def GroupUsers():
domain = request.args.get('domain')
group = request.args.get('group')
last_exception = None
if domain and group:
try:
domain_objs = []
with open(domain_config_file, 'r') as f:
line = f.readline()
while line:
line_domain = line.split('|')[1]
line_base_dn = line.split('|')[3].strip()
line_ldap_servers = line.split('|')[5].strip().split(';')
d = domain_obj(domain=line_domain,base_dn=line_base_dn,ldap_servers=line_ldap_servers[:])
domain_objs.append(d)
line = f.readline()
domain_set = [e.serialize() for e in domain_objs]
domain_check = next((item for item in domain_set if item["domain"] == domain), None)
if not domain_check:
return jsonify(success=False,
error=("'domain' parameter '" + domain + "' not present in domain_config_file"))
base_dn = domain_check['base_dn']
ldap_servers = domain_check['ldap_servers']
except Exception as e:
return jsonify(success=False,
error=("Error loading domain_config_file: " + domain_config_file),
exception=str(e))
# Now try the AD query
ldap_server_query_success = 0
for ldap_server in ldap_servers:
pyad.pyad_setdefaults(ldap_server=ldap_server)
if ldap_server_query_success == 0:
try:
query_results = []
pythoncom.CoInitialize()
q = pyad.adquery.ADQuery()
q.execute_query(
attributes=["distinguishedName"],
where_clause="objectClass = 'group' AND cn = '{}'".format(group),
base_dn=base_dn
)
if q.get_row_count() == 0:
return jsonify(success=False,
domain=domain,
group=group,
ldap_server=ldap_server,
error='No rows returned from adsi query')
group_dn = ''
for row in q.get_results():
group_dn = row['distinguishedName']
ldap_server_query_success = 1
except Exception as e:
last_exception = e
if last_exception:
pythoncom.CoUninitialize()
return jsonify(success=False,
error=("Error querying domain controller"),
ldap_server=ldap_server,
domain=domain,
group=group,
exception=str(last_exception))
if group_dn == '':
pythoncom.CoUninitialize()
return jsonify(success=False,
error=("Error group cn specified invalid"),
domain=domain,
group=group
)
if ldap_server_query_success == 1:
try:
q = pyad.adquery.ADQuery()
q.execute_query(
attributes=["distinguishedName", "sAMAccountName"],
where_clause="memberOf = '{}'".format(group_dn),
base_dn=base_dn
)
# parse the user dn/samaccountname results
users = []
for row in q.get_results():
users.append({"distinguishedName": row['distinguishedName'],
"sAMAccountName": row['sAMAccountName'] })
pythoncom.CoUninitialize()
return jsonify(success=True,
domain=domain,
group=group,
ldap_server=ldap_server,
group_dn=group_dn,
users=[e for e in users])
except Exception as e:
return jsonify(success=False,
error=("Error querying domain controller for memberOf information"),
domain=domain,
group=group,
ldap_server=ldap_server,
exception=str(e))
else:
return jsonify(success=False,
error="/GroupUsers requires parameter 'domain', and 'group'")
def UserFullName():
samAccountName = request.args.get('samAccountName')
domain = request.args.get('domain')
if samAccountName and domain:
try:
domain_objs = []
with open(domain_config_file, 'r') as f:
line = f.readline()
while line:
line_domain = line.split('|')[1]
line_base_dn = line.split('|')[3].strip()
line_ldap_servers = line.split('|')[5].strip().split(';')
d = domain_obj(domain=line_domain,base_dn=line_base_dn,ldap_servers=line_ldap_servers[:])
domain_objs.append(d)
line = f.readline()
domain_set = [e.serialize() for e in domain_objs]
domain_check = next((item for item in domain_set if item["domain"] == domain), None)
if not domain_check:
return jsonify(success=False,
error=("'domain' parameter '" + domain + "' not present in domain_config_file"))
base_dn = domain_check['base_dn']
ldap_servers = domain_check['ldap_servers']
except Exception as e:
return jsonify(success=False,
error=("Error loading domain_config_file: " + domain_config_file),
exception=str(e))
# Now try the AD query
ldap_server_query_success = 0
for ldap_server in ldap_servers:
pyad.pyad_setdefaults(ldap_server=ldap_server)
