From f4412d1cf517fb26582650ca0609786033faf1b6 Mon Sep 17 00:00:00 2001
From: Patrick Spencer <Pat.Spencer53@gmail.com>
Date: Sat, 18 Sep 2021 00:26:38 -0600
Subject: [PATCH 1/2] Added delete_user() function, also updated create_user()
 to limit sAMAccountName to 20 chars.  Also updated find_user() to now look
 for either SAM or UPN

---
 ldapserver/ldap_functions.py | 42 +++++++++++++++++++++++++++++-------
 1 file changed, 34 insertions(+), 8 deletions(-)

diff --git a/ldapserver/ldap_functions.py b/ldapserver/ldap_functions.py
index 192a087..0d448b9 100644
--- a/ldapserver/ldap_functions.py
+++ b/ldapserver/ldap_functions.py
@@ -46,7 +46,7 @@ def find_user(query):
     try:
         logger.info('Looking up user ' + query)
         ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
-        criteria = '(&(objectClass=user)(|(mail={})(sAMAccountName={}))(!(objectClass=computer)))'.format(query, query)
+        criteria = '(&(objectClass=user)(|(mail={})(sAMAccountName={})(userPrincipalName={}*))(!(objectClass=computer)))'.format(query, query, query)
         results = ldap_conn.search_s(secrets.BASE_MEMBERS, ldap.SCOPE_SUBTREE, criteria, ['displayName','sAMAccountName','email'])
 
         logger.info('  Results: ' + str(results))
@@ -91,7 +91,7 @@ def create_user(first, last, username, email, password):
             ('objectClass', [b'top', b'person', b'organizationalPerson', b'user']),
             ('cn', [full_name.encode()]),
             ('userPrincipalName', [username.encode()]),
-            ('sAMAccountName', [username.encode()]),
+            ('sAMAccountName', [username.encode()[:20]]),
             ('givenName', [first.encode()]),
             ('sn', [last.encode()]),
             ('DisplayName', [full_name.encode()]),
@@ -240,7 +240,7 @@ def list_group(groupname):
     try:
         ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
         group_dn = find_group(groupname)
-        
+
         criteria = '(&(objectClass=group)(sAMAccountName={}))'.format(groupname)
         results = ldap_conn.search_s(secrets.BASE_GROUPS, ldap.SCOPE_SUBTREE, criteria, ['member'])
         members_tmp = results[0][1]
@@ -250,6 +250,24 @@ def list_group(groupname):
     finally:
         ldap_conn.unbind()
 
+def delete_user(username):
+    '''
+    Delete user;  required data is sAMAccountName or userPrincipleName
+    '''
+    ldap_conn = init_ldap()
+    try:
+        logger.info('Deleting user: ' + username)
+
+        ldap_conn.simple_bind_s(secrets.LDAP_USERNAME, secrets.LDAP_PASSWORD)
+        user_dn = find_user(username)
+        result = ldap_conn.delete_s(user_dn)
+
+        logger.info('  Result: ' + str(result))
+        return result
+
+    finally:
+        ldap_conn.unbind()
+
 def is_member(groupname, username):
     '''
     Checks to see if a user is a member of a group
@@ -305,10 +323,17 @@ def dump_users():
 
 if __name__ == '__main__':
     pass
-    #print(create_user('Elon', 'Tusk', 'elon.tusk', 'elont@example.com', 'protospace*&^g87g6'))
-    #print(find_user('tanner.collin'))
-    #print(set_password('tanner.collin', 'Supersecret@@'))
-    #print(find_dn('CN=Tanner Collin,OU=MembersOU,DC=ps,DC=protospace,DC=ca'))
+    print("=-=-=-=-=-=-=-=-=-=")
+    #print(create_user('Elon', 'Tusk', 'elon.tusk', 'elon.tusk@lab39.lab', 'protospace*&^g87g6'))
+    #print(find_user('noorullah.hussain.zada'))
+    #print("----------")
+    #print(find_user('pat.spencer'))
+    print("----------")
+    print(find_user('elon.tusk'))
+    print("----------")
+    print(delete_user('elon.tusk'))
+    print("----------")
+    print(find_user('elon.tusk'))
     #print("============================================================")
     #print(create_group("newgroup", "new group"))
     #print("   ==============  ")
@@ -322,9 +347,10 @@ if __name__ == '__main__':
     #print("   ==============  ")
     #print(remove_from_group('newgroup','tanner.collin'))
     #print("   ==============  ")
-    print(list_group('Trotec Users'))
+    #print(list_group('Trotec Users'))
     #print(dump_users())
 
     #users = list_group('Laser Users')
     #import json
     #print(json.dumps(users, indent=4))
+(
\ No newline at end of file

From 5a8b72fa2598731209a6c094a7709d365252d29f Mon Sep 17 00:00:00 2001
From: Patrick Spencer <Pat.Spencer53@gmail.com>
Date: Sat, 18 Sep 2021 00:42:33 -0600
Subject: [PATCH 2/2] Added comments to reflect the changes on 09/17/2021

---
 ldapserver/README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ldapserver/README.md b/ldapserver/README.md
index 6079acc..da77722 100644
--- a/ldapserver/README.md
+++ b/ldapserver/README.md
@@ -17,3 +17,8 @@ That means you have the right to study, change, and distribute the software and
 ## Acknowledgements
 
 Thanks to Pat S for all his help integrating with Active Directory.
+
+## Changes
+
+09/17/2021: An error in the LDAP functionality was discovered when the proposed user name exceeded 20 characters.  Unfortunately Active Directory has this limitation in the length of the sAMAccountName attribute in order to provide backward compatibility to pre-win2000 calls.  
+It was realized that an assumption had been made that the login name and the sAMAccountName were interchangable.  This has been fixed.