From cd754871a06ef005cc7677207a09446f9aa104d6 Mon Sep 17 00:00:00 2001 From: Patrick Spencer Date: Tue, 17 Mar 2020 10:53:08 -0600 Subject: [PATCH] Add group functions. Add members, list members, create new groups --- ldapserver/ldap_functions.py | 110 ++++++++++++++++++++++++++++++++++- 1 file changed, 108 insertions(+), 2 deletions(-) diff --git a/ldapserver/ldap_functions.py b/ldapserver/ldap_functions.py index a82bbdf..0ae5017 100644 --- a/ldapserver/ldap_functions.py +++ b/ldapserver/ldap_functions.py @@ -7,8 +7,8 @@ import base64 from flask import abort HTTP_NOTFOUND = 404 -#BASE_MEMBERS = 'OU=Test,OU=GroupsOU,DC=ps,DC=protospace,DC=ca' # testing BASE_MEMBERS = 'OU=MembersOU,DC=ps,DC=protospace,DC=ca' # prod +BASE_GROUPS = 'OU=GroupsOU,DC=ps,DC=protospace,DC=ca' # prod ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, './ProtospaceAD.cer') @@ -98,6 +98,112 @@ def set_password(username, password): finally: ldap_conn.unbind() +def find_group(groupname): + ''' + Search for a group by name or sAMAccountname. Retrun the DN + ''' + ldap_conn = init_ldap() + try: + ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) + criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname) + results = ldap_conn.search_s(BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['name','groupType'] ) + + if len(results) != 1: + abort(HTTP_NOTFOUND) + + return results[0][0] + + finally: + ldap_conn.unbind() + +def create_group(groupname,description): + ''' + Create a Group; required data is sAMAccountName, Description + ''' + ldap_conn = init_ldap() + try: + ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) + dn = 'CN={},{}'.format(groupname, BASE_GROUPS) + + ldif = [ + ('objectClass', [b'top', b'group']), + ('cn', [groupname.encode()]), + ('DisplayName', [groupname.encode()]), + ('description', [description.encode()]), + ('sAMAccountName', [groupname.encode()]) + ] + + rcode = ldap_conn.add_s(dn, ldif) + + finally: + ldap_conn.unbind() + +def list_group(groupname): + ''' + List users in a Group; required data is GroupName + ''' + members = [] + ldap_conn = init_ldap() + try: + ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) + group_dn = find_group(groupname) + + criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname) + results = ldap_conn.search_s(BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'] ) + members_tmp = results[0][1]['member'] + for m in members_tmp: + members.append(m) +# print("m = {}".format(m)) #Debug + + return(members) + + finally: + ldap_conn.unbind() + +def add_to_group(groupname,username): + ''' + Add a user to a Group; required data is GroupName, Username + ''' + print("== Enter add_to_group ==") + ldap_conn = init_ldap() + try: + print(' --- Enter add_to_group with {0}, {1}---'.format(groupname,username)) + ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) + # get DN of the groupname + group_dn = find_group(groupname) + + #get DN of the username + user_dn = find_user(username) + + # -- TODO: Check to see if user is already a member, skip if not needed + + mod_acct = [(ldap.MOD_ADD, 'member', user_dn.encode())] + result = ldap_conn.modify_s(group_dn, mod_acct) + + finally: + ldap_conn.unbind() + + + if __name__ == '__main__': #print(find_user('tanner.collin')) - print(set_password('dsaftanner.collin', 'Supersecret@@')) + #print(set_password('dsaftanner.collin', 'Supersecret@@')) + + # create a new group + create_group("testgroup") + print(find_group("testgroup") + + # List Group members + print("-- Members of {}".format("Laser Trainers")) + group_members = list_group("Laser Trainers") + for member in group_members: + print('{}'.format(member)) + + # add users to test group + add_to_group("testgroup","pat.spencer") + add_to_group("testgroup","Tanner.Collin") + # List Group members + print("-- Members of {}".format("testgroup")) + group_members = list_group("testgroup") + for member in group_members: + print('{}'.format(member))