def get_users(self, parameters): filterby = '(objectclass=user)' attrs = ['distinguishedName', 'objectGUID', 'objectSid', 'cn', 'accountExpires', 'adminCount', 'badPasswordTime', 'badPwdCount', 'description', 'displayName', 'isCriticalSystemObject', 'lastLogoff', 'lastLogon', 'lastLogonTimestamp', 'logonCount', 'logonHours', 'name', 'primaryGroupID', 'pwdLastSet', 'sAMAccountName', 'sAMAccountType', 'uSNChanged', 'uSNCreated', 'userAccountControl', 'whenChanged', 'whenCreated', 'memberOf', 'proxyAddresses'] ad_help = ActiveDirectoryHelper() # return json object containing all user records results = ad_help.search(parameters, filterby, attrs) ldap_json = json.loads(results) entries = ldap_json['entries'] for person in entries: attributes = person['attributes'] groups = [] gen_groups = [] email_addresses = [] for key, value in attributes.items(): if len(value) > 0: if key == 'memberOf': for cn in value: qs = ActiveDirectoryGroup.objects.filter(ldap_configuration=parameters, distinguishedName=cn) for q in qs: groups.append(q) if q.group: gen_groups.append(q.group) elif key == 'proxyAddresses': for address in value: email_addresses.append(address[5:]) else: value_string = "" try: if isinstance(value, str): value_string = value value_string = value_string.decode('utf-8') else: for e in value: if isinstance(e, str): value_string = ''.join(e) else: value_string = e['encoded'] if key in ('accountExpires', 'badPasswordTime', 'lastLogoff', 'lastLogon', 'lastLogonTimestamp', 'pwdLastSet', 'uSNChanged', 'uSNCreated', 'whenChanged', 'whenCreated'): date = self.convert_date_time(value_string) if date: value_string = date.isoformat() attributes[key] = value_string except UnicodeDecodeError: attributes[key] = self.cleanhex(value_string) attributes.pop('memberOf', None) attributes.pop('proxyAddresses', None) # Don't filter on everything. Start with the properties that are # least likely to ever change, then work towards the more mutable # properties. filter_attrs = {} if 'objectGUID' in attributes: filter_attrs['objectGUID'] = attributes['objectGUID'] elif 'objectSid' in attributes: filter_attrs['objectSid'] = attributes['objectSid'] elif 'distinguishedName' in attributes: filter_attrs['distinguishedName'] = attributes['distinguishedName'] else: continue # If no matching user currently exists then create one, otherwise # update the existing user. ad_users = ActiveDirectoryUser.objects.filter(**filter_attrs) if ad_users.count() == 0: ad_user = ActiveDirectoryUser.objects.create(ldap_configuration=parameters, **attributes) ad_user.save() else: ad_users.update(**attributes) ad_user = ad_users.first() identity, created = Identity.objects.get_or_create(name=ad_user.displayName) ''' TODO Do we need to create a person object for this identity?? ''' Identifier.objects.get_or_create(identifier=ad_user.sAMAccountName, identifier_type=Identifier.UNAME, identity=identity) # Import the email addresses. for email_address in email_addresses: Identifier.objects.get_or_create(identifier=email_address, identifier_type=Identifier.EMAIL, identity=identity) for group in groups: print(groups) if ad_user.groups.filter(id=group.id).count() == 0: ad_user.groups.add(group) for gen_group in gen_groups: print(gen_group.id) if identity.groups.filter(id=gen_group.id).count() == 0: identity.groups.add(gen_group)
def get_groups(self, parameters): filter_fields = '(objectclass=group)' attrs = ['distinguishedName', 'objectGUID', 'objectSid', 'cn', 'name', 'objectCategory', 'sAMAccountName'] ad_help = ActiveDirectoryHelper() results = ad_help.search(parameters, filter_fields, attrs) ldap_json = json.loads(results) entries = ldap_json['entries'] for group in entries: attributes = group['attributes'] for key, value in attributes.items(): if len(value) > 0: value_string = "" try: if isinstance(value, str): value_string = value value_string = value_string.decode('utf-8') else: for e in value: if isinstance(e, str): value_string = ''.join(e) # value_string = value_string.decode('utf-8') else: