Sync Script that reads user data from an LDAP Server and creates users in an elabFTW instance
Project description
elabFTW LDAP Sync Script
This Script reads groupnames and user-IDs from a CSV file, queries an Identity Provider (LDAP) for all users of a given group and adds the users to the team LDAP, creating them if they don't exist yet:
It does not create the team in LDAP. This is a design decision to be in manual control of the process and could easily be implemented as the elabFTW API supports this.
The Script will archive users (and put them in a team called userarchiv) in elabFTW that were in a team in elabFTW once but are not members of the team in LDAP anymore. It is also capable of un-archiving users when they are added back again in LDAP.
Setup
Build Prerequisites for LDAP: https://www.python-ldap.org/en/python-ldap-3.3.0/installing.html#alpine
apk add build-base openldap-dev python3-dev
Run the script locally
- Get API Key in elabFTW: https://your-elab-instance.com/ucp.php?tab=4
- Copy the
.env.examplefile to.envand fill in your data (or use any other means to provide the needed environment variables) - Provide a CSV List of groups in the folder you are running the script from (see
group_whitelist.csvfor an example) - Set up a virtual Environment and install dependencies with pipen:
pipenv install --dev pipenv shell
- Create a team called
userarchivin the elabFTW instance - Create the team(s) defined in the
group_whitelist.csvin elabFTW where elabFTWorgidneeds to match the name you defined in the CSV file. - run the script:
elabftw
Adapt the script to use any Identity Provider other than LDAP
In the for loop that goes over each group read from the CSV whitelist in the main.py/start_sync() function, LDAP is queried to return all members of the group:
ldap_users, leader_mail = process_ldap(
ld,
LDAP_BASE_DN,
LDAP_SEARCH_GROUP.format(groupname=group["groupname"]),
LDAP_SEARCH_USER_ATTRS.split(","),
group["leader"],
)
replace this with custom code to output something like:
[
{
"email": "max.mustermann@uni-muenster.de",
"firstname": "Max",
"lastname": "Mustermann",
"uni_id": "m_muster01",
},
{
"email": "eva.beispiel@uni-muenster.de",
"firstname": "Eva",
"lastname": "Beispiel",
"uni_id": "e_beisp02",
},
]
for ldap_users and a string for leader_mail.
CLI option to define a custom CSV Whitelist
If not called with elabus --whitelist /path/to/csv the script will look for the environment variable WHITELIST_FILENAME to determine the path of the CSV to read or default to group_whitelist.csv in the folder the script is run from.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file elabftw_usersync-1.0.0.tar.gz.
File metadata
- Download URL: elabftw_usersync-1.0.0.tar.gz
- Upload date:
- Size: 18.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bd01517bf00a3357d51caec468abedc7588adb093a6381977943149f60e41dcf |
|
| MD5 | 03eca53f5a56716acef79c8c2c554905 |
|
| BLAKE2b-256 | b11a944754625f1b0e115bb357ca9a24eb203b40436bc9b298c53f167f952b79 |
File details
Details for the file elabftw_usersync-1.0.0-py3-none-any.whl.
File metadata
- Download URL: elabftw_usersync-1.0.0-py3-none-any.whl
- Upload date:
- Size: 21.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f3f2020a5ac8350255faffac8acfff1af01ac524b776ee19ef56889a4680d30a |
|
| MD5 | b21f64159db6e8b16c8313da2d549232 |
|
| BLAKE2b-256 | 105fbc8564f0af04747a3049f1d02a90fdb46045ffe371bfbcc0e5530282a2e7 |
