adding group using python-ldap - ldap

i need to add group with several members. so i use this code below
import ldap
import ldap.modlist as modlist
# Open a connection
l = ldap.initialize("ldap://localhost:389/")
# Bind/authenticate with a user with apropriate rights to add objects
l.simple_bind_s("cn=manager,dc=maxcrc,dc=com","secret")
# The dn of our new entry/object
dn="cn=semuaFK,ou=group,dc=maxcrc,dc=com"
# A dict to help build the "body" of the object
attrs = {}
attrs['objectclass'] = ['top','groupofnames']
attrs['member'] = 'cn=user1,ou=people,dc=maxcrc,dc=com'
attrs['member'] = 'cn=user2,ou=people,dc=maxcrc,dc=com'
attrs['description'] = 'ini group untuk semua dosen dokter'
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.addModlist(attrs)
# Do the actual synchronous add-operation to the ldapserver
l.add_s(dn,ldif)
# Its nice to the server to disconnect and free resources when done
l.unbind_s()
adding member into group
attrs['member'] = 'cn=user1,ou=people,dc=maxcrc,dc=com'
attrs['member'] = 'cn=user2,ou=people,dc=maxcrc,dc=com'
but the result is a group with just one member. Only the user2 is added to the group. How to make a group, also add several members to it

member is a multi-valued attribute (just like objectClass). From looking at your code, the problem seems to be that you overwrite the value of the member attribute with the 2nd line. The code should be something like this:
attrs['member'] = [ 'cn=users1,ou=people,dc=maxcrc,dc=com', 'cn=users2,ou=people,dc=maxcrc,dc=com' ]`
or
attrs['member'] = [ 'cn=users1,ou=people,dc=maxcrc,dc=com' ]
attrs['member'] += 'cn=users2,ou=people,dc=maxcrc,dc=com'

Related

Automatically determine values for Terraform Azure Private endpoint module

I need a help with a terraform module that I've created. It works perfectly, but I need to add some automation.
I created a module which creates multiple private endpoints, but I always need to put the variable values in manually.
This is the module:
resource "azurerm_private_endpoint" "endpoint" {
for_each = try({ for endpoint in var.endpoints : endpoint.name => endpoint }, toset([]))
name = each.key
location = var.location
resource_group_name = var.resource_group_name
subnet_id = each.value.subnet_id
dynamic "private_service_connection" {
for_each = each.value.private_service_connection
content {
name = each.key
private_connection_resource_id = private_service_connection.value.private_connection_resource_id
is_manual_connection = false
subresource_names = var.subresource_name ### see values on : https://learn.microsoft.com/fr-fr/azure/private-link/private-endpoint-overview#private-link-resource
}
}
lifecycle {
ignore_changes = [
private_dns_zone_group
]
}
tags = var.tags
}
I need to have:
1 - for the private endpoint name : I need it to be automatically provided: "pendp-(the subresource_name value in lower cases- my resource_name =>(mysql server for example))"
2 - for the private connection name: I need the values to be automatically: "connection-(the subresource_name value in lower cases- my ressource_name =>(mysql server for exemple))"
3 - some automation to detect automatically the subresource_name ( if I create a private endpoint for a blob or for a mariadb or for a mysqlserver, the module should detected it.
terraform version:
terraform {
required_version = "~> 1"
required_providers {
azurerm = "~> 3.0"
}
}
The easiest way to combine values automatically would be to use the Terraform string join() function to join multiple strings together. For lower case strings, you can use the lower() function.
Some examples:
name = join("-", ["pandp", lower(var.subresource_name)])
...
name = join("-", ["connection", lower(var.subresource_name), lower(each.key)])
For your third rule, you want to use a conditional expression to determine if it's a blob, or mariadb, or mysqlserver.
In this example, we set an example_name local with a value some-blob-value if var.subresource_name contains a string that starts with "blob", and set it to something-else if the condition is false:
locals {
example_name = startswith(lower(var.subresource_name), "blob") ? "some-blob-value" : "something-else"
}
There are many options available for doing a conditional on if a value is passed to what you expect and then determine a result based on that value. What exactly you want isn't clear in the question, but hopefully this will get you pointed in the right direction.
Terraform even has several helper functions that might help you if you only need part of a string, such as startswith(), endswith(), or contains() depending on your needs.

