Set up LDAP to run from virtual env

This commit is contained in:
Tanner Collin 2020-02-04 22:00:21 -07:00
parent f1b6be922d
commit 0189713ff1
4 changed files with 56 additions and 65 deletions

View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDpTCCAo2gAwIBAgIQbY2j16+A77pNZzc+AjlCsjANBgkqhkiG9w0BAQUFADBl
MRIwEAYKCZImiZPyLGQBGRYCY2ExGjAYBgoJkiaJk/IsZAEZFgpwcm90b3NwYWNl
MRIwEAYKCZImiZPyLGQBGRYCcHMxHzAdBgNVBAMTFlByb3Rvc3BhY2UtSW50ZXJu
YWwtQ0EwHhcNMTYxMjI5MDY1NzMxWhcNNDExMjI5MDcwNzMxWjBlMRIwEAYKCZIm
iZPyLGQBGRYCY2ExGjAYBgoJkiaJk/IsZAEZFgpwcm90b3NwYWNlMRIwEAYKCZIm
iZPyLGQBGRYCcHMxHzAdBgNVBAMTFlByb3Rvc3BhY2UtSW50ZXJuYWwtQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi6Ly6Qs9kJoiuZzWVYS+u5WEd
sVunrBMv2gXDL/L4dNO4Lt4+ef9CnzUng0MCf3J4mCzOPe1b1AGQwLx37a3/b2oD
PdIPcgLqTCtATjHHx0a5TPSqUXTeAgI9Cfig4flrMFBDmM3NyCZbrHDm0ZG03xxP
trtqc8fIueTcYAeUxkUaxmrLxPehZRVyGlcVKmjkGIyum/DSbiBDiyIFM1iuU80S
DxDEXKwqUPs4Bl9c94ViRxmgAlLEXlQJgsJUKsyHdLLYVFqkU29gn7licvJSLgJY
TsxykSZUwS9FFuokWxvpyzh89NOnKsFuB6SQNvOPvSsV6ttZ3mz1nAcj9OwTAgMB
AAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR3
fENMsS1TOgvEMSP+/UPRAqGNNDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B
AQUFAAOCAQEARouzvMdacoz6kXjGfuqMjuy5raBP5I7O17WkT03LH67tJh2dnVUy
iGAj/EkOTlfDJ8k04dMpibkqBshMi6cVaFUKgXWLK+kEJvQ56zTwrNAMm/t+Hhdn
3og7H13T4TXkbeyzpeDYm38PYv1ITA/+K4L1/vPh9U31Cptama3vfalZyfPrTRHl
UHljOXaS89r20RoD1Tia1lV26ZsQa3QjkSHGzpx1lrnuW+jFmUm8RUBVJdgfCVMV
+PJmWYJ4aK2Ik6DARBulRRAJYFhmMkbPmLgNKA5qBnB3t2O8+KkwUmMNeMmjI/+v
0XLRWFmja+PJ0tU7GYnDget2D/Ob6kGGrg==
-----END CERTIFICATE-----

View File

@ -5,7 +5,7 @@ import secrets
import base64
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, secrets.LDAP_CERT)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, './ProtospaceAD.cer')
l = ldap.initialize('ldaps://ldap.ps.protospace.ca:636')
l.set_option(ldap.OPT_REFERRALS, 0)
l.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
@ -44,47 +44,18 @@ def search(query):
finally:
l.unbind()
def finduser(query):
def find_user(query):
'''
Search for a user by sAMAccountname
'''
try:
bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(query)
results = l.search_s(BASE_Groups, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
print(" =============")
print(" Found %d Objects" % len(results))
print(" =============")
count = len(results)
rCode = count
if (count == 0):
rCode = "None"
elif (count == 1):
for result in results:
#print(" --- ")
#print(results)
dn, attr = result
print(dn, attr)
rCode = dn
else:
for result in results:
#print(" --- ")
#print(results)
dn, attr = result
print(dn, attr)
rCode(" Found %d Objects" % len(results))
except Exception as inst:
print("== Entering Except ==")
rCode = type(inst)
print(type(inst)) # the exception instance
finally:
l.unbind()
return(rCode)
return(results)
def findgroup(query):
'''
@ -148,15 +119,6 @@ def create_user(first, last, username, email, password):
mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', b'512')]
result = l.modify_s(dn, mod_acct)
except Exception as inst:
print("== Entering Except ==")
rCode = type(inst)
print(type(inst)) # the exception instance
else:
#rCode = "Else"
print("== Entering Else ==")
finally:
print("== Entering Finally ==")
l.unbind()
@ -188,27 +150,28 @@ if __name__ == '__main__':
# ===========================================
# Sample Progams
# ===========================================
print("----------------------------------------------------------------------------------------")
i = 3
if ( i == 1):
rCode = finduser('*')
elif (i == 2):
rCode = search('*')
elif (i == 3):
rCode = create_user(
'billy',
'gates',
'billy.gates',
'billy.gates@protospace.ca',
'P@ssw0rd99'
)
elif ( i == 4):
create_group('testgroup')
else:
print("No function selected")
print("ReturnCode = " + str(rCode))
#print("----------------------------------------------------------------------------------------")
#i = 3
#
#if ( i == 1):
# rCode = find_user('*')
#elif (i == 2):
# rCode = search('*')
#elif (i == 3):
# rCode = create_user(
# 'billy',
# 'gates',
# 'billy.gates',
# 'billy.gates@protospace.ca',
# 'P@ssw0rd99'
# )
#elif ( i == 4):
# create_group('testgroup')
#else:
# print("No function selected")
#
#
#print("ReturnCode = " + str(rCode))
find_user('tanner.collin')

View File

@ -4,4 +4,7 @@ gunicorn==20.0.4
itsdangerous==1.1.0
Jinja2==2.11.1
MarkupSafe==1.1.1
pyasn1==0.4.8
pyasn1-modules==0.2.8
python-ldap==3.2.0
Werkzeug==0.16.1

View File

@ -5,3 +5,6 @@
# For example, use the first output of this:
# head /dev/urandom | sha1sum
AUTH_TOKEN = ''
LDAP_USERNAME = ''
LDAP_PASSWORD = ''