Set up LDAP to run from virtual env

This commit is contained in:
Tanner Collin 2020-02-04 22:00:21 -07:00
parent f1b6be922d
commit 0189713ff1
4 changed files with 56 additions and 65 deletions

View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDpTCCAo2gAwIBAgIQbY2j16+A77pNZzc+AjlCsjANBgkqhkiG9w0BAQUFADBl
MRIwEAYKCZImiZPyLGQBGRYCY2ExGjAYBgoJkiaJk/IsZAEZFgpwcm90b3NwYWNl
MRIwEAYKCZImiZPyLGQBGRYCcHMxHzAdBgNVBAMTFlByb3Rvc3BhY2UtSW50ZXJu
YWwtQ0EwHhcNMTYxMjI5MDY1NzMxWhcNNDExMjI5MDcwNzMxWjBlMRIwEAYKCZIm
iZPyLGQBGRYCY2ExGjAYBgoJkiaJk/IsZAEZFgpwcm90b3NwYWNlMRIwEAYKCZIm
iZPyLGQBGRYCcHMxHzAdBgNVBAMTFlByb3Rvc3BhY2UtSW50ZXJuYWwtQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi6Ly6Qs9kJoiuZzWVYS+u5WEd
sVunrBMv2gXDL/L4dNO4Lt4+ef9CnzUng0MCf3J4mCzOPe1b1AGQwLx37a3/b2oD
PdIPcgLqTCtATjHHx0a5TPSqUXTeAgI9Cfig4flrMFBDmM3NyCZbrHDm0ZG03xxP
trtqc8fIueTcYAeUxkUaxmrLxPehZRVyGlcVKmjkGIyum/DSbiBDiyIFM1iuU80S
DxDEXKwqUPs4Bl9c94ViRxmgAlLEXlQJgsJUKsyHdLLYVFqkU29gn7licvJSLgJY
TsxykSZUwS9FFuokWxvpyzh89NOnKsFuB6SQNvOPvSsV6ttZ3mz1nAcj9OwTAgMB
AAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR3
fENMsS1TOgvEMSP+/UPRAqGNNDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B
AQUFAAOCAQEARouzvMdacoz6kXjGfuqMjuy5raBP5I7O17WkT03LH67tJh2dnVUy
iGAj/EkOTlfDJ8k04dMpibkqBshMi6cVaFUKgXWLK+kEJvQ56zTwrNAMm/t+Hhdn
3og7H13T4TXkbeyzpeDYm38PYv1ITA/+K4L1/vPh9U31Cptama3vfalZyfPrTRHl
UHljOXaS89r20RoD1Tia1lV26ZsQa3QjkSHGzpx1lrnuW+jFmUm8RUBVJdgfCVMV
+PJmWYJ4aK2Ik6DARBulRRAJYFhmMkbPmLgNKA5qBnB3t2O8+KkwUmMNeMmjI/+v
0XLRWFmja+PJ0tU7GYnDget2D/Ob6kGGrg==
-----END CERTIFICATE-----

View File

@ -5,7 +5,7 @@ import secrets
import base64 import base64
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, secrets.LDAP_CERT) ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, './ProtospaceAD.cer')
l = ldap.initialize('ldaps://ldap.ps.protospace.ca:636') l = ldap.initialize('ldaps://ldap.ps.protospace.ca:636')
l.set_option(ldap.OPT_REFERRALS, 0) l.set_option(ldap.OPT_REFERRALS, 0)
l.set_option(ldap.OPT_PROTOCOL_VERSION, 3) l.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
@ -44,47 +44,18 @@ def search(query):
finally: finally:
l.unbind() l.unbind()
def finduser(query): def find_user(query):
''' '''
Search for a user by sAMAccountname Search for a user by sAMAccountname
''' '''
try: try:
bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(query) criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(query)
results = l.search_s(BASE_Groups, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] ) results = l.search_s(BASE_Groups, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
print(" =============")
print(" Found %d Objects" % len(results))
print(" =============")
count = len(results)
rCode = count
if (count == 0):
rCode = "None"
elif (count == 1):
for result in results:
#print(" --- ")
#print(results)
dn, attr = result
print(dn, attr)
rCode = dn
else:
for result in results:
#print(" --- ")
#print(results)
dn, attr = result
print(dn, attr)
rCode(" Found %d Objects" % len(results))
except Exception as inst:
print("== Entering Except ==")
rCode = type(inst)
print(type(inst)) # the exception instance
finally: finally:
l.unbind() l.unbind()
return(rCode)
return(results)
def findgroup(query): def findgroup(query):
''' '''
@ -148,15 +119,6 @@ def create_user(first, last, username, email, password):
mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', b'512')] mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', b'512')]
result = l.modify_s(dn, mod_acct) result = l.modify_s(dn, mod_acct)
except Exception as inst:
print("== Entering Except ==")
rCode = type(inst)
print(type(inst)) # the exception instance
else:
#rCode = "Else"
print("== Entering Else ==")
finally: finally:
print("== Entering Finally ==") print("== Entering Finally ==")
l.unbind() l.unbind()
@ -188,27 +150,28 @@ if __name__ == '__main__':
# =========================================== # ===========================================
# Sample Progams # Sample Progams
# =========================================== # ===========================================
print("----------------------------------------------------------------------------------------") #print("----------------------------------------------------------------------------------------")
i = 3 #i = 3
#
if ( i == 1): #if ( i == 1):
rCode = finduser('*') # rCode = find_user('*')
elif (i == 2): #elif (i == 2):
rCode = search('*') # rCode = search('*')
elif (i == 3): #elif (i == 3):
rCode = create_user( # rCode = create_user(
'billy', # 'billy',
'gates', # 'gates',
'billy.gates', # 'billy.gates',
'billy.gates@protospace.ca', # 'billy.gates@protospace.ca',
'P@ssw0rd99' # 'P@ssw0rd99'
) # )
elif ( i == 4): #elif ( i == 4):
create_group('testgroup') # create_group('testgroup')
else: #else:
print("No function selected") # print("No function selected")
#
#
print("ReturnCode = " + str(rCode)) #print("ReturnCode = " + str(rCode))
find_user('tanner.collin')

View File

@ -4,4 +4,7 @@ gunicorn==20.0.4
itsdangerous==1.1.0 itsdangerous==1.1.0
Jinja2==2.11.1 Jinja2==2.11.1
MarkupSafe==1.1.1 MarkupSafe==1.1.1
pyasn1==0.4.8
pyasn1-modules==0.2.8
python-ldap==3.2.0
Werkzeug==0.16.1 Werkzeug==0.16.1

View File

@ -5,3 +5,6 @@
# For example, use the first output of this: # For example, use the first output of this:
# head /dev/urandom | sha1sum # head /dev/urandom | sha1sum
AUTH_TOKEN = '' AUTH_TOKEN = ''
LDAP_USERNAME = ''
LDAP_PASSWORD = ''