Skip to content

Commit 9c49b89

Browse files
authored
Merge pull request #7 from adobe-apiplatform/v1
merge v1.0.rc1 to master
2 parents 8c396b5 + 23ef48c commit 9c49b89

40 files changed

+3904
-6
lines changed

.gitignore

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -35,14 +35,15 @@ pip-log.txt
3535
pip-delete-this-directory.txt
3636

3737
# Unit test / coverage reports
38+
cover/
3839
htmlcov/
3940
.tox/
4041
.coverage
4142
.coverage.*
4243
.cache
4344
nosetests.xml
4445
coverage.xml
45-
*,cover
46+
*.cover
4647
.hypothesis/
4748

4849
# Translations
@@ -53,10 +54,6 @@ coverage.xml
5354
*.log
5455
local_settings.py
5556

56-
# Flask stuff:
57-
instance/
58-
.webassets-cache
59-
6057
# Scrapy stuff:
6158
.scrapy
6259

@@ -87,3 +84,6 @@ ENV/
8784

8885
# Rope project settings
8986
.ropeproject
87+
88+
# JetBrains
89+
.idea/

Makefile

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
RM := rm -rf
2+
python_ldap_requirements := misc/build/python-ldap-requirements.txt
3+
4+
ifeq ($(OS),Windows_NT)
5+
output_file_extension = .pex
6+
rm_path := $(shell python -c "import distutils.spawn; print(distutils.spawn.find_executable('rm'))")
7+
ifeq ($(rm_path),None)
8+
RM := rmdir /S /Q
9+
endif
10+
python_arch := $(shell python -c "import platform; print platform.architecture()[0]")
11+
ifeq ($(python_arch),64bit)
12+
python_ldap_requirements := misc/build/Win64/python-ldap-requirements.txt
13+
endif
14+
endif
15+
16+
output_dir = dist
17+
output_filename = user-sync
18+
19+
pex:
20+
pip install --upgrade pip
21+
pip install pex requests wheel
22+
pip wheel -w wheelhouse -r misc/build/requirements.txt -r $(python_ldap_requirements)
23+
-$(RM) $(output_dir)
24+
pex \
25+
-v -o $(output_dir)/$(output_filename)$(output_file_extension) -m user_sync.app \
26+
-f wheelhouse \
27+
--disable-cache \
28+
--not-zip-safe .
29+
-$(RM) wheelhouse
30+
31+
test:
32+
nosetests --no-byte-compile tests

