tanner
/
spaceport
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve ldapserver logging

Browse Source
master
Tanner Collin 4 years ago
parent bf0030504a
commit abcea93050
5 changed files with 74 additions and 20 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      ldapserver/gunicorn.conf.py
  2. 34
      ldapserver/ldap_functions.py
  3. 45
      ldapserver/log.py
  4. 1
      ldapserver/requirements.txt
  5. 4
      ldapserver/server.py

10
ldapserver/gunicorn.conf.py
Unescape View File

@ -0,0 +1,10 @@
# Gunicorn config file
#
# By default, a file named gunicorn.conf.py will be read from the same directory where gunicorn is being run.
# Reference: https://docs.gunicorn.org/en/latest/settings.html
import log
logconfig_dict = log.LOG_DICT
workers = 1
bind = ['0.0.0.0:5000']

34
ldapserver/ldap_functions.py
Unescape View File

@ -49,7 +49,7 @@ def find_user(query):
criteria = '(&(objectClass=user)(|(mail={})(sAMAccountName={}))(!(objectClass=computer)))'.format(query, query) criteria = '(&(objectClass=user)(|(mail={})(sAMAccountName={}))(!(objectClass=computer)))'.format(query, query)
results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email']) results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'])
logger.info(results) logger.info(' Results: ' + str(results))
if len(results) != 1: if len(results) != 1:
abort(HTTP_NOTFOUND) abort(HTTP_NOTFOUND)
@ -64,10 +64,13 @@ def find_dn(dn):
''' '''
ldap_conn = init_ldap() ldap_conn = init_ldap()
try: try:
logger.info('Finding user for dn: ' + dn)
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
criteria = '(&(objectClass=user)(!(objectClass=computer)))' criteria = '(&(objectClass=user)(!(objectClass=computer)))'
results = ldap_conn.search_s(dn, ldap.SCOPE_SUBTREE, criteria, ['sAMAccountName']) results = ldap_conn.search_s(dn, ldap.SCOPE_SUBTREE, criteria, ['sAMAccountName'])
logger.info(' Results: ' + str(results))
return results[0][1]['sAMAccountName'][0].decode() return results[0][1]['sAMAccountName'][0].decode()
finally: finally:
ldap_conn.unbind() ldap_conn.unbind()
@ -79,6 +82,7 @@ def create_user(first, last, username, email, password):
''' '''
ldap_conn = init_ldap() ldap_conn = init_ldap()
try: try:
logger.info('Creating user: ' + username)
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
dn = 'CN={} {},{}'.format(first, last, secrets.BASE_MEMBERS) dn = 'CN={} {},{}'.format(first, last, secrets.BASE_MEMBERS)
full_name = '{} {}'.format(first, last) full_name = '{} {}'.format(first, last)
@ -98,7 +102,7 @@ def create_user(first, last, username, email, password):
result = ldap_conn.add_s(dn, ldif) result = ldap_conn.add_s(dn, ldif)
logger.info(result) logger.info(' Result: ' + result)
# set password # set password
pass_quotes = '"{}"'.format(password) pass_quotes = '"{}"'.format(password)
@ -106,19 +110,20 @@ def create_user(first, last, username, email, password):
change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])] change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])]
result = ldap_conn.modify_s(dn, change_des) result = ldap_conn.modify_s(dn, change_des)
logger.info(result) logger.info(' Result: ' + result)
# 512 will set user account to enabled # 512 will set user account to enabled
mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', b'512')] mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', b'512')]
result = ldap_conn.modify_s(dn, mod_acct) result = ldap_conn.modify_s(dn, mod_acct)
logger.info(result) logger.info(' Result: ' + result)
finally: finally:
ldap_conn.unbind() ldap_conn.unbind()
def set_password(username, password): def set_password(username, password):
ldap_conn = init_ldap() ldap_conn = init_ldap()
try: try:
logger.info('Setting password for: ' + username)
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username) criteria = '(&(objectClass=user)(sAMAccountName={})(!(objectClass=computer)))'.format(username)
results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] ) results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'] )
@ -128,11 +133,15 @@ def set_password(username, password):
dn = results[0][0] dn = results[0][0]
logger.info(' Dn found: ' + dn)
# set password # set password
pass_quotes = '"{}"'.format(password) pass_quotes = '"{}"'.format(password)
pass_uni = pass_quotes.encode('utf-16-le') pass_uni = pass_quotes.encode('utf-16-le')
change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])] change_des = [(ldap.MOD_REPLACE, 'unicodePwd', [pass_uni])]
result = ldap_conn.modify_s(dn, change_des) result = ldap_conn.modify_s(dn, change_des)
logger.info(' Set password result: ' + str(result))
finally: finally:
ldap_conn.unbind() ldap_conn.unbind()
@ -147,7 +156,7 @@ def find_group(groupname):
criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname) criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname)
results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['name','groupType'] ) results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['name','groupType'] )
logger.info(results) logger.info(' Results: ' + str(results))
if len(results) != 1: if len(results) != 1:
abort(HTTP_NOTFOUND) abort(HTTP_NOTFOUND)
@ -185,6 +194,7 @@ def add_to_group(groupname, username):
''' '''
ldap_conn = init_ldap() ldap_conn = init_ldap()
try: try:
logger.info('Adding ' + username + ' to group: ' + groupname)
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
user_dn = find_user(username) user_dn = find_user(username)
group_dn = find_group(groupname) group_dn = find_group(groupname)
@ -192,9 +202,10 @@ def add_to_group(groupname, username):
if not is_member(groupname, username): if not is_member(groupname, username):
mod_acct = [(ldap.MOD_ADD, 'member', user_dn.encode())] mod_acct = [(ldap.MOD_ADD, 'member', user_dn.encode())]
ldap_conn.modify_s(group_dn, mod_acct) ldap_conn.modify_s(group_dn, mod_acct)
logger.info(' Added.')
return True return True
else: else:
logger.info('Already a member, skipping') logger.info(' Already a member, skipping.')
return False return False
finally: finally:
@ -245,7 +256,7 @@ def is_member(groupname, username):
''' '''
ldap_conn = init_ldap() ldap_conn = init_ldap()
try: try:
logger.info('Checking group membership...') logger.info('Checking if ' + username + ' is in group: ' + groupname)
ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD) ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
group_dn = find_group(groupname) group_dn = find_group(groupname)
user_dn = find_user(username).encode() user_dn = find_user(username).encode()
@ -254,7 +265,10 @@ def is_member(groupname, username):
results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'] ) results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'] )
members_tmp = results[0][1] members_tmp = results[0][1]
members = members_tmp.get('member', []) members = members_tmp.get('member', [])
return user_dn in members result = user_dn in members
logger.info(' Result: ' + str(result))
return result
finally: finally:
ldap_conn.unbind() ldap_conn.unbind()
@ -292,7 +306,7 @@ def dump_users():
if __name__ == '__main__': if __name__ == '__main__':
pass pass
#print(create_user('Elon', 'Tusk', 'elon.tusk', 'elont@example.com', 'protospace*&^g87g6')) #print(create_user('Elon', 'Tusk', 'elon.tusk', 'elont@example.com', 'protospace*&^g87g6'))
#print(find_user('test.testerb')) #print(find_user('tanner.collin'))
#print(set_password('tanner.collin', 'Supersecret@@')) #print(set_password('tanner.collin', 'Supersecret@@'))
#print(find_dn('CN=Tanner Collin,OU=MembersOU,DC=ps,DC=protospace,DC=ca')) #print(find_dn('CN=Tanner Collin,OU=MembersOU,DC=ps,DC=protospace,DC=ca'))
#print("============================================================") #print("============================================================")
@ -308,7 +322,7 @@ if __name__ == '__main__':
#print(" ============== ") #print(" ============== ")
#print(remove_from_group('newgroup','tanner.collin')) #print(remove_from_group('newgroup','tanner.collin'))
#print(" ============== ") #print(" ============== ")
#print(list_group("newgroup")) print(list_group('Trotec Users'))
#print(dump_users()) #print(dump_users())
#users = list_group('Laser Users') #users = list_group('Laser Users')

