diff --git usr/bin/importation_scribe usr/bin/importation_scribe index 0db4982..47f5c80 100755 --- usr/bin/importation_scribe +++ usr/bin/importation_scribe @@ -42,21 +42,22 @@ choix de la source de données et imports - personnels administratifs - comptes invités """ import sys from os import environ, getcwd, chdir from os.path import isfile, dirname from pyeole.process import system_out, system_code from scribe.storage import init_store from scribe.eoleldap import Ldap -from scribe.ldapconf import SUPPORT_ETAB +from scribe.eoleuser import User +from scribe.ldapconf import SUPPORT_ETAB, PROF_FILTER from scribe.eoletools import nscd_start, nscd_stop from scribe.parsing import sconet, aaf, be1d, scribecsv2 from scribe.importation import preferences, writer, config from scribe.importation import log #______________________________________________________________________________ # utilitaires de manipulation de la console class OutOfRange(Exception): """ Exception OutOfRange """ @@ -458,33 +459,44 @@ class Console: """ log.add_lock() log.debuglog("Arrêt de LSC...", title=True) nscd_stop() connexion = Ldap() connexion.connect() if SUPPORT_ETAB: prefs = preferences.get_enseignants_prefs() etab = prefs.get_default('etab') etab_prefix = prefs.get_default('etab_prefix') + purge_option = 'keep' + old_logins = connexion._search('(&{})'.format(PROF_FILTER), 'uid') + else: etab = None etab_prefix = '' if self.import_type != 'maj': writer.purge_equipes(connexion=connexion, etab=etab) writer.verify_classe(store=self.store, connexion=connexion, etab_prefix=etab_prefix) writer.write_matiere(store=self.store, connexion=connexion, etab=etab, etab_prefix=etab_prefix) writer.verify_option(store=self.store, connexion=connexion, etab_prefix=etab_prefix) - writer.write_enseignant(store=self.store, connexion=connexion, + logins = writer.write_enseignant(store=self.store, connexion=connexion, etab=etab) + if SUPPORT_ETAB: + user = User() + user.ldap_admin = connexion + obsolete_logins = [login[1]['uid'] for login in old_logins if login[1]['uid'] not in logins] + for obsolete_login in obsolete_logins: + # eoleusers from dns and eoleuser._quit_etab + user._quit_etab(obsolete_login, etab=etab) + print(obsolete_logins) if self.data_type in ['sconet', 'aaf']: writer.write_service(store=self.store, connexion=connexion, etab=etab, etab_prefix=etab_prefix) writer.write_administratif(store=self.store, connexion=connexion, etab=etab) writer.write_samba(connexion) connexion.close() log.debuglog("Démarrage de LSC...", title=True) nscd_start() log.del_lock() diff --git usr/lib/python3/dist-packages/scribe/enseignants.py usr/lib/python3/dist-packages/scribe/enseignants.py index 69f3411..97bf905 100644 --- usr/lib/python3/dist-packages/scribe/enseignants.py +++ usr/lib/python3/dist-packages/scribe/enseignants.py @@ -145,45 +145,37 @@ class Enseignant(User): rep = join(AD_HOME_PATH, login) # répertoire supérieur clear_acl(rep) set_user_acl(rep, login, 'rwx') copy_default_acl(rep) # chown pour la prise en compte des quotas set_owner(perso, login) if 'quota' in args: set_quota(login, args['quota']) - def _change_etab(self, user, old_etab, new_etab): + def _change_etab(self, user, new_etab): old_dn = self.get_user_dn(user) new_dn = self.get_user_dn(user, force_etab=new_etab) #copie de l'utilisateur + suppression uidfilter = "(&%s(uid=%s))" % (USER_FILTER, user) cur_ldif = self.ldap_admin._search_one(uidfilter) - self._desinscription(user, old_etab, sync=False) - self._desinscription(user, 'profs-' + old_etab, sync=False) - for grp in self._get_user_groups(user, old_etab): - self._desinscription(user, grp, sync=False) self.ldap_admin._delete(old_dn) #Suppression du cache self.cache_etab['login'].pop(user) self.ldap_admin._add(new_dn, modlist.addModlist(cur_ldif)) - #inscription dans le groupe du nouvel etablissement - self._inscription(user, new_etab, sync=False, etab=num_etab) - self._inscription(user, 'profs-' + new_etab, sync=False, etab=new_etab) - def _update(self, login, **args): """ Mise à niveau Enseignant via l'extraction """ - if 