Implement set password on LDAP server
This commit is contained in:
parent
0189713ff1
commit
036623d473
|
|
@ -4,6 +4,9 @@ import ldap.modlist as modlist
|
|||
import secrets
|
||||
import base64
|
||||
|
||||
from flask import abort
|
||||
HTTP_NOTFOUND = 404
|
||||
|
||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
||||
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, './ProtospaceAD.cer')
|
||||
l = ldap.initialize('ldaps://ldap.ps.protospace.ca:636')
|
||||
|
|
@ -15,7 +18,8 @@ l.set_option(ldap.OPT_DEBUG_LEVEL, 255)
|
|||
|
||||
# === Protospace ===
|
||||
BASE = 'DC=ps,DC=protospace,DC=ca'
|
||||
BASE_Members = 'OU=XTest,OU=GroupsOU,DC=ps,DC=protospace,DC=ca'
|
||||
#BASE_Members = 'OU=XTest,OU=GroupsOU,DC=ps,DC=protospace,DC=ca'
|
||||
BASE_Members = 'OU=MembersOU,DC=ps,DC=protospace,DC=ca'
|
||||
BASE_Groups = 'OU=GroupsOU,DC=ps,DC=protospace,DC=ca'
|
||||
|
||||
def search(query):
|
||||
|
|
@ -51,11 +55,15 @@ def find_user(query):
|
|||
try:
|
||||
bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
|
||||
criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(query)
|
||||
results = l.search_s(BASE_Groups, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
|
||||
results = l.search_s(BASE_Members, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
|
||||
|
||||
if len(results) != 1:
|
||||
return False
|
||||
|
||||
return results[0][0]
|
||||
finally:
|
||||
l.unbind()
|
||||
|
||||
return(results)
|
||||
print('unbound find')
|
||||
|
||||
def findgroup(query):
|
||||
'''
|
||||
|
|
@ -145,6 +153,26 @@ def create_group(groupname):
|
|||
finally:
|
||||
l.unbind()
|
||||
|
||||
def set_password(username, password):
|
||||
try:
|
||||
bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
|
||||
criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username)
|
||||
results = l.search_s(BASE_Members, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
|
||||
|
||||
if len(results) != 1:
|
||||
abort(HTTP_NOTFOUND)
|
||||
|
||||
dn = results[0][0]
|
||||
|
||||
# set password
|
||||
pass_quotes = '"{}"'.format(password)
|
||||
pass_uni = pass_quotes.encode('utf-16-le')
|
||||
change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])]
|
||||
result = l.modify_s(dn, change_des)
|
||||
finally:
|
||||
l.unbind()
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
||||
# ===========================================
|
||||
|
|
@ -173,5 +201,5 @@ if __name__ == '__main__':
|
|||
#
|
||||
#print("ReturnCode = " + str(rCode))
|
||||
|
||||
find_user('tanner.collin')
|
||||
|
||||
#print(find_user('tanner.collin'))
|
||||
print(set_password('dsaftanner.collin', 'Supersecret@@'))
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user