try:
query_results = []
pythoncom.CoInitialize()
q = pyad.adquery.ADQuery()
q.execute_query(
attributes=["sAMAccountName", "displayName"],
where_clause="samAccountName = '{}'".format(samAccountName),
base_dn=base_dn
)
if q.get_row_count() == 0:
return jsonify(success=False,
samAccountName=samAccountName,
domain=domain,
ldap_server=ldap_server,
error='No rows returned from adsi query')
last_row = ''
for row in q.get_results():
last_row = row
FullName = last_row['displayName']
pythoncom.CoUninitialize()
ldap_server_query_success = 1
return jsonify(success=True,
displayName=FullName,
samAccountName=samAccountName,
domain=domain,
FullName=FullName,
ldap_server=ldap_server)
except Exception as e:
last_exception = e
if ldap_server_query_success == 0:
return jsonify(success=False,
error=("No data returned from querying domain controllers: " + str(ldap_servers)))
else:
return jsonify(success=False,
error="/UserFullName requires parameter 'samAccountName' and 'domain'")
def ad_query_memberOf(base_dn, ldap_servers, samAccountName):
#print("ad_query_memberOf(base_dn, ldap_servers, samAccountName)")
#print("(" + base_dn + ", " + str(ldap_servers) + ", " + samAccountName)
ldap_server_query_success = 0
for ldap_server in ldap_servers:
pyad.pyad_setdefaults(ldap_server=ldap_server)
if ldap_server_query_success == 0:
try:
query_results = []
pythoncom.CoInitialize()
q = pyad.adquery.ADQuery()
q.execute_query(
attributes=["sAMAccountName",
"memberOf",
"name",
"cn"],
where_clause="samAccountName = '{}'".format(samAccountName),
base_dn=base_dn
)
if q.get_row_count() == 0:
ldap_server_query_success = 1
return None, None, 'No rows returned from adsi query'
cn = None
group_count = 0
groups = []
for row in q.get_results():
for attr in row:
print(str(row[attr]))
if attr == 'cn':
cn = str(row[attr])
if attr == 'name':
name = str(row[attr])
if attr == 'memberOf':
for member in row[attr]:
full_cn = member
member_of_group = member.split(',')[0].split('=')[1]
groups.append({
"group":member_of_group,
"full_cn":full_cn
})
group_count = group_count + 1
if not cn:
ldap_server_query_success = 1
pythoncom.CoUninitialize()
return None, None, 'samAccountName not found'
pythoncom.CoUninitialize()
ldap_server_query_success = 1
except Exception as e:
last_exception = e
if ldap_server_query_success == 0:
return None, None, ("Error querying domain controller: " + str(last_exception))
else:
#print("cn, groups")
#print(str(cn) + ", " + str(groups))
return cn, groups, None
def UserInfo():
samAccountName = request.args.get('samAccountName')
domain = request.args.get('domain')
last_exception = None
if samAccountName and domain:
try:
domain_objs = []
with open(domain_config_file, 'r') as f:
line = f.readline()
while line:
line_domain = line.split('|')[1]
line_base_dn = line.split('|')[3].strip()
line_ldap_servers = line.split('|')[5].strip().split(';')
d = domain_obj(domain=line_domain,base_dn=line_base_dn,ldap_servers=line_ldap_servers[:])
domain_objs.append(d)
line = f.readline()
domain_set = [e.serialize() for e in domain_objs]
domain_check = next((item for item in domain_set if item["domain"] == domain), None)
if not domain_check:
return jsonify(success=False,
error=("'domain' parameter '" + domain + "' not present in domain_config_file"))
base_dn = domain_check['base_dn']
ldap_servers = domain_check['ldap_servers']
except Exception as e:
return jsonify(success=False,
error=("Error loading domain_config_file: " + domain_config_file),
exception=str(e))
# Now try the AD query
ldap_server_query_success = 0
for ldap_server in ldap_servers:
pyad.pyad_setdefaults(ldap_server=ldap_server)
if ldap_server_query_success == 0:
try:
query_results = []
pythoncom.CoInitialize()
q = pyad.adquery.ADQuery()
q.execute_query(
attributes=["sAMAccountName",
"memberOf",
"cn",
"sn",
"l",
"st",
"title",
"description",
"postalCode",
"physicalDeliveryOfficeName",
"telephoneNumber",
"givenName",
"initials",
