Implement set password on LDAP server

This commit is contained in:
Tanner Collin 2020-02-04 22:42:42 -07:00
parent 0189713ff1
commit 036623d473

View File

@ -4,6 +4,9 @@ import ldap.modlist as modlist
import secrets import secrets
import base64 import base64
from flask import abort
HTTP_NOTFOUND = 404
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, './ProtospaceAD.cer') ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, './ProtospaceAD.cer')
l = ldap.initialize('ldaps://ldap.ps.protospace.ca:636') l = ldap.initialize('ldaps://ldap.ps.protospace.ca:636')
@ -15,7 +18,8 @@ l.set_option(ldap.OPT_DEBUG_LEVEL, 255)
# === Protospace === # === Protospace ===
BASE = 'DC=ps,DC=protospace,DC=ca' BASE = 'DC=ps,DC=protospace,DC=ca'
BASE_Members = 'OU=XTest,OU=GroupsOU,DC=ps,DC=protospace,DC=ca' #BASE_Members = 'OU=XTest,OU=GroupsOU,DC=ps,DC=protospace,DC=ca'
BASE_Members = 'OU=MembersOU,DC=ps,DC=protospace,DC=ca'
BASE_Groups = 'OU=GroupsOU,DC=ps,DC=protospace,DC=ca' BASE_Groups = 'OU=GroupsOU,DC=ps,DC=protospace,DC=ca'
def search(query): def search(query):
@ -51,11 +55,15 @@ def find_user(query):
try: try:
bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(query) criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(query)
results = l.search_s(BASE_Groups, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] ) results = l.search_s(BASE_Members, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
if len(results) != 1:
return False
return results[0][0]
finally: finally:
l.unbind() l.unbind()
print('unbound find')
return(results)
def findgroup(query): def findgroup(query):
''' '''
@ -145,6 +153,26 @@ def create_group(groupname):
finally: finally:
l.unbind() l.unbind()
def set_password(username, password):
try:
bind = l.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username)
results = l.search_s(BASE_Members, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
if len(results) != 1:
abort(HTTP_NOTFOUND)
dn = results[0][0]
# set password
pass_quotes = '"{}"'.format(password)
pass_uni = pass_quotes.encode('utf-16-le')
change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])]
result = l.modify_s(dn, change_des)
finally:
l.unbind()
if __name__ == '__main__': if __name__ == '__main__':
# =========================================== # ===========================================
@ -173,5 +201,5 @@ if __name__ == '__main__':
# #
#print("ReturnCode = " + str(rCode)) #print("ReturnCode = " + str(rCode))
find_user('tanner.collin') #print(find_user('tanner.collin'))
print(set_password('dsaftanner.collin', 'Supersecret@@'))