def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
group_dn = params.get('group_dn')
add_remove = params.get('add_remove')
# Normalize dn
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dn = ','.join(temp_list)
# Normalize group dn
group_dn = ADUtils.dn_normalize(group_dn)
temp_list = ADUtils.dn_escape_and_split(group_dn)
group_dn = ','.join(temp_list)
if add_remove == 'add':
try:
group = extend.ad_add_members_to_groups(conn, dn, group_dn)
except LDAPInvalidDnError as e:
raise PluginException(
cause=
'Either the user or group distinguished name was not found.',
assistance=
'Please check that the distinguished names are correct',
data=e)
else:
try:
group = extend.ad_remove_members_from_groups(conn,
dn,
group_dn,
fix=True)
except LDAPInvalidDnError as e:
raise PluginException(
cause=
'Either the user or group distinguished name was not found.',
assistance=
'Please check that the distinguished names are correct',
data=e)
if group is False:
self.logger.error(
'ModifyGroups: Unexpected result for group. Group was ' +
str(group))
raise PluginException(preset=PluginException.Preset.UNKNOWN)
return {'success': group}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dc_list = [s for s in temp_list if 'DC' in s]
dc = ','.join(dc_list)
escaped_dn = ','.join(temp_list)
pairs = ADUtils.find_parentheses_pairs(escaped_dn)
self.logger.info(pairs)
# replace ( and ) when they are part of a name rather than a search parameter
if pairs:
for key, value in pairs.items():
tempstring = escaped_dn
if tempstring.find('=', key, value) == -1:
escaped_dn = escaped_dn[:value] + '\\29' + escaped_dn[
value + 1:]
escaped_dn = escaped_dn[:key] + '\\28' + escaped_dn[key +
1:]
self.logger.info(escaped_dn)
conn.search(search_base=dc,
search_filter=f'(distinguishedName={escaped_dn})',
attributes=['userAccountControl'])
results = conn.response
dn_test = [d['dn'] for d in results if 'dn' in d]
try:
dn_test[0]
except Exception as ex:
self.logger.error('The DN ' + escaped_dn + ' was not found')
raise PluginException(cause="The DN was not found",
assistance="The DN " + escaped_dn +
" was not found") from ex
user_list = [d['attributes'] for d in results if 'attributes' in d]
user_control = user_list[0]
try:
account_status = user_control['userAccountControl']
except Exception as ex:
self.logger.error('The DN ' + escaped_dn + ' is not a user')
raise PluginException(cause="The DN is not a user",
assistance="The DN " + escaped_dn +
" is not a user") from ex
user_account_flag = 2
account_status = account_status | user_account_flag
conn.modify(
escaped_dn,
{'userAccountControl': [(MODIFY_REPLACE, [account_status])]})
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
return {'success': False}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
escaped_dn = ','.join(temp_list)
password_expire = {"pwdLastSet": ('MODIFY_REPLACE', [0])}
success = conn.modify(dn=escaped_dn, changes=password_expire)
return {'success': success}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dn = ','.join(temp_list)
conn.delete(dn)
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
raise Exception('failed: error message %s' % output)
def run(self, params={}):
conn = self.connection.conn
query = params.get('search_filter')
query = ADUtils.dn_normalize(query)
temp_list = ADUtils.dn_escape_and_split(query)
query_list = [s for s in temp_list if 'DC' in s]
query = ','.join(query_list)
escaped_query = ','.join(temp_list)
escaped_query = escaped_query.replace("\\>=", ">=")
escaped_query = escaped_query.replace("\\<=", "<=")
# find pars of `(` `)`
pairs = ADUtils.find_parentheses_pairs(escaped_query)
# replace ( and ) when they are part of a name rather than a search parameter
for key, value in pairs.items():
tempstring = escaped_query
if tempstring.find('=', key, value) == -1:
escaped_query = escaped_query[:value] + '\\29' + escaped_query[
value + 1:]
escaped_query = escaped_query[:key] + '\\28' + escaped_query[
key + 1:]
self.logger.info(f"Escaped query: {escaped_query}")
conn.search(search_base=params.get('search_base'),
search_filter=escaped_query,
attributes=[
ldap3.ALL_ATTRIBUTES, ldap3.ALL_OPERATIONAL_ATTRIBUTES
])
result_list_json = conn.response_to_json()
result_list_object = json.loads(result_list_json)
entries = result_list_object["entries"]
for entry in entries:
if entry.get("dn"):
entry["dn"] = entry["dn"].replace("\\", "")
if entry.get("attributes") and entry.get("attributes").get(
"distinguishedName"):
entry.get("attributes")["distinguishedName"] = \
entry.get("attributes").get("distinguishedName").replace("\\", "")
return {'results': entries}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dn = ','.join(temp_list)
group_dn = params.get('group_dn')
add_remove = params.get('add_remove')
if add_remove == 'add':
group = extend.ad_add_members_to_groups(conn, dn, group_dn)
else:
group = extend.ad_remove_members_from_groups(conn, dn, group_dn, fix=True)
if group is False:
self.logger.log("ModifyGroups: Unexpected result for group. Group was " + str(group))
raise PluginException(PluginException.Preset.UNKNOWN)
return {'success': group}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dn = ','.join(temp_list)
group_dn = params.get('group_dn')
add_remove = params.get('add_remove')
if add_remove == 'add':
group = extend.ad_add_members_to_groups(conn, dn, group_dn)
else:
group = extend.ad_remove_members_from_groups(conn,
dn,
group_dn,
fix=True)
if group is False:
raise Exception('something went wrong')
return {'success': group}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dc_list = [s for s in temp_list if 'DC' in s]
dc = ','.join(dc_list)
escaped_dn = ','.join(temp_list)
conn.search(search_base=dc,
search_filter='(distinguishedName=' + escaped_dn + ')',
attributes=['userAccountControl'])
results = conn.response
dn_test = [d['dn'] for d in results if 'dn' in d]
try:
dn_test[0]
except Exception as ex:
self.logger.error('The DN ' + dn + ' was not found')
raise ex
user_list = [d['attributes'] for d in results if 'attributes' in d]
user_control = user_list[0]
try:
account_status = user_control['userAccountControl']
except Exception as ex:
self.logger.error('The DN ' + dn + ' is not a user')
raise ex
user_account_flag = 2
account_status = account_status | user_account_flag
conn.modify(
escaped_dn,
{'userAccountControl': [(MODIFY_REPLACE, [account_status])]})
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
return {'success': False}
def run(self, params={}):
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dn = ','.join(temp_list)
new_password = params.get('new_password')
conn = self.connection.conn
ssl = self.connection.ssl
if ssl is False:
raise Exception(
'SSL must be enabled for the reset password action')
success = extend.ad_modify_password(conn,
dn,
new_password,
old_password=None)
result = conn.result
if success is False:
raise Exception('something went wrong %s' % result)
return {'success': success}