spaceport/ldapserver/ldap_functions.py

from log import logger
import time
import ldap
import ldap.modlist as modlist
import secrets
import base64

from flask import abort

HTTP_NOTFOUND = 404

ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, secrets.LDAP_CERTFILE)

def init_ldap():
    ldap_conn = ldap.initialize(secrets.LDAP_URL)
    ldap_conn.set_option(ldap.OPT_REFERRALS, 0)
    ldap_conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
    ldap_conn.set_option(ldap.OPT_X_TLS,ldap.OPT_X_TLS_DEMAND)
    ldap_conn.set_option(ldap.OPT_X_TLS_DEMAND, True)
    ldap_conn.set_option(ldap.OPT_DEBUG_LEVEL, 255)

    return ldap_conn

def convert(data):
    if isinstance(data, dict):
        return {convert(key): convert(value) for key, value in data.items()}
    elif isinstance(data, (list, tuple)):
        if len(data) == 1:
            return convert(data[0])
        else:
            return [convert(element) for element in data]
    elif isinstance(data, (bytes, bytearray)):
        try:
            return data.decode()
        except UnicodeDecodeError:
            return data.hex()
    else:
        return data

def find_user(query):
    '''
    Search for a user by sAMAccountname or email
    '''
    ldap_conn = init_ldap()
    try:
        logger.info('Looking up user ' + query)
        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        criteria = '(&(objectClass=user)(|(mail={})(sAMAccountName={}))(!(objectClass=computer)))'.format(query, query)
        results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'])

        logger.info('  Results: ' + str(results))

        if len(results) != 1:
            abort(HTTP_NOTFOUND)

        return results[0][0]
    finally:
        ldap_conn.unbind()

def find_dn(dn):
    '''
    Search for a user by dn
    '''
    ldap_conn = init_ldap()
    try:
        logger.info('Finding user for dn: ' + dn)
        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        criteria = '(&(objectClass=user)(!(objectClass=computer)))'
        results = ldap_conn.search_s(dn, ldap.SCOPE_SUBTREE, criteria, ['sAMAccountName'])

        logger.info('  Results: ' + str(results))

        return results[0][1]['sAMAccountName'][0].decode()
    finally:
        ldap_conn.unbind()

def create_user(first, last, username, email, password):
    '''
    Create a User;  required data is first, last, email, username, password
    Note: this creates a disabled user, then sets a password, then enables the user
    '''
    ldap_conn = init_ldap()
    try:
        logger.info('Creating user: ' + username)
        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        dn = 'CN={} {},{}'.format(first, last, secrets.BASE_MEMBERS)
        full_name = '{} {}'.format(first, last)

        ldif = [
            ('objectClass', [b'top', b'person', b'organizationalPerson', b'user']),
            ('cn', [full_name.encode()]),
            ('userPrincipalName', [username.encode()]),
            ('sAMAccountName', [username.encode()]),
            ('givenName', [first.encode()]),
            ('sn', [last.encode()]),
            ('DisplayName', [full_name.encode()]),
            ('userAccountControl', [b'514']),
            ('mail', [email.encode()]),
            ('company', [b'Spaceport']),
        ]

        result = ldap_conn.add_s(dn, ldif)

        logger.info('  Result: ' + str(result))

        # set password
        pass_quotes = '"{}"'.format(password)
        pass_uni = pass_quotes.encode('utf-16-le')
        change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])]
        result = ldap_conn.modify_s(dn, change_des)

        logger.info('  Result: ' + str(result))

        # 512 will set user account to enabled
        mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', b'512')]
        result = ldap_conn.modify_s(dn, mod_acct)

        logger.info('  Result: ' + str(result))
    finally:
        ldap_conn.unbind()

def set_password(username, password):
    ldap_conn = init_ldap()
    try:
        logger.info('Setting password for: ' + username)
        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username)
        results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )

        if len(results) != 1:
            abort(HTTP_NOTFOUND)

        dn = results[0][0]

        logger.info('  Dn found: ' + dn)