Terraform for_each on custom registry

We have a custom VPC registry built within our organization. The objective is to enable user of registry to be able to create VPC, create multiple public and private subnets for multiple availability zones within VPC.
I have a for_each variable set at
variable az_sub {list(object(
az = string,
public_cidr_block = list,
private_cidr_block =list
))}
Variable has a value of
[{az='us-east-1a",
public_cidr_block =[list of cidr],
private_cidr_block= [list of cidr]
},
az='us-east-1b",
public_cidr_block =[list of cidr],
private_cidr_block= [list of cidr} ]
When I set for_each on this within registry,
module "az"{
source="./modules/az"
vpc_id = module.vpc.vpc_id
for_each = toset(keys({for i,v in var.az_sub: i => v}))
availability_zone = var.az_sub[each.value]["az"]
public_cidr_block = var.az_sub[each.value]["public_cidr_block"]
private_cidr_block =var.az_sub[each.value]["private_cidr_block"]
}
I get unsupported attribute error on terraform/modules/modReg/output.tf in output public_subnet_ids
module.az is object with 2 attributes
output.tf has the outputs defined.
The az variables.tf has all three variables defined.
Also Note, if I replace for_each with below, do not get errors, but objects are successfully created on aws
availability_zone="us-east-1a"
public_cidr_block = ["10.97.224.0/22"]
private_cidr_block =["10.97.228.0/22"]
So doubt its issue with az module
Note, if I use only 1 az zone on the variable value for list(object) I the error changes to
module.az is object with 1 attribute "us-east-1"
output "private_subnet_ids" {
description = "List of private subnet IDs"
value = values(module.az).*.private_subnet_ids
}
For anyone having same issue, this resolved the problem. I had used list(object and not map(object. If map(object was used, then output.tf would need to have map values.
If you use for_each to send values to the module, the outputs would need to be defined as shown above.

Can't handle HTTP multiple attribute values in Perl

I'm facing with a really strange issue. I interfaced a SAML authentication with OTRS which is an ITSM written in Perl and the Identity Provider sends the attributes as follow :
LoginName : dev-znuny02
mail : test2#company.dev
Profile : company.autre.idp.v2()
Profile : company.autre.mcf.sp(dev)
givenName : MyName
sn : Test2
I handle these with a module called Mod_Auth_Mellon and as you can see the attribute Profile is multivaluated. In short I retrieve all of these values with the following snippet :
sub new {
my ( $Type, %Param ) = #_;
# allocate new hash for object
my $Self = {};
bless( $Self, $Type );
$Self->{ConfigObject} = $Kernel::OM->Get('Kernel::Config');
$Self->{UserObject} = Kernel::System::User->new( %{$Self} );
# Handle header's attributes
$Self->{loginName} = 'MELLON_LoginName';
$Self->{eMail} = 'MELLON_mail';
$Self->{Profile_0} = 'MELLON_Profile_0';
$Self->{Profile_1} = 'MELLON_Profile_1';
$Self->{gName} = 'MELLON_givenName';
$Self->{sName} = 'MELLON_sn';
return $Self;
}
sub Auth {
my ( $Self, %Param ) = #_;
# get params
my $lname = $ENV{$Self->{loginName}};
my $email = $ENV{$Self->{eMail}};
my $profile0 = $ENV{$Self->{Profile_0}};
my $profile1 = $ENV{$Self->{Profile_1}};
my $gname = $ENV{$Self->{gName}};
my $sname = $ENV{$Self->{sName}};
...
}
I can handle all the values of the attributes except the attribute Profile. When I take a look to the documentation, they said :
If an attribute has multiple values, then they will be stored as MELLON_<name>_0, MELLON_<name>_1, MELLON_<name>_2
To be sure, I activated the diagnostics of the Mellon module and indeed I receive the information correctly :
...
MELLON_LoginName : dev_znuny02
MELLON_LoginName_0 : dev_znuny02
MELLON_mail : test2#company.dev
MELLON_mail_0 : test2#company.dev
MELLON_Profile : company.autre.idp.v2()
MELLON_Profile_0 : company.autre.idp.v2()
MELLON_Profile_1 : company.autre.mcf.sp(dev)
...
When I try to manipulate the MELLON_Profile_0 or MELLON_Profile_1 attributes in the Perl script, the variable assigned to it seems empty. Do you have any idea on what can be the issue here ?
Any help is welcome ! Thanks a lot guys
PS : I have no control on the Identity Provider so I can't edit the attributes sent
I didn't managed to make it work but I found a workaround to prevent users who don't have the Profile attribute value from logging into the application:
MellonCond Profile company.autre.mcf.sp(dev)
according the documentation :
You can also utilize SAML attributes to control whether Mellon authentication succeeds (a form of authorization). So even though the IdP may have successfully authenticated the user you can apply additional constraints via the MellonCond directive. The basic idea is that each MellonCond directive specifies one condition that either evaluates to True or False.

