def run(self, params={}):
formatter = ADUtils()
dn = params.get("distinguished_name")
new_password = params.get("new_password")
conn = self.connection.conn
ssl = self.connection.ssl
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f"Escaped DN {dn}")
if ssl is False:
raise PluginException(
cause="SSL must be enabled", assistance="SSL must be enabled for the reset password action"
)
try:
conn.raise_exceptions = True
success = extend.ad_modify_password(conn, dn, new_password, old_password=None)
except LDAPException as e:
raise PluginException(
cause="LDAP returned an error in the response.",
assistance="LDAP failed to reset the password for this user",
data=e,
)
return {"success": success}
def run(self, params={}):
conn = self.connection.conn
ssl = self.connection.ssl
domain_name = params.get('domain_name')
first_name = params.get('first_name')
last_name = params.get('last_name')
logon_name = params.get('logon_name')
user_ou = params.get('user_ou')
account_disabled = params.get('account_disabled')
password = params.get('password')
additional_parameters = params.get('additional_parameters')
user_principal_name = params.get('user_principal_name')
if account_disabled == 'true':
user_account_control = 514
else:
user_account_control = 512
full_name = first_name + ' ' + last_name
domain_dn = domain_name.replace('.', ',DC=')
if user_ou == "Users":
user_ou = user_ou.replace(',', ',CN=')
else:
user_ou = user_ou.replace(',', ',OU=')
if user_ou == "Users":
dn = 'CN={},CN={},DC={}'.format(full_name, user_ou, domain_dn)
else:
dn = 'CN={},OU={},DC={}'.format(full_name, user_ou, domain_dn)
self.logger.info("User DN=" + dn)
if ssl is False:
self.logger.info(
'Warning SSL is not enabled. User password can not be set. User account will be disabled'
)
parameters = {
'givenName': first_name,
'sn': last_name,
'sAMAccountName': logon_name,
'userPassword': password,
'userPrincipalName': user_principal_name
}
parameters.update(additional_parameters)
log_parameters = parameters
log_parameters.pop("userPassword")
self.logger.info(log_parameters)
conn.add(dn, ['person', 'user'], parameters)
pass_set = extend.ad_modify_password(conn, dn, password, None)
change_uac_attribute = {
'userAccountControl': (MODIFY_REPLACE, [user_account_control])
}
conn.modify(dn, change_uac_attribute)
self.logger.info(conn.result)
return {'success': pass_set}
def run(self, params={}):
formatter = ADUtils()
dn = params.get('distinguished_name')
new_password = params.get('new_password')
conn = self.connection.conn
ssl = self.connection.ssl
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f'Escaped DN {dn}')
if ssl is False:
raise PluginException(cause='SSL must be enabled',
assistance='SSL must be enabled for the reset password action')
success = extend.ad_modify_password(conn, dn, new_password, old_password=None)
result = conn.result
if success is False:
raise PluginException(PluginException.Preset.UNKNOWN,
data=result)
return {'success': success}
def run(self, params={}):
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dn = ','.join(temp_list)
new_password = params.get('new_password')
conn = self.connection.conn
ssl = self.connection.ssl
if ssl is False:
raise Exception(
'SSL must be enabled for the reset password action')
success = extend.ad_modify_password(conn,
dn,
new_password,
old_password=None)
result = conn.result
if success is False:
raise Exception('something went wrong %s' % result)
return {'success': success}
def run(self, params={}):
conn = self.connection.conn
ssl = self.connection.ssl
domain_name = params.get("domain_name")
first_name = params.get("first_name")
last_name = params.get("last_name")
logon_name = params.get("logon_name")
user_ou = params.get("user_ou")
account_disabled = params.get("account_disabled")
password = params.get("password")
additional_parameters = params.get("additional_parameters")
user_principal_name = params.get("user_principal_name")
if account_disabled or not ssl:
user_account_control = 514
else:
user_account_control = 512
full_name = first_name + " " + last_name
domain_dn = domain_name.replace(".", ",DC=")
if user_ou == "Users":
user_ou = user_ou.replace(",", ",CN=")
else:
user_ou = user_ou.replace(",", ",OU=")
if user_ou == "Users":
dn = "CN={},CN={},DC={}".format(full_name, user_ou, domain_dn)
else:
dn = "CN={},OU={},DC={}".format(full_name, user_ou, domain_dn)
self.logger.info("User DN=" + dn)
parameters = {
"givenName": first_name,
"sn": last_name,
"sAMAccountName": logon_name,
"userPassword": password,
"userPrincipalName": user_principal_name,
}
if additional_parameters:
parameters.update(additional_parameters)
log_parameters = parameters
log_parameters.pop("userPassword")
self.logger.info(log_parameters)
try:
conn.raise_exceptions = True
conn.add(dn, ["person", "user"], parameters)
except LDAPException as e:
raise PluginException(
cause="LDAP returned an error message.",
assistance="Creating new user failed, error returned by LDAP.",
data=e,
)
success = True
if ssl:
try:
extend.ad_modify_password(conn, dn, password, None)
except LDAPException:
self.logger.error(
"User account created successfully, but unable to update the password."
)
success = False
else:
self.logger.info(
"Warning SSL is not enabled. User password can not be set. User account will be disabled"
)
change_uac_attribute = {
"userAccountControl": (MODIFY_REPLACE, [user_account_control])
}
conn.modify(dn, change_uac_attribute)
self.logger.info(conn.result)
return {"success": success}