diff options
Diffstat (limited to 'roles/prosody/templates/usr/local/bin/prosody-update-roster.j2')
-rw-r--r-- | roles/prosody/templates/usr/local/bin/prosody-update-roster.j2 | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/roles/prosody/templates/usr/local/bin/prosody-update-roster.j2 b/roles/prosody/templates/usr/local/bin/prosody-update-roster.j2 new file mode 100644 index 0000000..680ab91 --- /dev/null +++ b/roles/prosody/templates/usr/local/bin/prosody-update-roster.j2 @@ -0,0 +1,56 @@ +#!/usr/libexec/platform-python + +# Copyright (c) 2023 stonewall@sacredheartsc.com +# MIT License https://opensource.org/licenses/MIT +# +# Generates a shared roster file for Prosody from the given IPA group. + +import os +import sys +import ldap +import ldap.sasl +import ldap.filter +import hashlib +import subprocess + +LDAP_URI = '{{ freeipa_ldap_uri }}' +USER_BASEDN = '{{ freeipa_user_basedn }}' +GROUP_BASEDN = '{{ freeipa_group_basedn }}' + +PROSODY_GROUPS_FILE = '{{ prosody_groups_file }}' +PROSODY_ACCESS_GROUP = '{{ prosody_access_group }}' + +ROSTER_GROUP_NAME = 'Internal' + +os.environ['GSS_USE_PROXY'] = 'yes' +conn = ldap.initialize(LDAP_URI) +conn.protocol_version = ldap.VERSION3 +conn.sasl_interactive_bind_s('', ldap.sasl.sasl({}, 'GSSAPI')) + +users = conn.search_s( + USER_BASEDN, + ldap.SCOPE_SUBTREE, + ldap.filter.filter_format('memberOf=cn=%s,%s', [PROSODY_ACCESS_GROUP, GROUP_BASEDN]), + ['jid', 'displayName']) + +if not users: + exit(1) + +with open(PROSODY_GROUPS_FILE, 'rb') as f: + hash_before = hashlib.md5(f.read()).hexdigest() + f.close() + +with open(PROSODY_GROUPS_FILE, 'w') as f: + print(f'[{ROSTER_GROUP_NAME}]', file=f) + for user in users: + jid = user[1]['jid'][0].decode('utf-8') + displayName = user[1]['displayName'][0].decode('utf-8') + print(f'{jid}={displayName}', file=f) + f.close() + +with open(PROSODY_GROUPS_FILE, 'rb') as f: + hash_after = hashlib.md5(f.read()).hexdigest() + f.close() + +if hash_before != hash_after: + subprocess.run(['prosodyctl', 'reload']) |