diff --git a/ldapserver/ldap_functions.py b/ldapserver/ldap_functions.py index d20e216..e869cf6 100644 --- a/ldapserver/ldap_functions.py +++ b/ldapserver/ldap_functions.py @@ -23,6 +23,19 @@ def init_ldap(): return ldap_conn +def convert(data): + if isinstance(data, dict): + return {convert(key): convert(value) for key, value in data.items()} + elif isinstance(data, (list, tuple)): + if len(data) == 1: + return convert(data[0]) + else: + return [convert(element) for element in data] + elif isinstance(data, (bytes, bytearray)): + return data.decode() + else: + return data + def find_user(username): ''' Search for a user by sAMAccountname @@ -31,7 +44,7 @@ def find_user(username): try: ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username) - results = ldap_conn.search_s(BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] ) + results = ldap_conn.search_s(BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email']) if len(results) != 1: abort(HTTP_NOTFOUND) @@ -40,6 +53,20 @@ def find_user(username): finally: ldap_conn.unbind() +def find_dn(dn): + ''' + Search for a user by dn + ''' + ldap_conn = init_ldap() + try: + ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) + criteria = '(&(objectClass=user)(!(objectClass=computer)))' + results = ldap_conn.search_s(dn, ldap.SCOPE_SUBTREE, criteria, ['sAMAccountName']) + + return results[0][1]['sAMAccountName'][0].decode() + finally: + ldap_conn.unbind() + def create_user(first, last, username, email, password): ''' Create a User; required data is first, last, email, username, password @@ -188,9 +215,11 @@ def list_group(groupname): group_dn = find_group(groupname) criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname) - results = ldap_conn.search_s(BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'] ) + results = ldap_conn.search_s(BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member']) members_tmp = results[0][1] - return members_tmp.get('member', []) + members = members_tmp.get('member', []) + return [find_dn(dn.decode()) for dn in members] + finally: ldap_conn.unbind() @@ -212,16 +241,46 @@ def is_member(groupname, username): finally: ldap_conn.unbind() +def dump_users(): + ''' + Dump all AD users + ''' + ldap_conn = init_ldap() + try: + ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) + criteria = '(&(objectClass=user)(sAMAccountName=*))' + attributes = ['cn', 'sAMAccountName', 'mail', 'displayName', 'givenName', 'name', 'sn', 'logonCount'] + results = ldap_conn.search_s(BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, attributes) + results = convert(results) + + output = {} + for r in results: + tmp = r[1] + tmp['dn'] = r[0] + output[r[1]['sAMAccountName']] = tmp + + import json + return json.dumps(output, indent=4) + + finally: + ldap_conn.unbind() + # =========================================================================== + #guid = '\\b4\\51\\1adce6709c449bd21a812c423e82' + #guid = ''.join(['\\%s' % guid[i:i+2] for i in range(0, len(guid), 2)]) + #print(guid) + #criteria = '(&(objectClass=user)(objectGUID={}))'.format(guid) + if __name__ == '__main__': pass #print(find_user('tanner.collin')) #print(set_password('tanner.collin', 'Supersecret@@')) + #print(find_dn('CN=Tanner Collin,OU=MembersOU,DC=ps,DC=protospace,DC=ca')) #print("============================================================") #print(create_group("newgroup", "new group")) #print(" ============== ") - #print(list_group("newgroup")) + #print(list_group("Laser Users")) #print(" ============== ") #print(is_member('newgroup','tanner.collin')) #print(" ============== ") @@ -232,3 +291,4 @@ if __name__ == '__main__': #print(remove_from_group('newgroup','tanner.collin')) #print(" ============== ") #print(list_group("newgroup")) + #print(dump_users())