def fetch_ldap_group(self, file): """ fetch group mapping from group ldap server :param file: output file name """ self.logger.info("Fetching ldap groups") settings = Hashtable() settings.put(Context.INITIAL_CONTEXT_FACTORY, self.args[Constant.LDAP_GROUP_CONTEXT_FACTORY_KEY]) settings.put(Context.PROVIDER_URL, self.args[Constant.LDAP_GROUP_CONTEXT_PROVIDER_URL_KEY]) settings.put(Context.SECURITY_PRINCIPAL, self.args[Constant.LDAP_GROUP_CONTEXT_SECURITY_PRINCIPAL_KEY]) settings.put(Context.SECURITY_CREDENTIALS, self.args[Constant.LDAP_GROUP_CONTEXT_SECURITY_CREDENTIALS_KEY]) ctx = InitialDirContext(settings) search_target = "(objectClass=posixGroup)" return_attributes_standard = ['group_id', 'member_ids'] return_attributes_actual = json.loads(self.args[Constant.LDAP_GROUP_SEARCH_RETURN_ATTRS_KEY]) return_attributes_map = dict(zip(return_attributes_standard, return_attributes_actual)) ctls = SearchControls() ctls.setReturningAttributes(return_attributes_actual) ctls.setSearchScope(SearchControls.SUBTREE_SCOPE) ldap_records = [] org_units = json.loads(self.args[Constant.LDAP_GROUP_SEARCH_DOMAINS_KEY]) for search_unit in org_units: results = ctx.search(search_unit, search_target, ctls) for r in results: person_attributes = r.getAttributes() group = person_attributes.get(return_attributes_map['group_id']).get(0) group = re.sub(r"\r|\n", '', group).strip().encode('utf8') # skip special group that contains all group users if group == 'users': continue members = person_attributes.get(return_attributes_map['member_ids']) if members: self.group_map[group] = members sort_id = 0 for member in members.getAll(): member = re.sub(r"\r|\n", '', member).strip().encode('utf8') ldap_group_tuple = [self.group_app_id] ldap_group_tuple.append(group) ldap_group_tuple.append(sort_id) if member in self.ldap_user: ldap_group_tuple.append(self.app_id) else: ldap_group_tuple.append(self.group_app_id) ldap_group_tuple.append(member) ldap_group_tuple.append(self.wh_exec_id) ldap_records.append(ldap_group_tuple) sort_id += 1 else: pass self.logger.info("%d records found in group accounts" % (len(self.group_map))) csv_writer = csv.writer(open(file, "w"), delimiter='\x1a', quoting=csv.QUOTE_MINIMAL, lineterminator="\n") csv_writer.writerows(ldap_records)
def search(self, criteria, returnField, default="guest"): srch = SearchControls() srch.setSearchScope(SearchControls.SUBTREE_SCOPE) srch.setCountLimit(1) srch.setReturningAttributes([returnField]) results = self.ctx.search("", criteria, srch) for result in results: retval = result.getAttributes().get(returnField).get(0) results.close() return retval else: return default
def fetch_ldap_group(self, file): """ fetch group mapping from group ldap server :param file: output file name """ settings = Hashtable() settings.put(Context.INITIAL_CONTEXT_FACTORY, self.args[Constant.LDAP_GROUP_CONTEXT_FACTORY_KEY]) settings.put(Context.PROVIDER_URL, self.args[Constant.LDAP_GROUP_CONTEXT_PROVIDER_URL_KEY]) settings.put(Context.SECURITY_PRINCIPAL, self.args[Constant.LDAP_GROUP_CONTEXT_SECURITY_PRINCIPAL_KEY]) settings.put(Context.SECURITY_CREDENTIALS, self.args[Constant.LDAP_GROUP_CONTEXT_SECURITY_CREDENTIALS_KEY]) ctx = InitialDirContext(settings) search_target = "(objectClass=posixGroup)" return_attributes_standard = ['group_id', 'member_ids'] return_attributes_actual = json.loads(self.args[Constant.LDAP_GROUP_SEARCH_RETURN_ATTRS_KEY]) return_attributes_map = dict(zip(return_attributes_standard, return_attributes_actual)) ctls = SearchControls() ctls.setReturningAttributes(return_attributes_actual) ctls.setSearchScope(SearchControls.SUBTREE_SCOPE) ldap_records = [] org_units = json.loads(self.args[Constant.LDAP_GROUP_SEARCH_DOMAINS_KEY]) for search_unit in org_units: results = ctx.search(search_unit, search_target, ctls) for r in results: person_attributes = r.getAttributes() group = person_attributes.get(return_attributes_map['group_id']).get(0) group = re.sub(r"\r|\n", '', group).strip().encode('utf8') # skip special group that contains all group users if group == 'users': continue members = person_attributes.get(return_attributes_map['member_ids']) if members: self.group_map[group] = members sort_id = 0 for member in members.getAll(): member = re.sub(r"\r|\n", '', member).strip().encode('utf8') ldap_group_tuple = [self.group_app_id] ldap_group_tuple.append(group) ldap_group_tuple.append(sort_id) if member in self.ldap_user: ldap_group_tuple.append(self.app_id) else: ldap_group_tuple.append(self.group_app_id) ldap_group_tuple.append(member) ldap_group_tuple.append(self.wh_exec_id) ldap_records.append(ldap_group_tuple) sort_id += 1 else: pass self.logger.info("%d records found in group accounts" % (len(self.group_map))) csv_writer = csv.writer(open(file, "w"), delimiter='\x1a', quoting=csv.QUOTE_MINIMAL, lineterminator="\n") csv_writer.writerows(ldap_records)
def fetch_ldap_user(self, file): """ fetch ldap user from ldap server :param file: output file name """ self.logger.info("Fetching ldap users") # Setup LDAP Context Options settings = Hashtable() settings.put(Context.INITIAL_CONTEXT_FACTORY, self.args[Constant.LDAP_CONTEXT_FACTORY_KEY]) settings.put(Context.PROVIDER_URL, self.args[Constant.LDAP_CONTEXT_PROVIDER_URL_KEY]) settings.put(Context.SECURITY_PRINCIPAL, self.args[Constant.LDAP_CONTEXT_SECURITY_PRINCIPAL_KEY]) settings.put(Context.SECURITY_CREDENTIALS, self.args[Constant.LDAP_CONTEXT_SECURITY_CREDENTIALS_KEY]) # page the result, each page have fix number of records pageSize = 5000 pageControl = PagedResultsControl(pageSize, Control.NONCRITICAL) c_array = array([pageControl], Control) # Connect to LDAP Server ctx = InitialLdapContext(settings, None) ctx.setRequestControls(c_array) # load the java Hashtable out of the ldap server # Query starting point and query target search_target = '(objectClass=person)' return_attributes_standard = [ 'user_id', 'distinct_name', 'name', 'display_name', 'title', 'employee_number', 'manager', 'mail', 'department_number', 'department', 'start_date', 'mobile' ] return_attributes_actual = json.loads( self.args[Constant.LDAP_SEARCH_RETURN_ATTRS_KEY]) return_attributes_map = dict( zip(return_attributes_standard, return_attributes_actual)) ctls = SearchControls() ctls.setReturningAttributes(return_attributes_actual) ctls.setSearchScope(SearchControls.SUBTREE_SCOPE) ldap_records = [] # domain format should look like : ['OU=domain1','OU=domain2','OU=domain3,OU=subdomain3'] org_units = json.loads(self.args[Constant.LDAP_SEARCH_DOMAINS_KEY]) cookie = None for search_unit in org_units: # pagination while True: # do the search search_result = ctx.search(search_unit, search_target, ctls) for person in search_result: ldap_user_tuple = [self.app_id] if search_unit == self.args[ Constant.LDAP_INACTIVE_DOMAIN_KEY]: ldap_user_tuple.append('N') else: ldap_user_tuple.append('Y') person_attributes = person.getAttributes() user_id = person_attributes.get( return_attributes_map['user_id']) user_id = re.sub(r"\r|\n", '', user_id.get(0)).strip().encode('utf8') self.ldap_user.add(user_id) for attr_name in return_attributes_actual: attr = person_attributes.get(attr_name) if attr: attr = re.sub(r"\r|\n", '', attr.get(0)).strip().encode('utf8') # special fix for start_date if attr_name == return_attributes_map[ 'start_date'] and len(attr) == 4: attr += '0101' ldap_user_tuple.append(attr) else: ldap_user_tuple.append("") ldap_user_tuple.append(self.wh_exec_id) ldap_records.append(ldap_user_tuple) # Examine the paged results control response control = ctx.getResponseControls()[ 0] # will always return a list, but only have one item if isinstance(control, PagedResultsResponseControl): cookie = control.getCookie() # Re-activate paged results if cookie is None: # reset ctx, break while loop, do next search pageControl = PagedResultsControl(pageSize, Control.NONCRITICAL) c_array = array([pageControl], Control) ctx.setRequestControls(c_array) break else: self.logger.debug( "Have more than one page of result when search " + search_unit) pageControl = PagedResultsControl(pageSize, cookie, Control.CRITICAL) c_array = array([pageControl], Control) ctx.setRequestControls(c_array) self.logger.info("%d records found in ldap search" % (len(self.ldap_user))) csv_writer = csv.writer(open(file, "w"), delimiter='\x1a', quoting=csv.QUOTE_MINIMAL, lineterminator="\n") csv_writer.writerows(ldap_records)
def fetch_ldap_user(self, file): """ fetch ldap user from ldap server :param file: output file name """ # Setup LDAP Context Options settings = Hashtable() settings.put(Context.INITIAL_CONTEXT_FACTORY, self.args[Constant.LDAP_CONTEXT_FACTORY_KEY]) settings.put(Context.PROVIDER_URL, self.args[Constant.LDAP_CONTEXT_PROVIDER_URL_KEY]) settings.put(Context.SECURITY_PRINCIPAL, self.args[Constant.LDAP_CONTEXT_SECURITY_PRINCIPAL_KEY]) settings.put(Context.SECURITY_CREDENTIALS, self.args[Constant.LDAP_CONTEXT_SECURITY_CREDENTIALS_KEY]) # Connect to LDAP Server ctx = InitialDirContext(settings) # load the java Hashtable out of the ldap server # Query starting point and query target search_target = '(objectClass=person)' return_attributes_standard = ['user_id', 'distinct_name', 'name', 'display_name', 'title', 'employee_number', 'manager', 'mail', 'department_number', 'department', 'start_date', 'mobile'] return_attributes_actual = self.split_property(self.args[Constant.LDAP_SEARCH_RETURN_ATTRS_KEY]) return_attributes_map = dict(zip(return_attributes_standard, return_attributes_actual)) ctls = SearchControls() ctls.setReturningAttributes(return_attributes_actual) ctls.setSearchScope(SearchControls.SUBTREE_SCOPE) ldap_records = [] # domain format should look like : 'OU=domain1','OU=domain2','OU=domain3,OU=subdomain3' org_units = self.split_property(self.args[Constant.LDAP_SEARCH_DOMAINS_KEY]) for search_unit in org_units: search_result = ctx.search(search_unit, search_target, ctls) # print search_return_attributes for person in search_result: ldap_user_tuple = [self.app_id] if search_unit == self.args[Constant.LDAP_INACTIVE_DOMAIN_KEY]: ldap_user_tuple.append('N') else: ldap_user_tuple.append('Y') person_attributes = person.getAttributes() user_id = person_attributes.get(return_attributes_map['user_id']) user_id = re.sub(r"\r|\n", '', user_id.get(0)).strip().encode('utf8') self.ldap_user.add(user_id) for