those other databases need to have users login, or access user attributes. But a problem arises when you need to store historical information. Say a John Smith is in the company, leaves and then other John Smith joins the same department years later. History data referring only to the username might pick up the incorrect information.

The obvious answer is to use either an employee number or the Government Tax Number. (i.e. SSN or PPS) The problem with this client was that personnel was unable to give employee numbers to everyone (as there were two separate personnel divisions and neither were responsible for the random contractors) and we were forbidden from using the Government Number as it was viewed as a personal security violation. So IT needed a way to create it's own unique ID. Since all users have a user in eDirectory, we decided to use the GUID attribute of the User Object.

Problem with this approach was that many databases were unable to read the GUID attribute directly from LDAP since it was stored as a Binary Object. So I created this Python Script that would run every so often and copy the users Binary GUID to the ASCII workforceID attribute. The script only updates users that do not already have a workforceID. This allows Administrators to override the default GUID (i.e. in case a user was deleted and re-created by mistake)

(:div style="border-style:ridge; border-width:2px; background-color:#ffffcc; margin-left:50px; overflow:auto; font-size:small; width:650px; height:500px;":)
[@
#!/usr/bin/env python
#

def updateGUID(sleeptime=3):
""" Use this function to update all the guids in the eDirectory Novell Tree
"""
import ldap, codecs
from string import upper
from time import sleep

updateServer = "ldap.server.domain.name"
updateUsername = "cn=updateGUID,ou=location,ou=in,o=tree"
updatePassword = "password for user above"
updateBase = "o=tree"
updateFilter = "(&(!(workforceID=*))(objectClass=person))"
updateAttributes = ["guid"]
updateTimeout = 0

l = ldap.open(updateServer)
l.protocol_version = ldap.VERSION3
l.simple_bind_s(updateUsername, updatePassword)

LDAPObjects = []
ldap_result_id = l.search(updateBase, ldap.SCOPE_SUBTREE, updateFilter, updateAttributes)
while 1:
result_type, result_data = l.result(ldap_result_id, updateTimeout)
if (result_data == []):
break
else:
if result_type == ldap.RES_SEARCH_ENTRY:
LDAPObjects.append(result_data)

## Update each objects
if len(LDAPObjects) > 0:
for LDAPObject in LDAPObjects:
for LDAPsubObject in LDAPObject:
dn = str(LDAPsubObject[0])
guid = upper(LDAPsubObject[1]["guid"][0].encode("hex"))
modlist = [ (ldap.MOD_REPLACE, "workforceID", guid) ]
l.modify(dn, modlist)

l.unbind()
sleep(sleeptime)

@]
(:divend:)
Restore
Edit - History - Print - Recent Changes - Search
Page last modified on November 05, 2007, at 03:04 PM