        # set password
        pass_quotes = '"{}"'.format(password)
        pass_uni = pass_quotes.encode('utf-16-le')
        change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])]
        result = ldap_conn.modify_s(dn, change_des)

        logger.info('  Set password result: ' + str(result))
    finally:
        ldap_conn.unbind()

def find_group(groupname):
    '''
    Search for a group by name or sAMAccountname
    '''
    ldap_conn = init_ldap()
    try:
        logger.info('Looking up group ' + groupname)
        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname)
        results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['name','groupType'] )

        logger.info('  Results: ' + str(results))

        if len(results) != 1:
            abort(HTTP_NOTFOUND)

        return results[0][0]
    finally:
        ldap_conn.unbind()

def create_group(groupname, description):
    '''
    Create a Group;  required data is sAMAccountName, Description
    '''
    ldap_conn = init_ldap()
    try:
        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        dn = 'CN={},{}'.format(groupname, secrets.BASE_GROUPS)

        ldif = [
            ('objectClass', [b'top', b'group']),
            ('cn', [groupname.encode()]),
            ('DisplayName', [groupname.encode()]),
            ('description', [description.encode()]),
            ('sAMAccountName', [groupname.encode()])
        ]

        rcode = ldap_conn.add_s(dn, ldif)
        return rcode

    finally:
        ldap_conn.unbind()

def add_to_group(groupname, username):
    '''
    Add a user to a Group;  required data is GroupName, Username
    '''
    ldap_conn = init_ldap()
    try:
        logger.info('Adding ' + username + ' to group: ' + groupname)
        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        user_dn = find_user(username)
        group_dn = find_group(groupname)

        if not is_member(groupname, username):
            mod_acct = [(ldap.MOD_ADD, 'member', user_dn.encode())]
            ldap_conn.modify_s(group_dn, mod_acct)
            logger.info('  Added.')
            return True
        else:
            logger.info('  Already a member, skipping.')
            return False

    finally:
        ldap_conn.unbind()

def remove_from_group(groupname, username):
    '''
    Remove a user from a Group;  required data is GroupName, Username
    '''
    ldap_conn = init_ldap()
    try:
        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        user_dn = find_user(username)
        group_dn = find_group(groupname)

        if is_member(groupname, username):
            mod_acct = [(ldap.MOD_DELETE, 'member', user_dn.encode())]
            ldap_conn.modify_s(group_dn, mod_acct)
            return True
        else:
            logger.info('Not a member, skipping')
            return False

    finally:
        ldap_conn.unbind()

def list_group(groupname):
    '''
    List users in a Group;  required data is GroupName
    '''
    ldap_conn = init_ldap()
    try:
        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        group_dn = find_group(groupname)
        
        criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname)
        results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'])
        members_tmp = results[0][1]
        members = members_tmp.get('member', [])
        return [find_dn(dn.decode()) for dn in members]

    finally:
        ldap_conn.unbind()

def is_member(groupname, username):
    '''
    Checks to see if a user is a member of a group
    '''
    ldap_conn = init_ldap()
    try:
        logger.info('Checking if ' + username + ' is in group: ' + groupname)
        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        group_dn = find_group(groupname)
        user_dn = find_user(username).encode()
        memflag = False
        criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname)
        results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'] )
        members_tmp = results[0][1]
        members = members_tmp.get('member', [])
        result = user_dn in members

        logger.info('  Result: ' + str(result))
        return result
    finally:
        ldap_conn.unbind()

def dump_users():
    '''
    Dump all AD users
    '''
    ldap_conn = init_ldap()
    try:
        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        criteria = '(&(objectClass=user)(objectGUID=*))'
        attributes = ['cn', 'sAMAccountName', 'mail', 'displayName', 'givenName', 'name', 'sn', 'logonCount', 'objectGUID']
        results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, attributes)
        results = convert(results)

        output = {}
        for r in results:
            tmp = r[1]
            tmp['dn'] = r[0]
            output[r[1]['sAMAccountName']] = tmp

        import json
        return json.dumps(output, indent=4)
    finally:
        ldap_conn.unbind()


