#!/usr/bin/env python3 # -*- coding: utf-8 -*- # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. """Simple LDAP change detector and publisher via pypubsub.""" import sys import yaml import time import requests import ldap import ldapurl import ldap.ldapobject import ldap.syncrepl class SyncReplClient(ldap.ldapobject.ReconnectLDAPObject, ldap.syncrepl.SyncreplConsumer): def __init__(self, *args, **kwargs): self.cookie = None self.sync_done = False self.changedb = {} self.__presentUUIDs = {} self.pubsub_url = "http://localhost:2069/private/ldap" ldap.ldapobject.ReconnectLDAPObject.__init__(self, *args, **kwargs) def syncrepl_get_cookie(self): return self.cookie def syncrepl_set_cookie(self,cookie): self.cookie = cookie def syncrepl_entry(self, dn, attributes, uuid): previous_attributes = {} if uuid in self.changedb: change_type = 'modify' previous_attributes = self.changedb[uuid] else: change_type = 'add' attributes['dn'] = dn self.changedb[uuid] = attributes if self.sync_done: print('Detected %s of entry %r' % (change_type, dn)) self.post_change(dn, attributes, previous_attributes, change_type) def syncrepl_delete(self,uuids): uuids = [uuid for uuid in uuids if uuid in self.changedb] for uuid in uuids: dn = self.changedb[uuid]['dn'] print('Detected deletion of entry %r' % dn) self.post_change(dn, {}, self.changedb[uuid], 'delete') del self.changedb[uuid] def syncrepl_present(self,uuids,refreshDeletes=False): if uuids is None: if refreshDeletes is False: deleted_entries = [ uuid for uuid in self.changedb.keys() if uuid not in self.__presentUUIDs and uuid != 'ldap_cookie' ] self.syncrepl_delete( deleted_entries ) self.__presentUUIDs = {} else: if refreshDeletes is True: self.syncrepl_delete( uuids ) else: for uuid in uuids: self.__presentUUIDs[uuid] = True def syncrepl_refreshdone(self): print('Initial sync done, polling for changes...') self.sync_done = True def post_change(self,dn,attributes,previous_attributes, change_type): print(f"Publishing change-set for {dn}") js = { 'dn': stringify(dn), 'change_type': change_type, 'old_attributes': stringify(previous_attributes), 'new_attributes': stringify(attributes), } try: requests.put(self.pubsub_url, json = js) except Exception as e: print(f"Could not push payload: {e}") return True def set_pubsub_url(self, url): self.pubsub_url = url def stringify(obj): """Turn bytes into strings within a nested dict/list""" if isinstance(obj, bytes): obj = str(obj, 'utf-8') if isinstance(obj, dict): for k, v in obj.items(): if isinstance(v, bytes): obj[k] = str(v, 'utf-8') elif isinstance(v, list): obj[k] = stringify(v) elif isinstance(obj, list): newlist = [] for el in obj: if isinstance(el, bytes): el = str(el, 'utf-8') elif isinstance(el, list): el = stringify(el) newlist.append(el) obj = newlist return obj def main(config): ldap_url = ldapurl.LDAPUrl(config['ldapurl']) while True: print('Connecting to %s...' % ldap_url.initializeUrl()) # Prepare the LDAP server connection (triggers the connection as well) ldap_connection = SyncReplClient(ldap_url.initializeUrl()) if config.get("pubsuburl"): ldap_connection.set_pubsub_url(config['pubsuburl']) # Now we login to the LDAP server try: ldap_connection.simple_bind_s(ldap_url.who, ldap_url.cred) except ldap.INVALID_CREDENTIALS as err: print('Login to LDAP server failed: %s' % err) sys.exit(1) except ldap.SERVER_DOWN: print('LDAP server is down, going to retry.') time.sleep(5) continue # Commence the syncing print('Starting syncrepl...') ldap_search = ldap_connection.syncrepl_search( ldap_url.dn or '', ldap_url.scope or ldap.SCOPE_SUBTREE, mode = 'refreshAndPersist', attrlist=ldap_url.attrs, filterstr = ldap_url.filterstr or '(objectClass=*)' ) try: while ldap_connection.syncrepl_poll( all = 1, msgid = ldap_search): pass except KeyboardInterrupt: # User asked to exit return except Exception as err: # Handle any exception print('Unhandled exception, reconnecting in 5 seconds: %s' % err) time.sleep(5) if __name__ == '__main__': config = yaml.safe_load(open("pypubsub-ldap.yaml")) main(config)