45
ldapserver/log.py
Unescape View File

@ -1,22 +1,47 @@
import logging import logging
import logging.config import logging.config
logging.config.dictConfig({ LOG_DICT = {
'version': 1, 'version': 1,
'formatters': {'default': { 'formatters': {
'format': '[%(asctime)s] [%(process)d] [%(levelname)7s] %(message)s', 'default': {
}}, 'format': '[%(asctime)s] [%(process)d] [%(levelname)7s] %(message)s',
'handlers': {'wsgi': { },
'class': 'logging.StreamHandler', },
'stream': 'ext://flask.logging.wsgi_errors_stream', 'handlers': {
'formatter': 'default' 'wsgi': {
}}, 'class': 'logging.StreamHandler',
'stream': 'ext://flask.logging.wsgi_errors_stream',
'formatter': 'default'
},
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
'formatter': 'default'
},
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
'formatter': 'default'
},
},
'loggers': {
'gunicorn': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
},
'root': { 'root': {
'level': 'INFO', 'level': 'INFO',
'handlers': ['wsgi'] 'handlers': ['wsgi']
} }
}) }
logging.config.dictConfig(LOG_DICT)
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
logger.info('Logging enabled.') logger.info('Logging enabled.')
from logging_tree import printout
printout()

1
ldapserver/requirements.txt
Unescape View File

@ -3,6 +3,7 @@ Flask==1.1.1
gunicorn==20.0.4 gunicorn==20.0.4
itsdangerous==1.1.0 itsdangerous==1.1.0
Jinja2==2.11.1 Jinja2==2.11.1
logging-tree==1.8.1
MarkupSafe==1.1.1 MarkupSafe==1.1.1
pyasn1==0.4.8 pyasn1==0.4.8
pyasn1-modules==0.2.8 pyasn1-modules==0.2.8

4
ldapserver/server.py
Unescape View File

@ -1,3 +1,5 @@
from log import logger
from flask import Flask, abort, request from flask import Flask, abort, request
app = Flask(__name__) app = Flask(__name__)
@ -13,6 +15,8 @@ def check_auth():
@app.route('/') @app.route('/')
def index(): def index():
logger.info('Index page requested')
return '<i>SEE YOU SPACE SAMURAI...</i>' return '<i>SEE YOU SPACE SAMURAI...</i>'
@app.route('/find-user', methods=['POST']) @app.route('/find-user', methods=['POST'])

Write Preview
Loading…
Cancel
Save