Keystone AD script updates for OU creation

alexpilotti · alexpilotti · commit 8d2a95621597 · 2015-01-16T18:06:34.000+02:00
diff --git a/keystone_update_ad_schema.py b/keystone_update_ad_schema.py
@@ -14,18 +14,49 @@
 
 import ldap
 
+from ldap import modlist
+
 ldap_server = "ldap://localhost"
 ldap_domain = "DC=osdemo,DC=local"
 ldap_user = "OSDEMO\\Administrator"
 ldap_password = "Passw0rd"
 
-cn = "CN=Organizational-Role,CN=Schema,CN=Configuration,%s" % ldap_domain
+ldap_base_ou_dn = "OU=OpenStack,%s" % ldap_domain
+ldap_users_ou_dn = "OU=Users,OU=OpenStack,%s" % ldap_domain
+ldap_tenants_ou_dn = "OU=Tenants,OU=OpenStack,%s" % ldap_domain
+ldap_roles_ou_dn = "OU=Roles,OU=OpenStack,%s" % ldap_domain
+
+
+def update_schema(l, ldap_domain):
+    dn = "CN=Organizational-Role,CN=Schema,CN=Configuration,%s" % ldap_domain
+    org_role = l.search_s(dn, ldap.SCOPE_BASE)[0]
+
+    if "groupOfNames" not in org_role[1].get("possSuperiors", []):
+        l.modify_s(dn, [(ldap.MOD_ADD, 'possSuperiors', 'groupOfNames')])
+
+
+def create_organizational_unit(l, ou_dn):
+    try:
+        ou = l.search_s(ou_dn, ldap.SCOPE_BASE)
+        # ou exists
+        return
+    except ldap.NO_SUCH_OBJECT:
+        pass
+
+    attrs = {}
+    attrs['objectclass'] = ['top', 'organizationalUnit']
+    ldif = modlist.addModlist(attrs)
+    l.add_s(ou_dn, ldif)
+
 
 l = ldap.initialize(ldap_server)
 l.simple_bind_s(ldap_user, ldap_password)
-org_role = l.search_s(cn, ldap.SCOPE_BASE)[0]
 
-if not "groupOfNames" in org_role[1].get("possSuperiors", []):
-    l.modify_s(cn, [(ldap.MOD_ADD, 'possSuperiors', 'groupOfNames')])
+update_schema(l, ldap_domain)
+
+create_organizational_unit(l, ldap_base_ou_dn)
+create_organizational_unit(l, ldap_users_ou_dn)
+create_organizational_unit(l, ldap_tenants_ou_dn)
+create_organizational_unit(l, ldap_roles_ou_dn)
 
-l.unbind()
+l.unbind_s()
