tanner/spaceport
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add find_dn and dump_users LDAP functions

Browse Source
This commit is contained in:
Tanner Collin 2020-09-11 00:04:38 -06:00
parent 3133114f93
commit 2cc21d360d
1 changed files with 64 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
ldapserver/ldap_functions.py
View File

@ -23,6 +23,19 @@ def init_ldap():
return ldap_conn return ldap_conn
def convert(data):
if isinstance(data, dict):
return {convert(key): convert(value) for key, value in data.items()}
elif isinstance(data, (list, tuple)):
if len(data) == 1:
return convert(data[0])
else:
return [convert(element) for element in data]
elif isinstance(data, (bytes, bytearray)):
return data.decode()
else:
return data
def find_user(username): def find_user(username):
''' '''
Search for a user by sAMAccountname Search for a user by sAMAccountname
@ -31,7 +44,7 @@ def find_user(username):
try: try:
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username) criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username)
results = ldap_conn.search_s(BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] ) results = ldap_conn.search_s(BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'])
if len(results) != 1: if len(results) != 1:
abort(HTTP_NOTFOUND) abort(HTTP_NOTFOUND)
@ -40,6 +53,20 @@ def find_user(username):
finally: finally:
ldap_conn.unbind() ldap_conn.unbind()
def find_dn(dn):
'''
Search for a user by dn
'''
ldap_conn = init_ldap()
try:
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
criteria = '(&(objectClass=user)(!(objectClass=computer)))'
results = ldap_conn.search_s(dn, ldap.SCOPE_SUBTREE, criteria, ['sAMAccountName'])
return results[0][1]['sAMAccountName'][0].decode()
finally:
ldap_conn.unbind()
def create_user(first, last, username, email, password): def create_user(first, last, username, email, password):
''' '''
Create a User; required data is first, last, email, username, password Create a User; required data is first, last, email, username, password
@ -188,9 +215,11 @@ def list_group(groupname):
group_dn = find_group(groupname) group_dn = find_group(groupname)
criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname) criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname)
results = ldap_conn.search_s(BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'] ) results = ldap_conn.search_s(BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'])
members_tmp = results[0][1] members_tmp = results[0][1]
return members_tmp.get('member', []) members = members_tmp.get('member', [])
return [find_dn(dn.decode()) for dn in members]
finally: finally:
ldap_conn.unbind() ldap_conn.unbind()
@ -212,16 +241,46 @@ def is_member(groupname, username):
finally: finally:
ldap_conn.unbind() ldap_conn.unbind()
def dump_users():
'''
Dump all AD users
'''
ldap_conn = init_ldap()
try:
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
criteria = '(&(objectClass=user)(sAMAccountName=*))'
attributes = ['cn', 'sAMAccountName', 'mail', 'displayName', 'givenName', 'name', 'sn', 'logonCount']
results = ldap_conn.search_s(BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, attributes)
results = convert(results)
output = {}
for r in results:
tmp = r[1]
tmp['dn'] = r[0]
output[r[1]['sAMAccountName']] = tmp
import json
return json.dumps(output, indent=4)
finally:
ldap_conn.unbind()
# =========================================================================== # ===========================================================================
#guid = '\\b4\\51\\1adce6709c449bd21a812c423e82'
#guid = ''.join(['\\%s' % guid[i:i+2] for i in range(0, len(guid), 2)])
#print(guid)
#criteria = '(&(objectClass=user)(objectGUID={}))'.format(guid)
if __name__ == '__main__': if __name__ == '__main__':
pass pass
#print(find_user('tanner.collin')) #print(find_user('tanner.collin'))
#print(set_password('tanner.collin', 'Supersecret@@')) #print(set_password('tanner.collin', 'Supersecret@@'))
#print(find_dn('CN=Tanner Collin,OU=MembersOU,DC=ps,DC=protospace,DC=ca'))
#print("============================================================") #print("============================================================")
#print(create_group("newgroup", "new group")) #print(create_group("newgroup", "new group"))
#print(" ============== ") #print(" ============== ")
#print(list_group("newgroup")) #print(list_group("Laser Users"))
#print(" ============== ") #print(" ============== ")
#print(is_member('newgroup','tanner.collin')) #print(is_member('newgroup','tanner.collin'))
#print(" ============== ") #print(" ============== ")
@ -232,3 +291,4 @@ if __name__ == '__main__':
#print(remove_from_group('newgroup','tanner.collin')) #print(remove_from_group('newgroup','tanner.collin'))
#print(" ============== ") #print(" ============== ")
#print(list_group("newgroup")) #print(list_group("newgroup"))
#print(dump_users())