README.md

Lines changed: 104 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,105 @@
11
# user-sync.py
2-
Application for synchronizing Adobe customer directories via the User Management API
2+
3+
Application for synchronizing customer directories with the
4+
Adobe Enterprise Admin Console via the
5+
[User Management API](https://www.adobe.io/products/usermanagement/docs/gettingstarted.html)
6+
(aka UMAPI).
7+
8+
This application is open source, maintained by Adobe, and distributed under the terms
9+
of the OSI-approved MIT license. See the LICENSE file for details.
10+
11+
Copyright (c) 2016-2017 Adobe Systems Incorporated.
12+
13+
# Overview
14+
15+
`user-sync` automates user creation and product entitlement
16+
assignment in the Adobe Enterprise Admin Console.
17+
It takes a list of enterprise directory users,
18+
either from an LDAP connection or from a tab-separated file,
19+
and creates, updates, or removes user accounts in the
20+
Admin Console.
21+
22+
# Requirements
23+
24+
* Python 2.7+
25+
* User Management API Credentials (see [the official documentation](https://www.adobe.io/products/usermanagement/docs/gettingstarted))
26+
* Accessible LDAP server (optional)
27+
28+
# Installation
29+
30+
The connector is packaged as a [self-contained .pex file](https://github.com/pantsbuild/pex). See the releases page to get the latest build for your platform.
31+
32+
## Build Instructions
33+
34+
Requirements:
35+
36+
* Python 2.7+
37+
* [virtualenv](https://virtualenv.pypa.io/en/stable/)
38+
* If building on Debian - `python-dev libssl-dev libffi-dev libsasl2-dev libldap2-dev`
39+
* GNU Make
40+
41+
To build, run `make pex` from the command line in the main repo directory.
42+
43+
# Basic Usage
44+
45+
```
46+
Adobe Enterprise Dashboard User Sync
47+
48+
optional arguments:
49+
-h, --help show this help message and exit
50+
-v, --version show program's version number and exit
51+
-t, --test-mode run API action calls in test mode (does not execute
52+
changes). Logs what would have been executed.
53+
-c path, --config-path path
54+
specify path to config files. (default: "")
55+
--config-filename filename
56+
main config filename. (default: "user-sync-
57+
config.yml")
58+
--users all|file|group [arg1 ...]
59+
specify the users to be considered for sync. Legal
60+
values are 'all' (the default), 'group name or names'
61+
(one or more specified AD groups), 'file f' (a
62+
specified input file).
63+
--user-filter pattern
64+
limit the selected set of users that may be examined
65+
for syncing, with the pattern being a regular
66+
expression.
67+
--source-filter connector:file
68+
send the file to the specified connector (for example,
69+
--source-filter ldap:foo.yml). This parameter is used
70+
to limit the scope of the LDAP query.
71+
--update-user-info if user information differs between the customer side
72+
and the Adobe side, the Adobe side is updated to
73+
match.
74+
--process-groups if the membership in mapped groups differs between the
75+
customer side and the Adobe side, the group membership
76+
is updated on the Adobe side so that the memberships
77+
in mapped groups matches the customer side.
78+
--remove-nonexistent-users
79+
Causes the user sync tool to remove Federated users
80+
that exist on the Adobe side if they are not in the
81+
customer side AD. This has the effect of deleting the
82+
user account if that account is owned by the
83+
organization under which the sync operation is being
84+
run.
85+
--generate-remove-list output_path
86+
processing similar to --remove-nonexistent-users
87+
except that rather than performing removals, a file is
88+
generated (with the given pathname) listing users who
89+
would be removed. This file can then be given in the
90+
--remove-list argument in a subsequent run.
91+
-d input_path, --remove-list input_path
92+
specifies the file containing the list of users to be
93+
removed. Users on this list are removeFromOrg'd on the
94+
Adobe side.
95+
```
96+
97+
# Configuration
98+
99+
See `examples/example.user-sync-config.yml` for the main configuration template. The main configuration file user-sync-config.yml must exist in the configuration path.
100+
101+
See `examples/example.dashboard-config.yml` for the dashboard configuration template. The tool would try and find dashboard-owning-config.yml in the configuration path.
102+
103+
See `examples/example.connector-ldap.yml` for the ldap configuration template. The main configuration file can be configured to reference this file.
104+
105+

User Sync_Guide_2017-01-29.pdf

534 KB
Binary file not shown.
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
2+
# specifies the source filters while performing object searches from ldap.
3+
# the format is key: filter, where filter is a ldap query string that will be passed as is
4+
# to the ldap server
5+
#
6+
# the supported key is:
7+
# all_users_filter: correspond to the filter to find all users in ldap.
8+
# If this source_filter is specified, --remove-nonexistent-users and --generate-remove-list would be disabled.
9+
#
10+
# example:
11+
# all_users_filter: "(CN=WantedUsers*)"

examples/example.connector-ldap.yml

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
username: "LDAP user goes here"
2+
password: "LDAP password goes here"
3+
host: "LDAP host URL goes here. e.g. ldap://ldap.example.com"
4+
base_dn: "defines the base DN. e.g. DC=example,DC=com"
5+
6+
# specifies the string format used to construct a group query.
7+
# {group} is replaced with the name of the group to find. Default is:
8+
# group_filter_format: "(&(|(objectCategory=group)(objectClass=groupOfNames)(objectClass=posixGroup))(cn={group}))"
9+
#
10+
# example for AD
11+
# group_filter_format: "(&(objectCategory=group)(cn={group}))"
12+
#
13+
# example for OpenLDAP
14+
# group_filter_format: "(&(objectClass=groupOfNames)(objectClass=posixGroup)(cn={group}))"
15+
16+
# specifies the string filter used to find all users in the directory.
17+
# Default, intending for AD, is:
18+
# all_users_filter = "(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
19+
#
20+
# example for OpenLDAP
21+
# all_users_filter: "(&(objectClass=person)(objectClass=top))"
22+
23+
# specifies how an email address is retrieved in the system.
24+
# the string is a string format, with names enclosed by curly brackets replaced
25+
# by the corresponding attributes for a user. Default is:
26+
# user_email_format: "{mail}"
27+
#
28+
# other example:
29+
# user_email_format: "{sAMAccountName}@example.com"
30+
31+
# specifies the identity type of the dashboard user to create.
32+
# the valid values are: enterpriseID, federatedID
33+
#
34+
# If not specified, the default identity type from the main config file is used.
35+
#
36+
# example for enterprise ID:
37+
# user_identity_type: enterpriseID
38+
39+
# specifies the result page size. Default is:
40+
# search_page_size: 200
41+
42+
# set to True if you want to validate SSL cert. Default is:
43+
# require_tls_cert: False
44+
45+