'etab' in args: - user_dn = self.get_user_dn(login, force_etab=args.get('etab')) #USER_DN % dict(uid=login, _type=self._type) + if 'etab' in args: # cas multi-étab => enseignant dans une UO spécifique + user_dn = self.get_user_dn(login, force_etab='00000000') #USER_DN % dict(uid=login, _type=self._type) else: user_dn = self.get_user_dn(login) #USER_DN % dict(uid=login, _type=self._type) datas = [] if not_empty(args, 'mail_acad'): datas.append((MOD_REPLACE, 'FederationKey', args['mail_acad'].lower())) if not_empty(args, 'int_id'): datas.append((MOD_REPLACE, 'intid', args['int_id'] )) if not_empty(args, 'entpersonjointure'): datas.append((MOD_REPLACE, 'ENTPersonJointure', args['entpersonjointure'])) @@ -196,21 +188,21 @@ class Enseignant(User): datas.append((MOD_REPLACE, 'ENTAuxEnsCategoDiscipline', args['disciplines'])) datas.append((MOD_REPLACE, 'sn', args['nom'])) datas.append((MOD_REPLACE, 'givenName', args['prenom'])) datas.append((MOD_REPLACE, 'cn', "%(prenom)s %(nom)s" % args )) datas.append((MOD_REPLACE, 'displayName', "%(prenom)s %(nom)s" % args )) datas.append((MOD_REPLACE, 'gecos', replace_cars("%(prenom)s %(nom)s" % args) )) datas.append((MOD_REPLACE, 'LastUpdate', format_current_date())) self.ldap_admin._modify(user_dn, datas) if not_empty(args, 'groups'): groups = to_list(args['groups']) - old_groups = self._get_user_groups(login) + old_groups = self._get_user_groups(login, etab=args.get('etab')) for group in groups: if group not in old_groups: self._inscription(login, group, sync=False) self._gen_ftpdir(login) self._gen_groupesdir(login) def _Upgrade(self, login): """ Mise à niveau d'un compte enseignant """ diff --git usr/lib/python3/dist-packages/scribe/eoleldap.py usr/lib/python3/dist-packages/scribe/eoleldap.py index 45ec338..9a67c6d 100644 --- usr/lib/python3/dist-packages/scribe/eoleldap.py +++ usr/lib/python3/dist-packages/scribe/eoleldap.py @@ -8,21 +8,21 @@ # eoleldap.py # # librairie pour la connexion à un serveur ldap # ########################################################################### """ Librairie Ldap pour Scribe """ import sys from .ldapconf import SUFFIX, ROOT_DN, USER_FILTER, GROUP_FILTER, SHARE_FILTER, \ - SUPPORT_ETAB, ldap_server, ldap_passwd, num_etab, BRANCHE_GROUP_ETAB, LDAP_MODE, acad + SUPPORT_ETAB, ldap_server, ldap_passwd, num_etab, BRANCHE_GROUP_ETAB, BRANCHE_ETAB, LDAP_MODE, acad from scribe.errors import LdapExistingGroup, LdapExistingUser, \ SystemExistingUser, NiveauNotFound from .eoletools import to_list import ldap from ldap import SCOPE_ONELEVEL def is_system_user(user): """ indique si le login proposé est déjà un utilisateur système @@ -267,29 +267,27 @@ class _LdapEntry(object): res = res['memberUid'] res.sort() return res else: return [] def _get_user_groups(self, login, etab=None): """ renvoit la liste des groupes d'un utilisateur """ + if etab: + suffix = BRANCHE_ETAB % {'etab': etab} + else: + suffix = None res = self.ldap_admin._search("(&%s(memberUid=%s))" % ( - GROUP_FILTER, login), 'cn') - groups = [] - for group in res: - if etab is not None: - grp_etab = group[0].split(',ou=')[-3] - if etab != grp_etab: - continue - groups.append(group[1]['cn'][0]) + GROUP_FILTER, login), 'cn', suffix=suffix) + groups = [group[1]['cn'][0] for group in res] groups.sort() return groups def _get_users(self, filtre='', attrs=['uid']): """ recherche d'utilisateurs """ users = [] res = self.ldap_admin._search("(&%s%s)" % (USER_FILTER, filtre), attrs) for user in res: diff --git usr/lib/python3/dist-packages/scribe/eoleuser.py usr/lib/python3/dist-packages/scribe/eoleuser.py index 05569fd..c092698 100644 --- usr/lib/python3/dist-packages/scribe/eoleuser.py +++ usr/lib/python3/dist-packages/scribe/eoleuser.py @@ -410,20 +410,25 @@ class User(LdapEntry): grp = Group() grp.ldap_admin = self.ldap_admin if touch: grp._touch(groupe) # cas eleve + option if sync: self._gen_ftpdir(login) self._gen_groupesdir(login) return True + def _quit_etab(self, user, etab): + self._desinscription(user, etab, sync=False) + for grp in