Set up LDAP to run from virtual env

ldapserver/ProtospaceAD.cer

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo2gAwIBAgIQbY2j16+A77pNZzc+AjlCsjANBgkqhkiG9w0BAQUFADBl
+MRIwEAYKCZImiZPyLGQBGRYCY2ExGjAYBgoJkiaJk/IsZAEZFgpwcm90b3NwYWNl
+MRIwEAYKCZImiZPyLGQBGRYCcHMxHzAdBgNVBAMTFlByb3Rvc3BhY2UtSW50ZXJu
+YWwtQ0EwHhcNMTYxMjI5MDY1NzMxWhcNNDExMjI5MDcwNzMxWjBlMRIwEAYKCZIm
+iZPyLGQBGRYCY2ExGjAYBgoJkiaJk/IsZAEZFgpwcm90b3NwYWNlMRIwEAYKCZIm
+iZPyLGQBGRYCcHMxHzAdBgNVBAMTFlByb3Rvc3BhY2UtSW50ZXJuYWwtQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi6Ly6Qs9kJoiuZzWVYS+u5WEd
+sVunrBMv2gXDL/L4dNO4Lt4+ef9CnzUng0MCf3J4mCzOPe1b1AGQwLx37a3/b2oD
+PdIPcgLqTCtATjHHx0a5TPSqUXTeAgI9Cfig4flrMFBDmM3NyCZbrHDm0ZG03xxP
+trtqc8fIueTcYAeUxkUaxmrLxPehZRVyGlcVKmjkGIyum/DSbiBDiyIFM1iuU80S
+DxDEXKwqUPs4Bl9c94ViRxmgAlLEXlQJgsJUKsyHdLLYVFqkU29gn7licvJSLgJY
+TsxykSZUwS9FFuokWxvpyzh89NOnKsFuB6SQNvOPvSsV6ttZ3mz1nAcj9OwTAgMB
+AAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR3
+fENMsS1TOgvEMSP+/UPRAqGNNDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B
+AQUFAAOCAQEARouzvMdacoz6kXjGfuqMjuy5raBP5I7O17WkT03LH67tJh2dnVUy
+iGAj/EkOTlfDJ8k04dMpibkqBshMi6cVaFUKgXWLK+kEJvQ56zTwrNAMm/t+Hhdn
+3og7H13T4TXkbeyzpeDYm38PYv1ITA/+K4L1/vPh9U31Cptama3vfalZyfPrTRHl
+UHljOXaS89r20RoD1Tia1lV26ZsQa3QjkSHGzpx1lrnuW+jFmUm8RUBVJdgfCVMV
++PJmWYJ4aK2Ik6DARBulRRAJYFhmMkbPmLgNKA5qBnB3t2O8+KkwUmMNeMmjI/+v
+0XLRWFmja+PJ0tU7GYnDget2D/Ob6kGGrg==
+-----END CERTIFICATE-----

ldapserver/ldap_functions.py

@@ -5,7 +5,7 @@ import secrets
 import base64
 
 ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
-ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, secrets.LDAP_CERT)
+ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, './ProtospaceAD.cer')
 l = ldap.initialize('ldaps://ldap.ps.protospace.ca:636')
 l.set_option(ldap.OPT_REFERRALS, 0)
 l.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
@@ -44,47 +44,18 @@ def search(query):
     finally:
         l.unbind()
 
-def finduser(query):
+def find_user(query):
     '''
     Search for a user by sAMAccountname
     '''
     try:
         bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
-
         criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(query)
         results = l.search_s(BASE_Groups, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
-
-        print(" =============")
-        print(" Found %d Objects" % len(results))
-        print(" =============")
-        count = len(results)
-        rCode = count
-        
-        if (count == 0):
-            rCode = "None"
-        elif (count == 1):
-            for result in results:
-                #print("   --- ")
-                #print(results)
-                dn, attr = result
-                print(dn, attr)
-            rCode = dn
-        else:
-            for result in results:
-                #print("   --- ")
-                #print(results)
-                dn, attr = result
-                print(dn, attr)
-            rCode(" Found %d Objects" % len(results))
-            
-    except Exception as inst:
-        print("== Entering Except ==")
-        rCode = type(inst)
-        print(type(inst))    # the exception instance
-        
     finally:
         l.unbind()
-        return(rCode)
+
+    return(results)
 
 def findgroup(query):
     '''
@@ -147,16 +118,7 @@ def create_user(first, last, username, email, password):
         # 512 will set user account to enabled
         mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', b'512')]
         result = l.modify_s(dn, mod_acct)
-        
-    except Exception as inst:
-        print("== Entering Except ==")
-        rCode = type(inst)
-        print(type(inst))    # the exception instance
-        
-    else:
-        #rCode = "Else"
-        print("== Entering Else ==")
-        
+
     finally:
         print("== Entering Finally ==")
         l.unbind()
@@ -188,27 +150,28 @@ if __name__ == '__main__':
 # ===========================================
 #  Sample Progams
 # ===========================================
-    print("----------------------------------------------------------------------------------------")
-    i = 3
-    
-    if ( i == 1):
-        rCode = finduser('*')
-    elif (i == 2):
-        rCode = search('*')
-    elif (i == 3):
-        rCode = create_user(
-        'billy',
-        'gates',
-        'billy.gates',
-        'billy.gates@protospace.ca',
-        'P@ssw0rd99'
-        )
-    elif ( i == 4):
-        create_group('testgroup')
-    else:
-        print("No function selected")
-        
-        
-    print("ReturnCode = " + str(rCode))
+    #print("----------------------------------------------------------------------------------------")
+    #i = 3
+    #
+    #if ( i == 1):
+    #    rCode = find_user('*')
+    #elif (i == 2):
+    #    rCode = search('*')
+    #elif (i == 3):
+    #    rCode = create_user(
+    #    'billy',
+    #    'gates',
+    #    'billy.gates',
+    #    'billy.gates@protospace.ca',
+    #    'P@ssw0rd99'
+    #    )
+    #elif ( i == 4):
+    #    create_group('testgroup')
+    #else:
+    #    print("No function selected")
+    #    
+    #    
+    #print("ReturnCode = " + str(rCode))
     
+    find_user('tanner.collin')
 

ldapserver/requirements.txt

@@ -4,4 +4,7 @@ gunicorn==20.0.4
 itsdangerous==1.1.0
 Jinja2==2.11.1
 MarkupSafe==1.1.1
+pyasn1==0.4.8
+pyasn1-modules==0.2.8
+python-ldap==3.2.0
 Werkzeug==0.16.1

ldapserver/secrets.py.example

@@ -5,3 +5,6 @@
 # For example, use the first output of this:
 # head /dev/urandom | sha1sum
 AUTH_TOKEN = ''
+
+LDAP_USERNAME = ''
+LDAP_PASSWORD = ''