examples/example.dashboard-config.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
server:
2+
# This section describes the location of the servers used for the dashboard. Default is:
3+
# host: usermanagement.adobe.io
4+
# endpoint: /v2/usermanagement
5+
# ims_host: ims-na1.adobelogin.com
6+
# ims_endpoint_jwt: /ims/exchange/jwt
7+
8+
enterprise:
9+
org_id: "Org ID goes here"
10+
api_key: "API key goes here"
11+
client_secret: "Client secret goes here"
12+
tech_acct: "Tech account ID goes here"
13+
priv_key_path: "Path to private.key goes here"

examples/example.remove-list.csv

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
user,domain
2+

examples/example.user-sync-config.yml

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
dashboard:
2+
# specifies the configurations for the Adobe Enterprise Dashboards.
3+
# By default, it would look for dashboard-owning-config.yml and
4+
# dashboard-trustee-*-config.yml in the configuration path,
5+
# with the yml's identifying the owning organization and trustee organizations
6+
# respectively.
7+
#
8+
# You can also specify the configurations under this section too,
9+
# with keys owning and trustees.
10+
#
11+
# Examples:
12+
# owning: example.dashboard-config.yml
13+
# trustees:
14+
# org1: example.dashboard-config.yml
15+
16+
# specifies the filename format for the trustee org configurations.
17+
# a filename that matches the format will have the organization name extracted
18+
# from the filename. Default is:
19+
# trustee_config_filename_format: "dashboard-trustee-{organization_name}-config.yml"
20+
21+
directory:
22+
# (optional) Default country code to use if directory doesn't provide one for a user [Must be two-letter ISO-3166 code - see https://en.wikipedia.org/wiki/ISO_3166-1]
23+
#
24+
# example:
25+
# default_country_code: US
26+
27+
connectors:
28+
# specifies the configurations for the difference directory connectors
29+
# The format is name : value, where value can be:
30+
# a dictionary for the actual configuration, or
31+
# a string for the file containing the configuration, or
32+
# a list containing a mixture of dictionaries and strings
33+
#
34+
# examples:
35+
# ldap: example.connector-ldap.yml
36+
# ldap:
37+
# - host: LDAP_host_URL_goes_here
38+
# base_dn: base_DN_goes_here
39+
# - connector-ldap-credentials.yml
40+
41+
groups:
42+
# specifies the list of group mappings, with each group mapping consisting
43+
# of a dictionary with keys: directory_group and dashboard_groups.
44+
# directory_group: string identifying the group in the directory
45+
# dashboard_groups: a list of strings identifying the dashboard groups.
46+
#
47+
# a group in dashboard_groups can be qualified with, the first part being
48+
# the trustee organization name.
49+
# e.g. org1::Default Acrobat Pro DC configuration
50+
#
51+
# examples:
52+
# - directory_group: AdobeCC-All #Group CN
53+
# dashboard_groups:
54+
# - All Apps
55+
# - directory_group: AdobeCC-Photoshop
56+
# dashboard_groups:
57+
# - Photoshop Users
58+
# - directory_group: acrobat
59+
# dashboard_groups:
60+
# - org1::Default Acrobat Pro DC configuration
61+
62+
# specifies the default identity type of the dashboard user to create,
63+
# when the identity type of a user is missing.
64+
# valid values are: enterpriseID, federatedID
65+
#
66+
# Default is:
67+
# user_identity_type: enterpriseID
68+
69+
logging:
70+
# specifies whether you wish to generate a log file
71+
# 'True' or 'False'
72+
log_to_file: True
73+
# output path for logs
74+
file_log_directory: logs
75+
# File Logging Level: Can be "debug", "info", "warning", "error", or "critical".
76+
# This is in ascending order, meaning "debug" < "critical".
77+
file_log_level: debug
78+
# Console Logging Level: Can be "debug", "info", "warning", "error", or "critical".
79+
# This is in ascending order, meaning "debug" < "critical". Default is:
80+
# console_log_level: debug

examples/example.users-file.csv

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
firstname,lastname,email,country,groups,type,user,domain
2+
John,Smith,[email protected],US,"AdobeCC-All",enterpriseID
3+
Jane,Doe,[email protected],US,"AdobeCC-All",federatedID
4+
Richard,Roe,[email protected],US,"AdobeCC-All"

0 commit comments

Comments
 (0)