Implement set password on LDAP server

4 years ago · 036623d473
parent 0189713ff1
commit 036623d473
1 changed files with 34 additions and 6 deletions
--- a/ldapserver/ldap_functions.py
+++ b/ldapserver/ldap_functions.py
@ -4,6 +4,9 @@ import ldap.modlist as modlist
 import secrets
 import base64

+from flask import abort
+HTTP_NOTFOUND = 404
+
 ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
 ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, './ProtospaceAD.cer')
 l = ldap.initialize('ldaps://ldap.ps.protospace.ca:636')
@ -15,7 +18,8 @@ l.set_option(ldap.OPT_DEBUG_LEVEL, 255)

 # === Protospace ===
 BASE = 'DC=ps,DC=protospace,DC=ca'
-BASE_Members = 'OU=XTest,OU=GroupsOU,DC=ps,DC=protospace,DC=ca'
+#BASE_Members = 'OU=XTest,OU=GroupsOU,DC=ps,DC=protospace,DC=ca'
+BASE_Members = 'OU=MembersOU,DC=ps,DC=protospace,DC=ca'
 BASE_Groups  = 'OU=GroupsOU,DC=ps,DC=protospace,DC=ca'

 def search(query):
@ -51,11 +55,15 @@ def find_user(query):
    try:
        bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
        criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(query)
-        results = l.search_s(BASE_Groups, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
+        results = l.search_s(BASE_Members, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
+
+        if len(results) != 1:
+            return False
+
+        return results[0][0]
    finally:
        l.unbind()
-
-    return(results)
+        print('unbound find')

 def findgroup(query):
    '''
@ -145,6 +153,26 @@ def create_group(groupname):
    finally:
        l.unbind()

+def set_password(username, password):
+    try:
+        bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
+        criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username)
+        results = l.search_s(BASE_Members, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
+
+        if len(results) != 1:
+            abort(HTTP_NOTFOUND)
+
+        dn = results[0][0]
+
+        # set password
+        pass_quotes = '"{}"'.format(password)
+        pass_uni = pass_quotes.encode('utf-16-le')
+        change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])]
+        result = l.modify_s(dn, change_des)
+    finally:
+        l.unbind()
+
+
 if __name__ == '__main__':
    
 # ===========================================
@ -173,5 +201,5 @@ if __name__ == '__main__':
    #    
    #print("ReturnCode = " + str(rCode))
    
-    find_user('tanner.collin')
-
+    #print(find_user('tanner.collin'))
+    print(set_password('dsaftanner.collin', 'Supersecret@@'))