def search_group(stog_filter = None, attrib = None): if not stog_filter: stog_filter = STOG_FILTER #print 'stog_filter is ', stog_filter creds = Creds(LDAP_BASE_DN) creds.acquire(MGR_CRED, MGR_PASSWD) activate(creds) client = Client(LDAP_BASE_DN) try: users = client.search(stog_filter, scheme='gc') except ldap.LDAPError, e: print e
def add_group(): groups = get_data(0) creds = Creds(LDAP_BASE_DN) creds.acquire(MGR_CRED, MGR_PASSWD) activate(creds) client = Client(LDAP_BASE_DN) for group in groups: attrs = [] stog_id = str(group['id']) stog_ou = group['path'].encode('utf-8') path = get_ou(stog_ou) dn = '%s%s' % (path, client.dn_from_domain_name(LDAP_BASE_DN)) ou = group['name'].encode('utf-8') attrs.append(('ou', [ou])) attrs.append(('objectClass', ['top', 'organizationalUnit'])) attrs.append(('description', [stog_id])) #path1 = search_group(stog_filter = 'description=' + stog_id) #print dn try: client.add(dn, attrs) logging.debug("[Group]Time %s add a new group, id is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), ou) except (ADError, LDAPError): logging.debug("[Error Group]Time %s add group error, id is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), ou)
from ad import Client, Creds, activate domain = 'freeadi.org' creds = Creds(domain) creds.load() activate(creds) client = Client(domain) users = client.search('(objectClass=user)', scheme='gc') for dn,attrs in users: name = attrs['sAMAccountName'][0] domain = client.domain_name_from_dn(dn) print '-> %s (%s)' % (name, domain)
import sys from ad import Client, Creds, Locator, activate from ad import AD_USERCTRL_NORMAL_ACCOUNT, AD_USERCTRL_ACCOUNT_DISABLED domain = 'freeadi.org' user = '******' password = '******' if len(sys.argv) != 3: sys.stderr.write('Usage: useradd <username> <password>\n') sys.exit(1) username = sys.argv[1] userpass = sys.argv[2] creds = Creds(domain) creds.acquire(user, password) activate(creds) client = Client(domain) result = client.search('(sAMAccountName=%s)' % username) if len(result) > 0: sys.stderr.write('Error: user %s already exists\n' % username) sys.exit(1) dn = 'cn=%s,cn=users,%s' % (username, client.dn_from_domain_name(domain)) attrs = [] attrs.append(('cn', [username])) attrs.append(('sAMAccountName', [username])) princ = '%s@%s' % (username, domain) attrs.append(('userPrincipalName', [princ])) ctrl = AD_USERCTRL_NORMAL_ACCOUNT | AD_USERCTRL_ACCOUNT_DISABLED
def add_user(): users = get_user() creds = Creds(LDAP_BASE_DN) creds.acquire(MGR_CRED, MGR_PASSWD) activate(creds) client = Client(LDAP_BASE_DN) #sys.exit(users["data"]) #print type(users) #print users["data"] for user in users["data"]: attrs = [] stog_uid = user['uid'].encode('utf-8') stog_ou = str(user['ou']).encode('utf-8') telephoneNumber = str(user['mobile']) lo = user['l'].encode('utf-8') uid = str(user['uid']) c = user['c'].encode('utf-8') displayname = user['displayname'].encode('utf-8') cn = user['cn'].encode('utf-8') st = user['l'].encode('utf-8') employeeNumber = str(user['employeeNumber']) employeeType = user['employeeType'].encode('utf-8') mail = str(user['mail']) title = user['title'].encode('utf-8') sn = user['sn'].encode('utf-8') status = user['status'] entryDN = str(user['entryDN']).encode('utf-8') if user['sex'] == 2: sex = '1' else: sex = '0' #user['sex'] == 2 ? sex = '0' : sex = '1' givenName = user['givenName'].encode('utf-8') #passwd = str(get_passwd(user['entryDN'])) path = search_group(stog_filter = 'description=' + stog_ou) #print "path is ", path if path: dn = 'CN=%s,%s' % (stog_uid, path) #print "dn is ", dn path1 = search_group(stog_filter = 'cn=' + stog_uid) #print "path1 ", path1 if path1 is None: attrs.append(('cn', [stog_uid])) attrs.append(('sAMAccountName', [stog_uid])) princ = '%s@%s' % (stog_uid, LDAP_BASE_DN) attrs.append(('userPrincipalName', [princ])) attrs.append(('description', [displayname])) ctrl = AD_USERCTRL_NORMAL_ACCOUNT | AD_USERCTRL_ACCOUNT_DISABLED