# ===========================================================================

        #guid = '\\b4\\51\\1adce6709c449bd21a812c423e82'
        #guid = ''.join(['\\%s' % guid[i:i+2] for i in range(0, len(guid), 2)])
        #print(guid)
        #criteria = '(&(objectClass=user)(objectGUID={}))'.format(guid)

if __name__ == '__main__':
    pass
    #print(create_user('Elon', 'Tusk', 'elon.tusk', 'elont@example.com', 'protospace*&^g87g6'))
    #print(find_user('tanner.collin'))
    #print(set_password('tanner.collin', 'Supersecret@@'))
    #print(find_dn('CN=Tanner Collin,OU=MembersOU,DC=ps,DC=protospace,DC=ca'))
    #print("============================================================")
    #print(create_group("newgroup", "new group"))
    #print("   ==============  ")
    #print(list_group("Laser Users"))
    #print("   ==============  ")
    #print(is_member('newgroup','tanner.collin'))
    #print("   ==============  ")
    #print(add_to_group('newgroup','tanner.collin'))
    #print("   ==============  ")
    #print(list_group("newgroup"))
    #print("   ==============  ")
    #print(remove_from_group('newgroup','tanner.collin'))
    #print("   ==============  ")
    print(list_group('Trotec Users'))
    #print(dump_users())

    #users = list_group('Laser Users')
    #import json
    #print(json.dumps(users, indent=4))
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`from log import logger`
Import Pat's LDAP functions 2020-02-05 04:31:22 +00:00			`import time`
			`import ldap`
			`import ldap.modlist as modlist`
Access secrets through module 2020-02-05 04:32:25 +00:00			`import secrets`
Import Pat's LDAP functions 2020-02-05 04:31:22 +00:00			`import base64`

Implement set password on LDAP server 2020-02-05 05:42:42 +00:00			`from flask import abort`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00
Implement set password on LDAP server 2020-02-05 05:42:42 +00:00			`HTTP_NOTFOUND = 404`

Import Pat's LDAP functions 2020-02-05 04:31:22 +00:00			`ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, secrets.LDAP_CERTFILE)`
Import Pat's LDAP functions 2020-02-05 04:31:22 +00:00
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`def init_ldap():`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`ldap_conn = ldap.initialize(secrets.LDAP_URL)`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`ldap_conn.set_option(ldap.OPT_REFERRALS, 0)`
			`ldap_conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)`
			`ldap_conn.set_option(ldap.OPT_X_TLS,ldap.OPT_X_TLS_DEMAND)`
			`ldap_conn.set_option(ldap.OPT_X_TLS_DEMAND, True)`
			`ldap_conn.set_option(ldap.OPT_DEBUG_LEVEL, 255)`

			`return ldap_conn`
Import Pat's LDAP functions 2020-02-05 04:31:22 +00:00
Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`def convert(data):`
			`if isinstance(data, dict):`
			`return {convert(key): convert(value) for key, value in data.items()}`
			`elif isinstance(data, (list, tuple)):`
			`if len(data) == 1:`
			`return convert(data[0])`
			`else:`
			`return [convert(element) for element in data]`
			`elif isinstance(data, (bytes, bytearray)):`
Improve LDAP logging and group functions 2020-09-14 00:13:00 +00:00			`try:`
			`return data.decode()`
			`except UnicodeDecodeError:`
			`return data.hex()`
Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`else:`
			`return data`

Allow searching LDAP users by email 2020-09-11 07:36:00 +00:00			`def find_user(query):`
Import Pat's LDAP functions 2020-02-05 04:31:22 +00:00			`'''`
Allow searching LDAP users by email 2020-09-11 07:36:00 +00:00			`Search for a user by sAMAccountname or email`
Import Pat's LDAP functions 2020-02-05 04:31:22 +00:00			`'''`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`ldap_conn = init_ldap()`
			`try:`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`logger.info('Looking up user ' + query)`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)`
Allow searching LDAP users by email 2020-09-11 07:36:00 +00:00			`criteria = '(&(objectClass=user)(\|(mail={})(sAMAccountName={}))(!(objectClass=computer)))'.format(query, query)`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'])`
Implement set password on LDAP server 2020-02-05 05:42:42 +00:00
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`logger.info(' Results: ' + str(results))`
Improve LDAP logging and group functions 2020-09-14 00:13:00 +00:00
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`if len(results) != 1:`
			`abort(HTTP_NOTFOUND)`
Implement set password on LDAP server 2020-02-05 05:42:42 +00:00
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`return results[0][0]`
			`finally:`
			`ldap_conn.unbind()`
Import Pat's LDAP functions 2020-02-05 04:31:22 +00:00
Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`def find_dn(dn):`
			`'''`
			`Search for a user by dn`
			`'''`
			`ldap_conn = init_ldap()`
			`try:`
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`logger.info('Finding user for dn: ' + dn)`
Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)`
			`criteria = '(&(objectClass=user)(!(objectClass=computer)))'`
			`results = ldap_conn.search_s(dn, ldap.SCOPE_SUBTREE, criteria, ['sAMAccountName'])`

Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`logger.info(' Results: ' + str(results))`

Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`return results[0][1]['sAMAccountName'][0].decode()`
			`finally:`
			`ldap_conn.unbind()`

Begin LDAP HTTP server with stubs 2020-02-04 06:18:37 +00:00			`def create_user(first, last, username, email, password):`
Import Pat's LDAP functions 2020-02-05 04:31:22 +00:00			`'''`
			`Create a User; required data is first, last, email, username, password`
			`Note: this creates a disabled user, then sets a password, then enables the user`
			`'''`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`ldap_conn = init_ldap()`
			`try:`
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`logger.info('Creating user: ' + username)`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`dn = 'CN={} {},{}'.format(first, last, secrets.BASE_MEMBERS)`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`full_name = '{} {}'.format(first, last)`

			`ldif = [`
			`('objectClass', [b'top', b'person', b'organizationalPerson', b'user']),`
			`('cn', [full_name.encode()]),`
			`('userPrincipalName', [username.encode()]),`
			`('sAMAccountName', [username.encode()]),`
			`('givenName', [first.encode()]),`
			`('sn', [last.encode()]),`
			`('DisplayName', [full_name.encode()]),`
			`('userAccountControl', [b'514']),`
			`('mail', [email.encode()]),`
Set new user's company to Spaceport to help filter 2020-02-09 02:51:51 +00:00			`('company', [b'Spaceport']),`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`]`

Improve LDAP logging and group functions 2020-09-14 00:13:00 +00:00			`result = ldap_conn.add_s(dn, ldif)`

Fix logging bug 2020-11-04 04:03:55 +00:00			`logger.info(' Result: ' + str(result))`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00
			`# set password`
			`pass_quotes = '"{}"'.format(password)`
			`pass_uni = pass_quotes.encode('utf-16-le')`
			`change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])]`
			`result = ldap_conn.modify_s(dn, change_des)`

Fix logging bug 2020-11-04 04:03:55 +00:00			`logger.info(' Result: ' + str(result))`
Improve LDAP logging and group functions 2020-09-14 00:13:00 +00:00
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`# 512 will set user account to enabled`
			`mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', b'512')]`
			`result = ldap_conn.modify_s(dn, mod_acct)`
Improve LDAP logging and group functions 2020-09-14 00:13:00 +00:00
Fix logging bug 2020-11-04 04:03:55 +00:00			`logger.info(' Result: ' + str(result))`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`finally:`
			`ldap_conn.unbind()`
Import Pat's LDAP functions 2020-02-05 04:31:22 +00:00
Implement set password on LDAP server 2020-02-05 05:42:42 +00:00			`def set_password(username, password):`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`ldap_conn = init_ldap()`
			`try:`
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`logger.info('Setting password for: ' + username)`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)`
			`criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username)`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00
			`if len(results) != 1:`
			`abort(HTTP_NOTFOUND)`

			`dn = results[0][0]`

Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`logger.info(' Dn found: ' + dn)`

Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`# set password`
			`pass_quotes = '"{}"'.format(password)`
			`pass_uni = pass_quotes.encode('utf-16-le')`
			`change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])]`
			`result = ldap_conn.modify_s(dn, change_des)`
Improve ldapserver logging 2020-11-04 00:39:07 +00:00
			`logger.info(' Set password result: ' + str(result))`
Initialize LDAP connection on each API call 2020-02-09 02:51:16 +00:00			`finally:`
			`ldap_conn.unbind()`
Implement set password on LDAP server 2020-02-05 05:42:42 +00:00
Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00			`def find_group(groupname):`
			`'''`
Update ldap_functions.py 2020-09-08 06:46:34 +00:00			`Search for a group by name or sAMAccountname`
Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00			`'''`
			`ldap_conn = init_ldap()`
			`try:`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`logger.info('Looking up group ' + groupname)`
Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00			`ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)`
			`criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname)`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['name','groupType'] )`
Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`logger.info(' Results: ' + str(results))`
Improve LDAP logging and group functions 2020-09-14 00:13:00 +00:00
Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00			`if len(results) != 1:`
			`abort(HTTP_NOTFOUND)`

			`return results[0][0]`
			`finally:`
			`ldap_conn.unbind()`

Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`def create_group(groupname, description):`
Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00			`'''`
			`Create a Group; required data is sAMAccountName, Description`
			`'''`
			`ldap_conn = init_ldap()`
			`try:`
			`ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`dn = 'CN={},{}'.format(groupname, secrets.BASE_GROUPS)`
Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00
			`ldif = [`
			`('objectClass', [b'top', b'group']),`
			`('cn', [groupname.encode()]),`
			`('DisplayName', [groupname.encode()]),`
			`('description', [description.encode()]),`
			`('sAMAccountName', [groupname.encode()])`
			`]`

			`rcode = ldap_conn.add_s(dn, ldif)`
Update ldap_functions.py 2020-09-08 06:46:34 +00:00			`return rcode`

			`finally:`
			`ldap_conn.unbind()`

Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`def add_to_group(groupname, username):`
Update ldap_functions.py 2020-09-08 06:46:34 +00:00			`'''`
			`Add a user to a Group; required data is GroupName, Username`
			`'''`
			`ldap_conn = init_ldap()`
			`try:`
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`logger.info('Adding ' + username + ' to group: ' + groupname)`
Update ldap_functions.py 2020-09-08 06:46:34 +00:00			`ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)`
			`user_dn = find_user(username)`
Improve LDAP logging and group functions 2020-09-14 00:13:00 +00:00			`group_dn = find_group(groupname)`
Fix whitespace 2020-09-11 01:15:42 +00:00
Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`if not is_member(groupname, username):`
Update ldap_functions.py 2020-09-08 06:46:34 +00:00			`mod_acct = [(ldap.MOD_ADD, 'member', user_dn.encode())]`
			`ldap_conn.modify_s(group_dn, mod_acct)`
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`logger.info(' Added.')`
Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`return True`
			`else:`
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`logger.info(' Already a member, skipping.')`
Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`return False`

			`finally:`
			`ldap_conn.unbind()`

			`def remove_from_group(groupname, username):`
			`'''`
			`Remove a user from a Group; required data is GroupName, Username`
			`'''`
			`ldap_conn = init_ldap()`
			`try:`
			`ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)`
			`user_dn = find_user(username)`
Improve LDAP logging and group functions 2020-09-14 00:13:00 +00:00			`group_dn = find_group(groupname)`
Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00
			`if is_member(groupname, username):`
			`mod_acct = [(ldap.MOD_DELETE, 'member', user_dn.encode())]`
			`ldap_conn.modify_s(group_dn, mod_acct)`
			`return True`
			`else:`
Add more logging 2020-09-15 21:01:07 +00:00			`logger.info('Not a member, skipping')`
Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`return False`
Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00
			`finally:`
			`ldap_conn.unbind()`

			`def list_group(groupname):`
			`'''`
			`List users in a Group; required data is GroupName`
			`'''`
			`ldap_conn = init_ldap()`
			`try:`
			`ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)`
			`group_dn = find_group(groupname)`

			`criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname)`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'])`
Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`members_tmp = results[0][1]`
Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`members = members_tmp.get('member', [])`
			`return [find_dn(dn.decode()) for dn in members]`

Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00			`finally:`
			`ldap_conn.unbind()`

Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`def is_member(groupname, username):`
Fix whitespace 2020-09-11 01:15:42 +00:00			`'''`
Update ldap_functions.py 2020-09-08 06:46:34 +00:00			`Checks to see if a user is a member of a group`
Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00			`'''`
			`ldap_conn = init_ldap()`
			`try:`
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`logger.info('Checking if ' + username + ' is in group: ' + groupname)`
Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00			`ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)`
Update ldap_functions.py 2020-09-08 06:46:34 +00:00			`group_dn = find_group(groupname)`
Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`user_dn = find_user(username).encode()`
Update ldap_functions.py 2020-09-08 06:46:34 +00:00			`memflag = False`
			`criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname)`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'] )`
Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`members_tmp = results[0][1]`
			`members = members_tmp.get('member', [])`
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`result = user_dn in members`

			`logger.info(' Result: ' + str(result))`
			`return result`
Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00			`finally:`
			`ldap_conn.unbind()`

Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`def dump_users():`
			`'''`
			`Dump all AD users`
			`'''`
			`ldap_conn = init_ldap()`
			`try:`
			`ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)`
Improve LDAP logging and group functions 2020-09-14 00:13:00 +00:00			`criteria = '(&(objectClass=user)(objectGUID=*))'`
			`attributes = ['cn', 'sAMAccountName', 'mail', 'displayName', 'givenName', 'name', 'sn', 'logonCount', 'objectGUID']`
Improve LDAP logging and secrets management 2020-09-15 00:18:38 +00:00			`results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, attributes)`
Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`results = convert(results)`

			`output = {}`
			`for r in results:`
			`tmp = r[1]`
			`tmp['dn'] = r[0]`
			`output[r[1]['sAMAccountName']] = tmp`

			`import json`
			`return json.dumps(output, indent=4)`
			`finally:`
			`ldap_conn.unbind()`

Add group functions. Add members, list members, create new groups 2020-03-17 16:53:08 +00:00
Update ldap_functions.py 2020-09-08 06:46:34 +00:00			`# ===========================================================================`
Allow searching LDAP users by email 2020-09-11 07:36:00 +00:00
Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`#guid = '\\b4\\51\\1adce6709c449bd21a812c423e82'`
			`#guid = ''.join(['\\%s' % guid[i:i+2] for i in range(0, len(guid), 2)])`
			`#print(guid)`
			`#criteria = '(&(objectClass=user)(objectGUID={}))'.format(guid)`

Import Pat's LDAP functions 2020-02-05 04:31:22 +00:00			`if __name__ == '__main__':`
Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`pass`
Improve LDAP logging and group functions 2020-09-14 00:13:00 +00:00			`#print(create_user('Elon', 'Tusk', 'elon.tusk', 'elont@example.com', 'protospace*&^g87g6'))`
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`#print(find_user('tanner.collin'))`
Update ldap_functions.py 2020-09-08 06:46:34 +00:00			`#print(set_password('tanner.collin', 'Supersecret@@'))`
Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`#print(find_dn('CN=Tanner Collin,OU=MembersOU,DC=ps,DC=protospace,DC=ca'))`
Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`#print("============================================================")`
			`#print(create_group("newgroup", "new group"))`
			`#print(" ============== ")`
Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`#print(list_group("Laser Users"))`
Fix LDAP bugs and and remove_from_group 2020-09-11 02:29:29 +00:00			`#print(" ============== ")`
			`#print(is_member('newgroup','tanner.collin'))`
			`#print(" ============== ")`
			`#print(add_to_group('newgroup','tanner.collin'))`
			`#print(" ============== ")`
			`#print(list_group("newgroup"))`
			`#print(" ============== ")`
			`#print(remove_from_group('newgroup','tanner.collin'))`
			`#print(" ============== ")`
Improve ldapserver logging 2020-11-04 00:39:07 +00:00			`print(list_group('Trotec Users'))`
Add find_dn and dump_users LDAP functions 2020-09-11 06:04:38 +00:00			`#print(dump_users())`
Allow searching LDAP users by email 2020-09-11 07:36:00 +00:00
Add more logging 2020-09-15 21:01:07 +00:00			`#users = list_group('Laser Users')`
			`#import json`
			`#print(json.dumps(users, indent=4))`