Script - list groups and LDAP owners (jython)

Owned by Former user (Deleted)
Last updated: Jul 03, 2019
2 min read

This script was contributed by Philip Colmer.

Description

This script lists all groups known to Confluence and, given appropriate LDAP configuration,
also displays the owners of the groups. Membership is retrieved using the Atlassian API
and not LDAP which means that all members are listed, not just direct members and nested
groups.

 

import java.util.Hashtable as Hashtable
from javax.naming import Context
from javax.naming.directory import InitialDirContext
from javax.naming.directory import SearchControls
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal as AuthenticatedUserThreadLocal
import com.atlassian.user.Group as Group

'''
This script lists all groups known to Confluence and, given appropriate LDAP configuration,
also displays the owners of the groups. Membership is retrieved using the Atlassian API
and not LDAP which means that all members are listed, not just direct members and nested
groups.
'''

class ADS:
    '''
    The parameters required for making the connections.
    the user name should be a user with privileges to log into the
    LDAP machine.
    '''
    ads_server="<LDAP server FQDN>"
    ads_user="<LDAP user for authenticated access>"
    ads_password="<LDAP user password>"
    ads_base_dns="<base DN for LDAP>"
    '''
        The constructor: This intialises the ads object 
    '''
    def __init__(self):
        self.url="ldaps://%s" % self.ads_server
        env=Hashtable()
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory")
        env.put(Context.PROVIDER_URL, self.url)
        env.put(Context.SECURITY_AUTHENTICATION, "simple")
        env.put(Context.SECURITY_PRINCIPAL, self.ads_user)
        env.put(Context.SECURITY_CREDENTIALS, self.ads_password)
        ctx =InitialDirContext(env)
        self.ctx=ctx
    '''
        The string method is overriden to print the url used to connect to the ads server.
    '''
    def __str__(self):
        return self.url
    '''
    Method for searching a group by it's name for wild card search user *
    '''
    def search_group(self,groupname):
        srch =SearchControls()
        srch.setSearchScope(SearchControls.SUBTREE_SCOPE)
        results = self.ctx.search(self.ads_base_dns, "(&(CN=%s) (objectClass=groupOfUniqueNames))" % groupname, srch)
        return results

    def searchDN(self,criteria):
	srch =SearchControls()
	srch.setSearchScope(SearchControls.SUBTREE_SCOPE)
	results = self.ctx.search(criteria, "(objectClass=*)", srch)
	return results

'''
Get the named attribute from the attributes passed, or return
an empty string if that attribute doesn't exist.
'''
def getAttr(attributes, name):
	attr = attributes.get(name)
	if attr is None:
		return ""
	return attr.get()

'''
Show all of the members of the specified group. This relies on
the Confluence user database for the ~ wiki markup to work.
'''
def showGroupMembers(group):
	pager = userAccessor.getMemberNames(group)
	userIterator = pager.iterator()
	while userIterator.hasNext():
		user = userAccessor.getUser(userIterator.next())
		print "[~%s]" % user.getName()

'''