diff --git a/ldapserver/ProtospaceAD.cer b/ldapserver/ProtospaceAD.cer new file mode 100644 index 0000000..3979c89 --- /dev/null +++ b/ldapserver/ProtospaceAD.cer @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDpTCCAo2gAwIBAgIQbY2j16+A77pNZzc+AjlCsjANBgkqhkiG9w0BAQUFADBl +MRIwEAYKCZImiZPyLGQBGRYCY2ExGjAYBgoJkiaJk/IsZAEZFgpwcm90b3NwYWNl +MRIwEAYKCZImiZPyLGQBGRYCcHMxHzAdBgNVBAMTFlByb3Rvc3BhY2UtSW50ZXJu +YWwtQ0EwHhcNMTYxMjI5MDY1NzMxWhcNNDExMjI5MDcwNzMxWjBlMRIwEAYKCZIm +iZPyLGQBGRYCY2ExGjAYBgoJkiaJk/IsZAEZFgpwcm90b3NwYWNlMRIwEAYKCZIm +iZPyLGQBGRYCcHMxHzAdBgNVBAMTFlByb3Rvc3BhY2UtSW50ZXJuYWwtQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi6Ly6Qs9kJoiuZzWVYS+u5WEd +sVunrBMv2gXDL/L4dNO4Lt4+ef9CnzUng0MCf3J4mCzOPe1b1AGQwLx37a3/b2oD +PdIPcgLqTCtATjHHx0a5TPSqUXTeAgI9Cfig4flrMFBDmM3NyCZbrHDm0ZG03xxP +trtqc8fIueTcYAeUxkUaxmrLxPehZRVyGlcVKmjkGIyum/DSbiBDiyIFM1iuU80S +DxDEXKwqUPs4Bl9c94ViRxmgAlLEXlQJgsJUKsyHdLLYVFqkU29gn7licvJSLgJY +TsxykSZUwS9FFuokWxvpyzh89NOnKsFuB6SQNvOPvSsV6ttZ3mz1nAcj9OwTAgMB +AAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR3 +fENMsS1TOgvEMSP+/UPRAqGNNDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B +AQUFAAOCAQEARouzvMdacoz6kXjGfuqMjuy5raBP5I7O17WkT03LH67tJh2dnVUy +iGAj/EkOTlfDJ8k04dMpibkqBshMi6cVaFUKgXWLK+kEJvQ56zTwrNAMm/t+Hhdn +3og7H13T4TXkbeyzpeDYm38PYv1ITA/+K4L1/vPh9U31Cptama3vfalZyfPrTRHl +UHljOXaS89r20RoD1Tia1lV26ZsQa3QjkSHGzpx1lrnuW+jFmUm8RUBVJdgfCVMV ++PJmWYJ4aK2Ik6DARBulRRAJYFhmMkbPmLgNKA5qBnB3t2O8+KkwUmMNeMmjI/+v +0XLRWFmja+PJ0tU7GYnDget2D/Ob6kGGrg== +-----END CERTIFICATE----- diff --git a/ldapserver/ldap_functions.py b/ldapserver/ldap_functions.py index 8269fd1..a8b8b91 100644 --- a/ldapserver/ldap_functions.py +++ b/ldapserver/ldap_functions.py @@ -5,7 +5,7 @@ import secrets import base64 ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) -ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, secrets.LDAP_CERT) +ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, './ProtospaceAD.cer') l = ldap.initialize('ldaps://ldap.ps.protospace.ca:636') l.set_option(ldap.OPT_REFERRALS, 0) l.set_option(ldap.OPT_PROTOCOL_VERSION, 3) @@ -44,47 +44,18 @@ def search(query): finally: l.unbind() -def finduser(query): +def find_user(query): ''' Search for a user by sAMAccountname ''' try: bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) - criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(query) results = l.search_s(BASE_Groups, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] ) - - print(" =============") - print(" Found %d Objects" % len(results)) - print(" =============") - count = len(results) - rCode = count - - if (count == 0): - rCode = "None" - elif (count == 1): - for result in results: - #print(" --- ") - #print(results) - dn, attr = result - print(dn, attr) - rCode = dn - else: - for result in results: - #print(" --- ") - #print(results) - dn, attr = result - print(dn, attr) - rCode(" Found %d Objects" % len(results)) - - except Exception as inst: - print("== Entering Except ==") - rCode = type(inst) - print(type(inst)) # the exception instance - finally: l.unbind() - return(rCode) + + return(results) def findgroup(query): ''' @@ -147,16 +118,7 @@ def create_user(first, last, username, email, password): # 512 will set user account to enabled mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', b'512')] result = l.modify_s(dn, mod_acct) - - except Exception as inst: - print("== Entering Except ==") - rCode = type(inst) - print(type(inst)) # the exception instance - - else: - #rCode = "Else" - print("== Entering Else ==") - + finally: print("== Entering Finally ==") l.unbind() @@ -188,27 +150,28 @@ if __name__ == '__main__': # =========================================== # Sample Progams # =========================================== - print("----------------------------------------------------------------------------------------") - i = 3 - - if ( i == 1): - rCode = finduser('*') - elif (i == 2): - rCode = search('*') - elif (i == 3): - rCode = create_user( - 'billy', - 'gates', - 'billy.gates', - 'billy.gates@protospace.ca', - 'P@ssw0rd99' - ) - elif ( i == 4): - create_group('testgroup') - else: - print("No function selected") - - - print("ReturnCode = " + str(rCode)) + #print("----------------------------------------------------------------------------------------") + #i = 3 + # + #if ( i == 1): + # rCode = find_user('*') + #elif (i == 2): + # rCode = search('*') + #elif (i == 3): + # rCode = create_user( + # 'billy', + # 'gates', + # 'billy.gates', + # 'billy.gates@protospace.ca', + # 'P@ssw0rd99' + # ) + #elif ( i == 4): + # create_group('testgroup') + #else: + # print("No function selected") + # + # + #print("ReturnCode = " + str(rCode)) + find_user('tanner.collin') diff --git a/ldapserver/requirements.txt b/ldapserver/requirements.txt index f3cfcc7..bb11606 100644 --- a/ldapserver/requirements.txt +++ b/ldapserver/requirements.txt @@ -4,4 +4,7 @@ gunicorn==20.0.4 itsdangerous==1.1.0 Jinja2==2.11.1 MarkupSafe==1.1.1 +pyasn1==0.4.8 +pyasn1-modules==0.2.8 +python-ldap==3.2.0 Werkzeug==0.16.1 diff --git a/ldapserver/secrets.py.example b/ldapserver/secrets.py.example index bbbc344..d73a4e4 100644 --- a/ldapserver/secrets.py.example +++ b/ldapserver/secrets.py.example @@ -5,3 +5,6 @@ # For example, use the first output of this: # head /dev/urandom | sha1sum AUTH_TOKEN = '' + +LDAP_USERNAME = '' +LDAP_PASSWORD = ''