--- sync_ldap_groups_to_svn_authz.py.orig 2010-07-15 16:41:58.000000000 -0400 +++ sync_ldap_groups_to_svn_authz.py 2010-07-20 13:51:26.000000000 -0400 @@ -23,9 +23,11 @@ import ConfigParser, datetime, getpass, os, re, sys, tempfile from optparse import OptionParser +import shutil try: import ldap + from ldap.controls import SimplePagedResultsControl except ImportError: print("Unable to locate the 'ldap' module. Please install python-ldap. " \ "(http://python-ldap.sourceforge.net)") @@ -83,7 +85,7 @@ ################################################################################ application_name = "LDAP Groups to Subversion Authz Groups Bridge" -application_version = "1.0.1" +application_version = "1.0.2p1" application_description = "The '%s' is a simple script that will query your " \ "directory server for group objects and create a " \ "representation of those groups in your Subversion " \ @@ -106,7 +108,7 @@ return ldapobject # bind() - + def search_for_groups(ldapobject): """This function will search the LDAP directory for group definitions.""" @@ -120,6 +122,28 @@ for i in range(len(result_set)): for entry in result_set[i]: + # check if there is a member;range#-# attribute + tmp_entry = entry + rangesplit = None + while True: + for key in tmp_entry[1].keys(): + if key.startswith('member;'): + member_range = key + rangesplit = member_range.strip('member;range=').split('-') + break + + if rangesplit: + # continue lookups + entry[1]['member'].extend(tmp_entry[1][member_range]) + if rangesplit[1] != '*': + result_id = ldapobject.search_ext(tmp_entry[0], ldap.SCOPE_SUBTREE, attrlist=['member;range=%s-*' % (int(rangesplit[1]) + 1)]) + tmp_entry = ldapobject.result(result_id)[1][0] + else: + break + else: + break + if entry[1].has_key('member'): + print "%s: %s" % (entry[0], len(entry[1]['member'])) groups.append(entry) if verbose: @@ -132,15 +156,33 @@ def get_ldap_search_resultset(base_dn, group_query, ldapobject): """This function will return a query result set.""" result_set = [] - result_id = ldapobject.search(base_dn, ldap.SCOPE_SUBTREE, group_query) - while 1: - result_type, result_data = ldapobject.result(result_id, 0) + page_size = 500 + lc = SimplePagedResultsControl(ldap.LDAP_CONTROL_PAGE_OID,True,(page_size,'')) + result_id = ldapobject.search_ext(base_dn, ldap.SCOPE_SUBTREE, group_query, serverctrls=[lc]) - if (result_type == ldap.RES_SEARCH_ENTRY): + while 1: + while 1: + result_type, result_data, rmsgid, serverctrls = ldapobject.result3(result_id, 0) + if (result_type == ldap.RES_SEARCH_ENTRY): result_set.append(result_data) - elif (result_type == ldap.RES_SEARCH_RESULT): - break + elif (result_type == ldap.RES_SEARCH_RESULT): + break + pctrls = [ + c + for c in serverctrls + if c.controlType == ldap.LDAP_CONTROL_PAGE_OID + ] + if pctrls: + est, cookie = pctrls[0].controlValue + if cookie: + lc.controlValue = (page_size, cookie) + result_id = ldapobject.search_ext(base_dn, ldap.SCOPE_SUBTREE, group_query, serverctrls=[lc]) + else: + break + else: + print "Warning: Server ignores RFC 2696 control." + break return result_set @@ -157,7 +199,8 @@ for group in groups: group_members = [] members = [] - + # XXX + print "GROUP: %s" % (group[0]) if group[1].has_key(group_member_attribute): group_members = group[1][group_member_attribute] @@ -342,7 +385,7 @@ if (os.path.exists(authz_path)): os.rename(authz_path, authz_path + ".bak") - os.rename(tmp_authz_path, authz_path) + shutil.copy(tmp_authz_path, authz_path) else: tmpfile = open(tmp_authz_path, 'r')