Hi Martin: Just a quick follow up: your suggestion worked great. Here is a little code fragment that emulates the "ipa user-find --all" operation. I am including it in the hopes that it will help someone else.
<<START>> #!/usr/bin/env python # # Demonstrate how to get the contents of the command # "ipa user-find --all" in python data structures based on the # insights provided by Martin Kosek on the [email protected] # mailing list. # # It also demonstrates how to iterate over the list and grab # individual fields. # import pprint from ipalib import api # Bootstrap. api.bootstrap_with_global_options(context='cli') api.finalize() api.Backend.xmlclient.connect() # Load the records. recs = api.Command['user_find'](all=True) # Dump the whole data structure -- with nice formatting. pprint.PrettyPrinter(indent=4).pprint( recs ) # Print out the uid and email information. # Note that the gratuitous conversion from unicode to UTF8 and the use # of a lambda function instead of an if/then were only for fun. print '---' for i in range(recs['count']): result = recs['result'][i] uid = result['uid' ][0].encode('utf8') # Email can be NULL. email = (lambda f: result[f][0].encode('utf8') if f in result is not None else str('None'))('mail') print '%-20s %s' % (uid,email) <<END>> Thanks, Joe -----Original Message----- From: Joe Linoff Sent: Wednesday, June 27, 2012 11:02 AM To: Martin Kosek Cc: [email protected]; Joe Linoff Subject: RE: [Freeipa-users] What is the best way to make batch changes to the LDAP? Hi Martin: Excellent! Thank you. Regards, Joe -----Original Message----- From: Martin Kosek [mailto:[email protected]] Sent: Tuesday, June 26, 2012 11:34 PM To: Joe Linoff Cc: [email protected] Subject: Re: [Freeipa-users] What is the best way to make batch changes to the LDAP? On 06/27/2012 01:56 AM, Joe Linoff wrote: > Hi Everybody: > > > > Here is a python approach that I am experimenting with based on > reading the source code. It seems to work but it is re-entrant? Does > this make sense? Is there a better way (like ldapmodify)? > > > > #!/usr/bin/env python > > # > > # Emulate the ipa command line interface in a script so that > > # to batch some updates. > > # > > import sys > > import shlex > > from ipalib import api, cli > > > > # ================================================================ > > # bootstrap > > # ================================================================ > > def bootstrap(): > > """ > > Bootstrap the script. > > I hope that all of this stuff is re-entrant. > > Also, api is defined in __init__.py. > > """ > > api.bootstrap_with_global_options(context='cli') > > for klass in cli.cli_plugins: > > api.register(klass) > > api.load_plugins() > > api.finalize() > > if not 'config_loaded' in api.env: > > raise NotConfiguredError() > > > > # ================================================================ > > # cmd > > # ================================================================ > > def cmd(cmd): > > """ > > Execute an IPA command. > > The command is entered as a string. I use shlex.split > > to break it into an args list. > > @param cmd The command to execute (as a string). > > """ > > print > > print '# %s' % ('='*64) > > print '# CMD: %s' % (cmd) > > print '# %s' % ('='*64) > > args=shlex.split(cmd) > > api.Backend.cli.run(args) > > > > if __name__ == '__main__': > > bootstrap() > > > > # Some test calls. > > cmd('help') > > cmd('help user') > > cmd('help user-mod') > > > > # Update the fields. > > users=['bob', 'carol', 'ted', 'alice'] > > mod='--street="123 Main Street" --city="Anytown" --state="AK" > --postalcode="12345"' > > for user in users: > > cmd('user-mod %s %s' % (user, mod)) > > > > Regards, > > > > Joe > > > > *From:*Joe Linoff > *Sent:* Tuesday, June 26, 2012 3:04 PM > *To:* [email protected] > *Cc:* Joe Linoff > *Subject:* What is the best way to make batch changes to the LDAP? > > > > Hi Everybody: > > > > I need to change the mailing address information for a group of > employees in the FreeIPA LDAP and would like to do it in a script. I > know that I can do it using "ipa user-mod" in a shell script but I was > wondering whether I could use python. > > > > Does using python make sense? > > > > If so, are there any examples that I can look at? It seems that I > could import ipalib and go from there but I am not sure if there is a > simple interface for doing user modifications. > > > > Any help would be greatly appreciated. > > > > Thanks, > > > > Joe > Hello Joe, This is a very good start. But it can be made even easier, without any command line option parsing. Please see the following example to simply modify users in Python: # kinit admin Password for [email protected]: # python >>> from ipalib import api >>> api.bootstrap_with_global_options(context='cli') >>> api.finalize() >>> api.Backend.xmlclient.connect() # Lets see custom user "fbar" >>> api.Command['user_show'](u'admin') {'result': {'dn': u'uid=admin,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com', 'has_keytab': True, 'uid': (u'admin',), 'loginshell': (u'/bin/bash',), 'uidnumber': (u'65200000',), 'gidnumber': (u'65200000',), 'memberof_group': (u'admins', u'trust admins'), 'has_password': True, 'sn': (u'Administrator',), 'homedirectory': (u'/home/admin',), 'nsaccountlock': False}, 'value': u'admin', 'summary': None} # See that result is a native Python dictionary, i.e. very easy to manipulate later # Now lets try to modify user's address: >>> api.Command['user_mod'](u'fbar', street=u'221B Baker Street', >>> l=u'London', st=u'UK', postalcode=u'NW1 6XE') {'result': {'has_keytab': True, 'street': (u'221B Baker Street',), 'uid': (u'fbar',), 'loginshell': (u'/bin/sh',), 'uidnumber': (u'65200001',), 'l': (u'London',), 'st': (u'UK',), 'gidnumber': (u'65200001',), 'memberof_group': (u'ipausers',), 'has_password': True, 'sn': (u'Bar',), 'homedirectory': (u'/home/fbar',), 'postalcode': (u'NW1 6XE',), 'memberof_role': (u'foo',), 'givenname': (u'Foo',), 'nsaccountlock': False}, 'value': u'fbar', 'summary': u'Modified user "fbar"'} The user is now modified, I can verify it with standard CLI command: # ipa user-show fbar --all dn: uid=fbar,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com User login: fbar ... Street address: 221B Baker Street City: London State/Province: UK ZIP: NW1 6XE ... Our source code is a good source of information (I used it to find out exact names of the command attributes). Besides that, you can check: http://www.freeipa.org/page/DocumentationPortal There are several doc guides, including "Extending IPA" guide which should provide you with more info about additional extensions of FreeIPA. HTH, Martin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