self._get_user_groups(user, etab): + self._desinscription(user, grp, sync=False) + def _gen_ftpdir(self, login): """ Gestion du répertoire "/home/adhomes//.ftp" """ homedir = join(AD_HOME_PATH, login) ftpdir = join(homedir, '.ftp') if isdir(ftpdir): rmtree(ftpdir) makedirs(ftpdir, 0o500) system('/bin/chown %s %s' % (login, ftpdir)) @@ -594,27 +599,27 @@ class User(LdapEntry): authldap = Ldap(binddn=user_dn, passwd=password) try: authldap.connect() authldap.close() return True except: authldap.close() return False - def get_user_groups(self, login): + def get_user_groups(self, login, etab=None): """ renvoie la liste des groupes d'un utilisateur avec connexion ldap """ self.ldap_admin.connect() - res = self._get_user_groups(login) + res = self._get_user_groups(login, etab=etab) self.ldap_admin.close() return res def _touch(self, login): """ Mise à jour de l'attribut LastUpdate """ self._set_attr(login, 'LastUpdate', tool.format_current_date()) def _get_ead_type(self, login): diff --git usr/lib/python3/dist-packages/scribe/importation/writer.py usr/lib/python3/dist-packages/scribe/importation/writer.py index 34ce0fb..d4a2f27 100644 --- usr/lib/python3/dist-packages/scribe/importation/writer.py +++ usr/lib/python3/dist-packages/scribe/importation/writer.py @@ -832,25 +832,26 @@ def _maj_enseignant(enseignant, user, login, etab, administratif=False): """ traitement d'un enseignant existant (mise à jour) enseignant : store.Enseignant() user : eoleuser.Enseignant() login : uid de l'utilisateur dans ldap administratif : personnel administratif avec un compte enseignant """ log.log.debug("maj de %s" % login) classe = [] groups = [] + special_etab = '00000000' # attention : des administratifs peuvent avoir un compte enseignant if isinstance(enseignant, Enseignant): old_etab = user.get_etab(login) - if old_etab != etab: - user._change_etab(login, old_etab, etab) + if old_etab != special_etab: + user._change_etab(login, special_etab) for joint in enseignant.get_classes(): groups.append('profs-%s' % str(joint.classe.nom)) if joint.profprincipal: classe.append(str(joint.classe.nom)) for matiere in enseignant.get_matieres(): groups.append(str(matiere.nom)) for option in enseignant.get_groupes(): groups.append('profs-%s' % str(option.nom)) disciplines = eval(enseignant.disciplines) else: @@ -885,20 +886,21 @@ def write_enseignant(store, connexion, etab=None, current_ead_user=config.DEFAUL log.write_header(config.ENS_HEADER, config.ENS_INFO) user = LdapEnseignant() user.ldap_admin = connexion prefs = preferences.get_enseignants_prefs() quota = prefs.get_default('quota') if FORCED_PASSWORD_MODIFICATION_ALLOWED: change_pwd = prefs.get_default('change_pwd') == 'oui' else: change_pwd = False new_passwords = [] + logins = [] for enseignant in store.query(Enseignant): if enseignant.force_login: # login forcé if user._is_enseignant(str(enseignant.force_login)): login = str(enseignant.force_login) else: login = '' else: login = _enseignant_exists(enseignant, user) if login != '': @@ -909,29 +911,31 @@ def write_enseignant(store, connexion, etab=None, current_ead_user=config.DEFAUL if str(enseignant.nom) == '' or str(enseignant.prenom) == '': log.infolog("Enseignant n°%s invalide" % str(enseignant.int_id)) continue try: login = _new_enseignant(enseignant, user, prefs, etab=etab, new_passwords=new_passwords) except BadLogin as message: log.infolog(str(message)) continue # enregistrement du login attribué enseignant.login = str(login) + logins.append(enseignant.login) num += 1 if num % config.DEBUG_NUM == 0: log.debuglog("%d enseignants traités..." % num) if EOLE_AD: _sync_passwords(user, new_passwords, change_pwd=change_pwd) _create_dirs(user, quota, new_passwords) log.infolog("TOTAL : %d enseignants" % num) if num != 0: log.copy_info(config.ENS_INFO, user=current_ead_user) + return logins # -------------------- administratifs -------------------- # def _new_administratif(administratif, user, prefs, etab=None, new_passwords=[]): """ traitement d'un nouvel administratif (création) administratif : store.Administratif() user : eoleuser.Administratif() """