tanner
/
spaceport
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve ldapserver logging

Browse Source
master
Tanner Collin 4 years ago
parent bf0030504a
commit abcea93050
5 changed files with 74 additions and 20 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      ldapserver/gunicorn.conf.py
  2. 34
      ldapserver/ldap_functions.py
  3. 45
      ldapserver/log.py
  4. 1
      ldapserver/requirements.txt
  5. 4
      ldapserver/server.py

10
ldapserver/gunicorn.conf.py
Unescape View File

@ -0,0 +1,10 @@
# Gunicorn config file
#
# By default, a file named gunicorn.conf.py will be read from the same directory where gunicorn is being run.
# Reference: https://docs.gunicorn.org/en/latest/settings.html
import log
logconfig_dict = log.LOG_DICT
workers = 1
bind = ['0.0.0.0:5000']

34
ldapserver/ldap_functions.py
Unescape View File

@ -49,7 +49,7 @@ def find_user(query):
criteria = '(&(objectClass=user)(|(mail={})(sAMAccountName={}))(!(objectClass=computer)))'.format(query, query)
results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'])
logger.info(results)
logger.info(' Results: ' + str(results))
if len(results) != 1:
abort(HTTP_NOTFOUND)
@ -64,10 +64,13 @@ def find_dn(dn):
'''
ldap_conn = init_ldap()
try:
logger.info('Finding user for dn: ' + dn)
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
criteria = '(&(objectClass=user)(!(objectClass=computer)))'
results = ldap_conn.search_s(dn, ldap.SCOPE_SUBTREE, criteria, ['sAMAccountName'])
logger.info(' Results: ' + str(results))
return results[0][1]['sAMAccountName'][0].decode()
finally:
ldap_conn.unbind()
@ -79,6 +82,7 @@ def create_user(first, last, username, email, password):
'''
ldap_conn = init_ldap()
try:
logger.info('Creating user: ' + username)
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
dn = 'CN={} {},{}'.format(first, last, secrets.BASE_MEMBERS)
full_name = '{} {}'.format(first, last)
@ -98,7 +102,7 @@ def create_user(first, last, username, email, password):
result = ldap_conn.add_s(dn, ldif)
logger.info(result)
logger.info(' Result: ' + result)
# set password
pass_quotes = '"{}"'.format(password)
@ -106,19 +110,20 @@ def create_user(first, last, username, email, password):
change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])]
result = ldap_conn.modify_s(dn, change_des)
logger.info(result)
logger.info(' Result: ' + result)
# 512 will set user account to enabled
mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', b'512')]
result = ldap_conn.modify_s(dn, mod_acct)
logger.info(result)
logger.info(' Result: ' + result)
finally:
ldap_conn.unbind()
def set_password(username, password):
ldap_conn = init_ldap()
try:
logger.info('Setting password for: ' + username)
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username)
results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
@ -128,11 +133,15 @@ def set_password(username, password):
dn = results[0][0]
logger.info(' Dn found: ' + dn)
# set password
pass_quotes = '"{}"'.format(password)
pass_uni = pass_quotes.encode('utf-16-le')
change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])]
result = ldap_conn.modify_s(dn, change_des)
logger.info(' Set password result: ' + str(result))
finally:
ldap_conn.unbind()
@ -147,7 +156,7 @@ def find_group(groupname):
criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname)
results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['name','groupType'] )
logger.info(results)
logger.info(' Results: ' + str(results))
if len(results) != 1:
abort(HTTP_NOTFOUND)
@ -185,6 +194,7 @@ def add_to_group(groupname, username):
'''
ldap_conn = init_ldap()
try:
logger.info('Adding ' + username + ' to group: ' + groupname)
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
user_dn = find_user(username)
group_dn = find_group(groupname)
@ -192,9 +202,10 @@ def add_to_group(groupname, username):
if not is_member(groupname, username):
mod_acct = [(ldap.MOD_ADD, 'member', user_dn.encode())]
ldap_conn.modify_s(group_dn, mod_acct)
logger.info(' Added.')
return True
else:
logger.info('Already a member, skipping')
logger.info(' Already a member, skipping.')
return False
finally:
@ -245,7 +256,7 @@ def is_member(groupname, username):
'''
ldap_conn = init_ldap()
try:
logger.info('Checking group membership...')
logger.info('Checking if ' + username + ' is in group: ' + groupname)
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
group_dn = find_group(groupname)
user_dn = find_user(username).encode()
@ -254,7 +265,10 @@ def is_member(groupname, username):
results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'] )
members_tmp = results[0][1]
members = members_tmp.get('member', [])
return user_dn in members
result = user_dn in members
logger.info(' Result: ' + str(result))
return result
finally:
ldap_conn.unbind()
@ -292,7 +306,7 @@ def dump_users():
if __name__ == '__main__':
pass
#print(create_user('Elon', 'Tusk', 'elon.tusk', 'elont@example.com', 'protospace*&^g87g6'))
#print(find_user('test.testerb'))
#print(find_user('tanner.collin'))
#print(set_password('tanner.collin', 'Supersecret@@'))
#print(find_dn('CN=Tanner Collin,OU=MembersOU,DC=ps,DC=protospace,DC=ca'))
#print("============================================================")
@ -308,7 +322,7 @@ if __name__ == '__main__':
#print(" ============== ")
#print(remove_from_group('newgroup','tanner.collin'))
#print(" ============== ")
#print(list_group("newgroup"))
print(list_group('Trotec Users'))
#print(dump_users())
#users = list_group('Laser Users')

45
ldapserver/log.py
Unescape View File

@ -1,22 +1,47 @@
import logging
import logging.config
logging.config.dictConfig({
LOG_DICT = {
'version': 1,
'formatters': {'default': {
'format': '[%(asctime)s] [%(process)d] [%(levelname)7s] %(message)s',
}},
'handlers': {'wsgi': {
'class': 'logging.StreamHandler',
'stream': 'ext://flask.logging.wsgi_errors_stream',
'formatter': 'default'
}},
'formatters': {
'default': {
'format': '[%(asctime)s] [%(process)d] [%(levelname)7s] %(message)s',
},
},
'handlers': {
'wsgi': {
'class': 'logging.StreamHandler',
'stream': 'ext://flask.logging.wsgi_errors_stream',
'formatter': 'default'
},
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
'formatter': 'default'
},
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
'formatter': 'default'
},
},
'loggers': {
'gunicorn': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
},
'root': {
'level': 'INFO',
'handlers': ['wsgi']
}
})
}
logging.config.dictConfig(LOG_DICT)
logger = logging.getLogger(__name__)
logger.info('Logging enabled.')
from logging_tree import printout
printout()

1
ldapserver/requirements.txt
Unescape View File

@ -3,6 +3,7 @@ Flask==1.1.1
gunicorn==20.0.4
itsdangerous==1.1.0
Jinja2==2.11.1
logging-tree==1.8.1
MarkupSafe==1.1.1
pyasn1==0.4.8
pyasn1-modules==0.2.8

4
ldapserver/server.py
Unescape View File

@ -1,3 +1,5 @@
from log import logger
from flask import Flask, abort, request
app = Flask(__name__)
@ -13,6 +15,8 @@ def check_auth():
@app.route('/')
def index():
logger.info('Index page requested')
return '<i>SEE YOU SPACE SAMURAI...</i>'
@app.route('/find-user', methods=['POST'])

Write Preview
Loading…
Cancel
Save