Shared dict of multiprocessing.Lock in python3

Is it possible to have a shared dict of Locks in python3? I need multiple locks because I want to protect a dict of shared resources. Each resource gets a lock:
manager = multiprocessing.Manager()
locks = manager.dict({key : manager.Lock() for key in range(100)})
shared_resource = manager.dict({key : SomeClass() for key in range(100)})
# later in a multi-processed function
def foo(key):
# ...
locks[key].acquire()
shared_resource[key] = ...
locks[key].release()
# ...
This toy example would fail with:
multiprocessing.managers.RemoteError:
---------------------------------------------------------------------------
Unserializable message: ('#RETURN', <unlocked _thread.lock object at 0x7f9a4c9dc468>)
Any idea how to get around this problem? I could use conditional variables? Or how would you protect a list of resources?
Ok, seems like it's a bug with ptyhon3.5.
With python3.6 it works like a charm.
I'm sure it's possible. I don't get an error when I run this code...I just substituted SomeClass with 'x'. So maybe there's an issue there.
Also, using a context manager to acquire and release the lock is a nice little abstraction...
manager = multiprocessing.Manager()
locks = {key : manager.Lock() for key in range(100)}
shared_resource = {key : 'x' for key in range(100)}
# later in a multi-processed function
def foo(key):
# ...
with locks[key]:
shared_resource[key] = 'xoyo'
if __name__ == '__main__':
p = Process(target=foo, args=(1,))
p.start()
p = Process(target=foo, args=(1,))
p.start()
p = Process(target=foo, args=(1,))
p.start()
p.join()

Softlayer Object Storage Python API Search

I followed softlayer-object-storage-python in order to return a list of my objects matching a specific criteria.
This code seems to just return everything in my container no matter what I put into the search
sl_storage = object_storage.get_client(
username = environment['slos_username'],
password = environment['api_key'],
auth_url = environment['auth_url']
)
# get container
sl_container = sl_storage[environment['object_container']]
# get list, the search function doesn't actually work...
containers = sl_container.search("icm10restapi-qa.zip.*")
I expect only to get back things that start with icm10restapi-qa.zip.
I also tried using ^=icm10restapi-qa.zip but no luck either.
Reviewing the method, it seems that there is not possible to filter the objects as you would like:
https://github.com/softlayer/softlayer-object-storage-python/blob/master/object_storage/client.py#L147
API Operations for Search Services
My apologizes for the inconveniences, I recommended to try filter these in your code.
Updated
This script will help to filter your objects with the name which starts as specific string
import object_storage
import pprint
# Declare username, apikey and datacenter
USERNAME = 'set me'
API_KEY = 'set me'
DATACENTER = 'https://dal05.objectstorage.softlayer.net/auth/v1.0/'
# Creating object storage connection
sl_storage = object_storage.get_httplib2_client(USERNAME, API_KEY, auth_url=DATACENTER)
# Declare name to filter
name = 'icm10restapi-qa.zip'
# Filtering
containers = sl_storage.search(name)
for container in containers['results']:
if container.__dict__['name'].startswith(name):
print(container)