attr_name in return_attributes_actual: attr = person_attributes.get(attr_name) if attr: attr = re.sub(r"\r|\n", '', attr.get(0)).strip().encode('utf8') # special fix for start_date if attr_name == return_attributes_map['start_date'] and len(attr) == 4: attr += '0101' ldap_user_tuple.append(attr) else: ldap_user_tuple.append("") ldap_user_tuple.append(self.wh_exec_id) ldap_records.append(ldap_user_tuple) self.logger.info("%d records found in ldap search" % (len(self.ldap_user))) csv_writer = csv.writer(open(file, "w"), delimiter='\x1a', quoting=csv.QUOTE_MINIMAL, lineterminator="\n") csv_writer.writerows(ldap_records)
def fetch_ldap_user(self, file): """ fetch ldap user from ldap server :param file: output file name """ # Setup LDAP Context Options settings = Hashtable() settings.put(Context.INITIAL_CONTEXT_FACTORY, self.args[Constant.LDAP_CONTEXT_FACTORY_KEY]) settings.put(Context.PROVIDER_URL, self.args[Constant.LDAP_CONTEXT_PROVIDER_URL_KEY]) settings.put(Context.SECURITY_PRINCIPAL, self.args[Constant.LDAP_CONTEXT_SECURITY_PRINCIPAL_KEY]) settings.put(Context.SECURITY_CREDENTIALS, self.args[Constant.LDAP_CONTEXT_SECURITY_CREDENTIALS_KEY]) # page the result, each page have fix number of records pageSize = 5000 pageControl = PagedResultsControl(pageSize, Control.NONCRITICAL) c_array = array([pageControl], Control) # Connect to LDAP Server ctx = InitialLdapContext(settings, None) ctx.setRequestControls(c_array) # load the java Hashtable out of the ldap server # Query starting point and query target search_target = '(objectClass=person)' return_attributes_standard = ['user_id', 'distinct_name', 'name', 'display_name', 'title', 'employee_number', 'manager', 'mail', 'department_number', 'department', 'start_date', 'mobile'] return_attributes_actual = json.loads(self.args[Constant.LDAP_SEARCH_RETURN_ATTRS_KEY]) return_attributes_map = dict(zip(return_attributes_standard, return_attributes_actual)) ctls = SearchControls() ctls.setReturningAttributes(return_attributes_actual) ctls.setSearchScope(SearchControls.SUBTREE_SCOPE) ldap_records = [] # domain format should look like : ['OU=domain1','OU=domain2','OU=domain3,OU=subdomain3'] org_units = json.loads(self.args[Constant.LDAP_SEARCH_DOMAINS_KEY]) cookie = None for search_unit in org_units: # pagination while True: # do the search search_result = ctx.search(search_unit, search_target, ctls) for person in search_result: ldap_user_tuple = [self.app_id] if search_unit == self.args[Constant.LDAP_INACTIVE_DOMAIN_KEY]: ldap_user_tuple.append('N') else: ldap_user_tuple.append('Y') person_attributes = person.getAttributes() user_id = person_attributes.get(return_attributes_map['user_id']) user_id = re.sub(r"\r|\n", '', user_id.get(0)).strip().encode('utf8') self.ldap_user.add(user_id) for attr_name in return_attributes_actual: attr = person_attributes.get(attr_name) if attr: attr = re.sub(r"\r|\n", '', attr.get(0)).strip().encode('utf8') # special fix for start_date if attr_name == return_attributes_map['start_date'] and len(attr) == 4: attr += '0101' ldap_user_tuple.append(attr) else: ldap_user_tuple.append("") ldap_user_tuple.append(self.wh_exec_id) ldap_records.append(ldap_user_tuple) # Examine the paged results control response control = ctx.getResponseControls()[0] # will always return a list, but only have one item if isinstance(control, PagedResultsResponseControl): cookie = control.getCookie() # Re-activate paged results if cookie is None: # reset ctx, break while loop, do next search pageControl = PagedResultsControl(pageSize, Control.NONCRITICAL) c_array = array([pageControl], Control) ctx.setRequestControls(c_array) break else: self.logger.debug("Have more than one page of result when search " + search_unit) pageControl = PagedResultsControl(pageSize, cookie, Control.CRITICAL) c_array = array([pageControl], Control) ctx.setRequestControls(c_array) self.logger.info("%d records found in ldap search" % (len(self.ldap_user))) csv_writer = csv.writer(open(file, "w"), delimiter='\x1a', quoting=csv.QUOTE_MINIMAL, lineterminator="\n") csv_writer.writerows(ldap_records)
def fetch_ldap_user(self, file): """ fetch ldap user from ldap server :param file: output file name """ # Setup LDAP Context Options settings = Hashtable() settings.put(Context.INITIAL_CONTEXT_FACTORY, self.args[Constant.LDAP_CONTEXT_FACTORY_KEY]) settings.put(Context.PROVIDER_URL, self.args[Constant.LDAP_CONTEXT_PROVIDER_URL_KEY]) settings.put(Context.SECURITY_PRINCIPAL, self.args[Constant.LDAP_CONTEXT_SECURITY_PRINCIPAL_KEY]) settings.put(Context.SECURITY_CREDENTIALS, self.args[Constant.LDAP_CONTEXT_SECURITY_CREDENTIALS_KEY]) # Connect to LDAP Server ctx = InitialDirContext(settings) # load the java Hashtable out of the ldap server # Query starting point and query target search_target = '(objectClass=person)' return_attributes_standard = [ 'user_id', 'distinct_name', 'name', 'display_name', 'title', 'employee_number', 'manager', 'mail', 'department_number', 'department', 'start_date', 'mobile' ] return_attributes_actual = self.split_property( self.args[Constant.LDAP_SEARCH_RETURN_ATTRS_KEY]) return_attributes_map = dict( zip(return_attributes_standard, return_attributes_actual)) ctls = SearchControls() ctls.setReturningAttributes(return_attributes_actual) ctls.setSearchScope(SearchControls.SUBTREE_SCOPE) ldap_records = [] # domain format should look like : 'OU=domain1','OU=domain2','OU=domain3,OU=subdomain3' org_units = self.split_property( self.args[Constant.LDAP_SEARCH_DOMAINS_KEY]) for search_unit in org_units: search_result = ctx.search(search_unit, search_target, ctls) # print search_return_attributes for person in search_result: ldap_user_tuple = [self.app_id] if search_unit == self.args[Constant.LDAP_INACTIVE_DOMAIN_KEY]: ldap_user_tuple.append('N') else: ldap_user_tuple.append('Y') person_attributes = person.getAttributes() user_id = person_attributes.get( return_attributes_map['user_id']) user_id = re.sub(r"\r|\n", '', user_id.get(0)).strip().encode('utf8') self.ldap_user.add(user_id) for attr_name in return_attributes_actual: attr = person_attributes.get(attr_name) if attr: attr = re.sub(r"\r|\n", '', attr.get(0)).strip().encode('utf8') # special fix for start_date if attr_name == return_attributes_map[ 'start_date'] and len(attr) == 4: attr += '0101' ldap_user_tuple.append(attr) else: ldap_user_tuple.append("") ldap_user_tuple.append(self.wh_exec_id) ldap_records.append(ldap_user_tuple) self.logger.info("%d records found in ldap search" % (len(self.ldap_user))) csv_writer = csv.writer(open(file, "w"), delimiter='\x1a', quoting=csv.QUOTE_MINIMAL, lineterminator="\n") csv_writer.writerows(ldap_records)
def find(self,filter): srch=SearchControls() srch.setSearchScope(SearchControls.SUBTREE_SCOPE) results=self.ctx.search("",filter,srch) return self.pythonize(results)