"distinguishedName",
"displayName",
"memberOf",
"department",
"company",
"streetAddress",
"targetAddress",
"employeeNumber",
"employeeType",
"name",
"homeDirectory",
"lastLogon",
"pwdLastSet",
"objectSid",
"userPrincipalName",
"lastLogonTimestamp",
"mail",
"departmentNumber",
"ADsPath"],
where_clause="samAccountName = '{}'".format(samAccountName),
base_dn=base_dn
)
if q.get_row_count() == 0:
ldap_server_query_success = 1
return jsonify(success=False,
samAccountName=samAccountName,
domain=domain,
ldap_server=ldap_server,
error='No rows returned from adsi query')
cn = None
group_count = 0
groups = []
for row in q.get_results():
for attr in row:
if attr == 'cn':
cn = str(row[attr])
if attr == 'sn':
sn = str(row[attr])
if attr == 'l':
l = str(row[attr])
if attr == 'st':
st = str(row[attr])
if attr == 'title':
title = str(row[attr])
if attr == 'description':
description = str(row[attr])
if attr == 'postalCode':
postalCode = str(row[attr])
if attr == 'physicalDeliveryOfficeName':
physicalDeliveryOfficeName = str(row[attr])
if attr == 'telephoneNumber':
telephoneNumber = str(row[attr])
if attr == 'givenName':
givenName = str(row[attr])
if attr == 'initials':
initials = str(row[attr])
if attr == 'distinguishedName':
distinguishedName = str(row[attr])
if attr == 'displayName':
displayName = str(row[attr])
if attr == 'department':
department = str(row[attr])
if attr == 'company':
company = str(row[attr])
if attr == 'streetAddress':
streetAddress = str(row[attr])
if attr == 'targetAddress':
targetAddress = str(row[attr])
if attr == 'employeeNumber':
employeeNumber = str(row[attr])
if attr == 'employeeType':
employeeType = str(row[attr])
if attr == 'name':
name = str(row[attr])
if attr == 'homeDirectory':
homeDirectory = str(row[attr])
if attr == 'lastLogon':
lastLogon = pyad.pyadutils.convert_datetime(row[attr])
if attr == 'pwdLastSet':
pwdLastSet = pyad.pyadutils.convert_datetime(row[attr])
if attr == 'objectSid':
objectSid = str(row[attr].tobytes())
if attr == 'userPrincipalName':
userPrincipalName = str(row[attr])
if attr == 'lastLogonTimestamp':
lastLogonTimestamp = pyad.pyadutils.convert_datetime(row[attr])
if attr == 'mail':
mail = str(row[attr])
if attr == 'departmentNumber':
departmentNumber = str(row[attr])
if attr == 'ADsPath':
ADsPath = str(row[attr])
if attr == 'memberOf':
for member in row[attr]:
full_cn = member
member_of_group = member.split(',')[0].split('=')[1]
groups.append({
"group":member_of_group,
"full_cn":full_cn
})
group_count = group_count + 1
if not cn:
ldap_server_query_success = 1
pythoncom.CoUninitialize()
return jsonify(success=False,
error="samAccountName not found",
samAccountName=samAccountName,
domain=domain,
ldap_server=ldap_server,
)
pythoncom.CoUninitialize()
ldap_server_query_success = 1
return jsonify(success=True,
sAMAccountName=samAccountName,
domain=domain,
memberOf=[e for e in groups],
cn=cn,
sn=sn,
l=l,
st=st,
title=title,
description=description,
postalCode=postalCode,
physicalDeliveryOfficeName=physicalDeliveryOfficeName,
telephoneNumber=telephoneNumber,
givenName=givenName,
initials=initials,
distinguishedName=distinguishedName,
displayName=displayName,
department=department,
company=company,
streetAddress=streetAddress,
targetAddress=targetAddress,
employeeNumber=employeeNumber,
employeeType=employeeType,
name=name,
homeDirectory=homeDirectory,
lastLogon=lastLogon,
pwdLastSet=pwdLastSet,
objectSid=objectSid,
userPrincipalName=userPrincipalName,
lastLogonTimestamp=lastLogonTimestamp,
mail=mail,
departmentNumber=departmentNumber,
ADsPath=ADsPath,
ldap_server=ldap_server,
)
except Exception as e:
last_exception = e
if ldap_server_query_success == 0:
return jsonify(success=False,
samAccountName=samAccountName,
domain=domain,
ldap_server=ldap_server,
error=("Error querying domain controller"),
exception=str(last_exception))
else:
return jsonify(success=False,
error="/UserFullName requires parameter 'samAccountName' and 'domain'")