On 06/27/2012 01:56 AM, Joe Linoff wrote: > Hi Everybody: > > > > Here is a python approach that I am experimenting with based on reading the > source code. It seems to work but it is re-entrant? Does this make sense? Is > there a better way (like ldapmodify)? > > > > #!/usr/bin/env python > > # > > # Emulate the ipa command line interface in a script so that > > # to batch some updates. > > # > > import sys > > import shlex > > from ipalib import api, cli > > > > # ================================================================ > > # bootstrap > > # ================================================================ > > def bootstrap(): > > """ > > Bootstrap the script. > > I hope that all of this stuff is re-entrant. > > Also, api is defined in __init__.py. > > """ > > api.bootstrap_with_global_options(context='cli') > > for klass in cli.cli_plugins: > > api.register(klass) > > api.load_plugins() > > api.finalize() > > if not 'config_loaded' in api.env: > > raise NotConfiguredError() > > > > # ================================================================ > > # cmd > > # ================================================================ > > def cmd(cmd): > > """ > > Execute an IPA command. > > The command is entered as a string. I use shlex.split > > to break it into an args list. > > @param cmd The command to execute (as a string). > > """ > > print > > print '# %s' % ('='*64) > > print '# CMD: %s' % (cmd) > > print '# %s' % ('='*64) > > args=shlex.split(cmd) > > api.Backend.cli.run(args) > > > > if __name__ == '__main__': > > bootstrap() > > > > # Some test calls. > > cmd('help') > > cmd('help user') > > cmd('help user-mod') > > > > # Update the fields. > > users=['bob', 'carol', 'ted', 'alice'] > > mod='--street="123 Main Street" --city="Anytown" --state="AK" > --postalcode="12345"' > > for user in users: > > cmd('user-mod %s %s' % (user, mod)) > > > > Regards, > > > > Joe > > > > *From:*Joe Linoff > *Sent:* Tuesday, June 26, 2012 3:04 PM > *To:* freeipa-users@redhat.com > *Cc:* Joe Linoff > *Subject:* What is the best way to make batch changes to the LDAP? > > > > Hi Everybody: > > > > I need to change the mailing address information for a group of employees in > the FreeIPA LDAP and would like to do it in a script. I know that I can do it > using “ipa user-mod” in a shell script but I was wondering whether I could use > python. > > > > Does using python make sense? > > > > If so, are there any examples that I can look at? It seems that I could import > ipalib and go from there but I am not sure if there is a simple interface for > doing user modifications. > > > > Any help would be greatly appreciated. > > > > Thanks, > > > > Joe >
Hello Joe, This is a very good start. But it can be made even easier, without any command line option parsing. Please see the following example to simply modify users in Python: # kinit admin Password for ad...@idm.lab.bos.redhat.com: # python >>> from ipalib import api >>> api.bootstrap_with_global_options(context='cli') >>> api.finalize() >>> api.Backend.xmlclient.connect() # Lets see custom user "fbar" >>> api.Command['user_show'](u'admin') {'result': {'dn': u'uid=admin,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com', 'has_keytab': True, 'uid': (u'admin',), 'loginshell': (u'/bin/bash',), 'uidnumber': (u'65200000',), 'gidnumber': (u'65200000',), 'memberof_group': (u'admins', u'trust admins'), 'has_password': True, 'sn': (u'Administrator',), 'homedirectory': (u'/home/admin',), 'nsaccountlock': False}, 'value': u'admin', 'summary': None} # See that result is a native Python dictionary, i.e. very easy to manipulate later # Now lets try to modify user's address: >>> api.Command['user_mod'](u'fbar', street=u'221B Baker Street', l=u'London', st=u'UK', postalcode=u'NW1 6XE') {'result': {'has_keytab': True, 'street': (u'221B Baker Street',), 'uid': (u'fbar',), 'loginshell': (u'/bin/sh',), 'uidnumber': (u'65200001',), 'l': (u'London',), 'st': (u'UK',), 'gidnumber': (u'65200001',), 'memberof_group': (u'ipausers',), 'has_password': True, 'sn': (u'Bar',), 'homedirectory': (u'/home/fbar',), 'postalcode': (u'NW1 6XE',), 'memberof_role': (u'foo',), 'givenname': (u'Foo',), 'nsaccountlock': False}, 'value': u'fbar', 'summary': u'Modified user "fbar"'} The user is now modified, I can verify it with standard CLI command: # ipa user-show fbar --all dn: uid=fbar,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com User login: fbar ... Street address: 221B Baker Street City: London State/Province: UK ZIP: NW1 6XE ... Our source code is a good source of information (I used it to find out exact names of the command attributes). Besides that, you can check: http://www.freeipa.org/page/DocumentationPortal There are several doc guides, including "Extending IPA" guide which should provide you with more info about additional extensions of FreeIPA. HTH, Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users