From 036623d47373cf3c184bdbb69c54901b814d38c2 Mon Sep 17 00:00:00 2001 From: Tanner Collin Date: Tue, 4 Feb 2020 22:42:42 -0700 Subject: [PATCH] Implement set password on LDAP server --- ldapserver/ldap_functions.py | 40 ++++++++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/ldapserver/ldap_functions.py b/ldapserver/ldap_functions.py index a8b8b91..7cb9f65 100644 --- a/ldapserver/ldap_functions.py +++ b/ldapserver/ldap_functions.py @@ -4,6 +4,9 @@ import ldap.modlist as modlist import secrets import base64 +from flask import abort +HTTP_NOTFOUND = 404 + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, './ProtospaceAD.cer') l = ldap.initialize('ldaps://ldap.ps.protospace.ca:636') @@ -15,7 +18,8 @@ l.set_option(ldap.OPT_DEBUG_LEVEL, 255) # === Protospace === BASE = 'DC=ps,DC=protospace,DC=ca' -BASE_Members = 'OU=XTest,OU=GroupsOU,DC=ps,DC=protospace,DC=ca' +#BASE_Members = 'OU=XTest,OU=GroupsOU,DC=ps,DC=protospace,DC=ca' +BASE_Members = 'OU=MembersOU,DC=ps,DC=protospace,DC=ca' BASE_Groups = 'OU=GroupsOU,DC=ps,DC=protospace,DC=ca' def search(query): @@ -51,11 +55,15 @@ def find_user(query): try: bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(query) - results = l.search_s(BASE_Groups, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] ) + results = l.search_s(BASE_Members, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] ) + + if len(results) != 1: + return False + + return results[0][0] finally: l.unbind() - - return(results) + print('unbound find') def findgroup(query): ''' @@ -145,6 +153,26 @@ def create_group(groupname): finally: l.unbind() +def set_password(username, password): + try: + bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) + criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username) + results = l.search_s(BASE_Members, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] ) + + if len(results) != 1: + abort(HTTP_NOTFOUND) + + dn = results[0][0] + + # set password + pass_quotes = '"{}"'.format(password) + pass_uni = pass_quotes.encode('utf-16-le') + change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])] + result = l.modify_s(dn, change_des) + finally: + l.unbind() + + if __name__ == '__main__': # =========================================== @@ -173,5 +201,5 @@ if __name__ == '__main__': # #print("ReturnCode = " + str(rCode)) - find_user('tanner.collin') - + #print(find_user('tanner.collin')) + print(set_password('dsaftanner.collin', 'Supersecret@@'))