attrs.append(('userAccountControl', [str(ctrl)])) attrs.append(('objectClass', ['user'])) attrs.append(('Gender', [sex])) attrs.append(('co', [c])) attrs.append(('displayname', [displayname])) attrs.append(('sn', [sn])) attrs.append(('st', [st])) attrs.append(('givenName', [givenName])) attrs.append(('sk-employeeNumber', [employeeNumber])) attrs.append(('sk-employeeType', [employeeType])) attrs.append(('mail', [mail])) attrs.append(('title', [title])) attrs.append(('telephoneNumber', [telephoneNumber])) attrs.append(('mobile', [telephoneNumber])) try: client.add(dn, attrs) logging.debug("[User]Time %s add a new user, id is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), stog_uid) except (ADError, LDAPError): print ADError,LDAPError logging.debug("[Error User]Time %s add user error, id is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), stog_uid) else: print 'status', status if status == 128: try: client.rename(path1, 'cn=' + stog_uid, 'OU=已离职用户,OU=虚拟组,OU=总部,OU=美团,DC=sankuai,DC=info') ctrl = 514 dnc = 'cn=' + stog_uid + ',OU=已离职用户,OU=虚拟组,OU=总部,OU=美团,DC=sankuai,DC=info' mods = [] mods.append(('replace', 'userAccountControl', [str(ctrl)])) client.modify(dnc, mods) logging.debug("[leave office success] Time %s,old dn is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), path1) continue except: logging.debug("[leave office failed] Time %s,old dn is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), path1) if cmp(path1, dn) != 0: try: client.rename(path1, 'cn=' + stog_uid, path) logging.debug("[modrdn success] Time %s,old dn is %s, new dn is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), path1, dn) except: logging.debug("[modrdn failed] Time %s,old dn is %s, new dn is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), path1, dn) #attrs.append(('replace', 'cn', [stog_uid])) #attrs.append(('replace', 'sAMAccountName', [stog_uid])) princ = '%s@%s' % (stog_uid, LDAP_BASE_DN) attrs.append(('replace', 'userPrincipalName', [princ])) #ctrl = AD_USERCTRL_NORMAL_ACCOUNT | AD_USERCTRL_ACCOUNT_DISABLED #ctrl = AD_USERCTRL_NORMAL_ACCOUNT #attrs.append(('replace', 'userAccountControl', [str(ctrl)])) #attrs.append(('replace', 'objectClass', ['user'])) attrs.append(('replace', 'Gender', [sex])) attrs.append(('replace', 'co', ['中国'])) attrs.append(('replace', 'displayname', [displayname])) attrs.append(('replace', 'sn', [sn])) attrs.append(('replace', 'st', [st])) attrs.append(('replace', 'givenName', [givenName])) attrs.append(('replace', 'sk-employeeNumber', [employeeNumber])) attrs.append(('replace', 'sk-employeeType', [employeeType])) attrs.append(('replace', 'mail', [mail])) attrs.append(('replace', 'title', [title])) attrs.append(('replace', 'telephoneNumber', [str(0)])) attrs.append(('replace', 'mobile', [telephoneNumber])) attrs.append(('replace', 'description', [displayname])) try: client.modify(dn, attrs) logging.debug("[Modify User]Time %s add a new user, id is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), stog_uid) except (ADError, LDAPError): print ADError, LDAPError logging.debug("[Modify User Error]Time %s add a new user, id is %s, error is %s, %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), stog_uid, ADError, LDAPError)
""" Use python-ad and GSSAPI/Kerberos to connect to AD. """ # requires python-ad: https://github.com/sfu-rcg/python-ad try: from ad import Client, Creds, activate except ImportError: raise Exception("python-ad package required.") try: import ldap except ImportError: raise Exception("python-ldap package required.") from amlib import conf ad_user = conf.c['am_user']+'@'+conf.c['ad_domain'] ad_pass = conf.c['am_pass'] creds = Creds(conf.c['ad_domain']) creds.acquire(principal=ad_user, password=ad_pass) activate(creds) c = Client(conf.c['ad_domain'])
#!/usr/bin/python # coding=UTF-8 from ad import Client, Creds, activate #from ad import Client, Creds, activate domain = 'hdtr.com' user = '******' password = '******' server='192.168.12.2' creds = Creds(domain) creds.acquire(user, password, server) activate(creds) client = ad.Client(domain) users = client.search('(objectClass=user)') for dn,attrs in users: name = attrs['sAMAccountName'][0] print '-> %s' % name