value_string = e['encoded'] attributes[key] = value_string except UnicodeDecodeError: attributes[key] = self.cleanhex(value_string) """ Don't filter on everything. Start with the properties that are least likely to ever change, then work towards the more mutable properties. """ filter_attrs = {} if 'objectGUID' in attributes: filter_attrs['objectGUID'] = attributes['objectGUID'] elif 'objectSid' in attributes: filter_attrs['objectSid'] = attributes['objectSid'] elif 'distinguishedName' in attributes: filter_attrs['distinguishedName'] = attributes['distinguishedName'] else: continue print(attributes['objectGUID']) print(attributes['objectSid']) print(attributes['distinguishedName']) # If no matching group currently exists then create one, otherwise # update the existing group. ad_groups = ActiveDirectoryGroup.objects.filter(**filter_attrs) if ad_groups.count() == 0: print("new group") ad_group = ActiveDirectoryGroup.objects.create(ldap_configuration=parameters, **attributes) gen_group = Group.objects.create(name=ad_group.cn, group_type=Group.AD, description="Imported group from LDAP") gen_group.save() ad_group.group = gen_group ad_group.save() else: print("existing group") ad_groups.update(**attributes) ad_group = ad_groups.first() gen_group = ad_group.group if gen_group: gen_group.name = ad_group.cn gen_group.save()
def get_groups(self, parameters): ad_help = ActiveDirectoryHelper() results = ad_help.import_groups(parameters) ldap_json = json.loads(results) entries = ldap_json['entries'] for group in entries: attributes = group['attributes'] model_attributes = {} for key, value in attributes.items(): if len(value) > 0: value_string = "" try: if isinstance(value, str): value_string = value value_string = value_string.decode('utf-8') else: for e in value: if isinstance(e, str): value_string = ''.join(e) # value_string = value_string.decode('utf-8') else: value_string = e['encoded'] model_attributes[self.ldap_field_to_model( key)] = value_string except UnicodeDecodeError: model_attributes[self.ldap_field_to_model( key)] = self.cleanhex(value_string) """ Don't filter on everything. Start with the properties that are least likely to ever change, then work towards the more mutable properties. """ filter_attrs = {} if 'objectGUID' in attributes: filter_attrs['object_guid'] = model_attributes['object_guid'] elif 'objectSid' in attributes: filter_attrs['object_sid'] = model_attributes['object_sid'] elif 'distinguishedName' in attributes: filter_attrs['distinguished_name'] = model_attributes[ 'distinguished_name'] else: continue # If no matching group currently exists then create one, otherwise # update the existing group. ad_groups = ActiveDirectoryGroup.objects.filter(**filter_attrs) if ad_groups.count() == 0: ad_group = ActiveDirectoryGroup.objects.create( ldap_configuration=parameters, **model_attributes) gen_group = Group.objects.create( name=ad_group.cn, group_type=Group.AD, description="Imported group from LDAP") gen_group.save() ad_group.group = gen_group ad_group.save() else: # print("existing group") ad_groups.update(**model_attributes) ad_group = ad_groups.first() gen_group = ad_group.group if gen_group: gen_group.name = ad_group.cn gen_group.save()
def get_users(self, parameters): ad_help = ActiveDirectoryHelper() # return json object containing all user records results = ad_help.import_users(parameters) ldap_json = json.loads(results) entries = ldap_json['entries'] for person in entries: attributes = person['attributes'] model_attributes = {} groups = [] gen_groups = [] email_addresses = [] for key, value in attributes.items(): if len(value) > 0: if key == 'memberOf': for cn in value: qs = ActiveDirectoryGroup.objects.filter( ldap_configuration=parameters, distinguished_name=cn) for q in qs: groups.append(q) if q.group: gen_groups.append(q.group) elif key == 'proxyAddresses': for address in value: email_addresses.append(address[5:]) else: value_string = "" try: if isinstance(value, str): value_string = value value_string = value_string.decode('utf-8') else: for e in value: if isinstance(e, str): value_string = ''.join(e) else: value_string = e['encoded'] if key in ('accountExpires', 'badPasswordTime', 'lastLogoff', 'lastLogon', 'lastLogonTimestamp', 'pwdLastSet', 'uSNChanged', 'uSNCreated', 'whenChanged', 'whenCreated'): date = self.convert_date_time(value_string) if date: value_string = date.isoformat() if key in ('adminCount', 'badPwdCount', 'logonCount'): # print("WTF IS HAPPENING HERE") # print(value_string) if value_string is None or value_string is "": value_string = 0 else: value_string = int(value_string) if not self.ldap_field_to_model(key) is None: model_attributes[self.ldap_field_to_model( key)] = value_string except UnicodeDecodeError: model_attributes[self.ldap_field_to_model( key)] = self.cleanhex(value_string) attributes.pop('memberOf', None) attributes.pop('proxyAddresses', None) # Don't filter on everything. Start with the properties that are # least likely to ever change, then work towards the more mutable # properties. filter_attrs = {} if 'objectGUID' in attributes: filter_attrs['object_guid'] = model_attributes['object_guid'] elif 'objectSid' in attributes: filter_attrs['object_sid'] = model_attributes['object_sid'] elif 'distinguishedName' in attributes: filter_attrs['distinguished_name'] = model_attributes[ 'distinguished_name'] else: continue curr_identity, id_created = Identity.objects.get_or_create( identity_type=Identity.PERSON, name=model_attributes['object_guid'], description="Exported from LDAP") # If no matching user currently exists then create one, otherwise # update the existing user. ad_users = ActiveDirectoryUser.objects.filter(**filter_attrs) # print(model_attributes) if ad_users.count() == 0: ad_user = ActiveDirectoryUser.objects.create( ldap_configuration=parameters, **model_attributes) ad_user.save() else: ad_users.update(**model_attributes) ad_user = ad_users.first() Identifier.objects.get_or_create( identifier=ad_user.sam_account_name, identifier_type=Identifier.UNAME, identity=curr_identity) person, p_created = Person.objects.get_or_create( first_name="AD Person", surname=ad_user.display_name) person.identity.add(curr_identity) # Import the email addresses. for email_address in email_addresses: Identifier.objects.get_or_create( identifier=email_address, identifier_type=Identifier.EMAIL, identity=curr_identity) for group in groups: # print(groups) if ad_user.groups.filter(id=group.id).count() == 0: ad_user.groups.add(group) for gen_group in gen_groups: # print(gen_group.id) if curr_identity.groups.filter(id=gen_group.id).count() == 0: curr_identity.groups.add(gen_group)
def get_users(self, parameters): ad_help = ActiveDirectoryHelper() # return json object containing all user records results = ad_help.import_users(parameters) ldap_json = json.loads(results) entries = ldap_json['entries'] for person in entries: attributes = person['attributes'] model_attributes = {} groups = [] gen_groups = [] email_addresses = [] for key, value in attributes.items(): if len(value) > 0: if key == 'memberOf': for cn in value: qs = ActiveDirectoryGroup.objects.filter(ldap_configuration=parameters, distinguished_name=cn) for q in qs: groups.append(q) if q.group: gen_groups.append(q.group) elif key == 'proxyAddresses': for address in value: email_addresses.append(address[5:]) else: value_string = "" try: if isinstance(value, str): value_string = value value_string = value_string.decode('utf-8') else: for e in value: if isinstance(e, str): value_string = ''.join(e) else: value_string = e['encoded'] if key in ('accountExpires', 'badPasswordTime', 'lastLogoff', 'lastLogon', 'lastLogonTimestamp', 'pwdLastSet', 'uSNChanged', 'uSNCreated', 'whenChanged', 'whenCreated'): date = self.convert_date_time(value_string) if date: value_string = date.isoformat() if key in ('adminCount', 'badPwdCount', 'logonCount'): # print("WTF IS HAPPENING HERE") # print(value_string) if value_string is None or value_string is "": value_string = 0 else: value_string = int(value_string) if not self.ldap_field_to_model(key) is None: model_attributes[self.ldap_field_to_model(key)] = value_string except UnicodeDecodeError: model_attributes[self.ldap_field_to_model(key)] = self.cleanhex(value_string) attributes.pop('memberOf', None) attributes.pop('proxyAddresses', None) # Don't filter on everything. Start with the properties that are # least likely to ever change, then work towards the more mutable # properties. filter_attrs = {} if 'objectGUID' in attributes: filter_attrs['object_guid'] = model_attributes['object_guid'] elif 'objectSid' in attributes: filter_attrs['object_sid'] = model_attributes['object_sid'] elif 'distinguishedName' in attributes: filter_attrs['distinguished_name'] = model_attributes['distinguished_name'] else: continue curr_identity, id_created = Identity.objects.get_or_create(identity_type=Identity.PERSON, name=model_attributes['object_guid'], description="Exported from LDAP") # If no matching user currently exists then create one, otherwise # update the existing user. ad_users = ActiveDirectoryUser.objects.filter(**filter_attrs) # print(model_attributes) if ad_users.count() == 0: ad_user = ActiveDirectoryUser.objects.create(ldap_configuration=parameters, **model_attributes) ad_user.save() else: ad_users.update(**model_attributes) ad_user = ad_users.first() Identifier.objects.get_or_create(identifier=ad_user.sam_account_name, identifier_type=Identifier.UNAME, identity=curr_identity) person, p_created = Person.objects.get_or_create(first_name="AD Person", surname=ad_user.display_name) person.identity.add(curr_identity) # Import the email addresses. for email_address in email_addresses: Identifier.objects.get_or_create(identifier=email_address, identifier_type=Identifier.EMAIL, identity=curr_identity) for group in groups: # print(groups) if ad_user.groups.filter(id=group.id).count() == 0: ad_user.groups.add(group) for gen_group in gen_groups: # print(gen_group.id) if curr_identity.groups.filter(id=gen_group.id).count() == 0: curr_identity.groups.add(gen_group)
def get_groups(self, parameters): ad_help = ActiveDirectoryHelper() results = ad_help.import_groups(parameters) ldap_json = json.loads(results) entries = ldap_json['entries'] for group in entries: log.debug("Handling group '%s'", group.get('dn')) attributes = group['attributes'] model_attributes = {} for key, value in attributes.items(): if len(value) > 0: value_string = "" try: if isinstance(value, str): value_string = value value_string = value_string.decode('utf-8') else: for e in value: if isinstance(e, str): value_string = ''.join(e) # value_string = value_string.decode('utf-8') else: value_string = e['encoded'] model_attributes[self.ldap_field_to_model(key)] = value_string except UnicodeDecodeError: model_attributes[self.ldap_field_to_model(key)] = self.cleanhex(value_string) """ Don't filter on everything. Start with the properties that are least likely to ever change, then work towards the more mutable properties. """ filter_attrs = {} if 'objectGUID' in attributes: filter_attrs['object_guid'] = model_attributes['object_guid'] elif 'objectSid' in attributes: filter_attrs['object_sid'] = model_attributes['object_sid'] elif 'distinguishedName' in attributes: filter_attrs['distinguished_name'] = model_attributes['distinguished_name'] else: continue # If no matching group currently exists then create one, otherwise # update the existing group. ad_groups = ActiveDirectoryGroup.objects.filter(**filter_attrs) if ad_groups.count() == 0: ad_group = ActiveDirectoryGroup.objects.create(ldap_configuration=parameters, **model_attributes) gen_group = Group.objects.create(name=ad_group.cn, group_type=Group.AD, description="Imported group from LDAP") gen_group.save() ad_group.group = gen_group ad_group.save() else: # print("existing group") ad_groups.update(**model_attributes) ad_group = ad_groups.first() gen_group = ad_group.group if gen_group: gen_group.name = ad_group.cn gen_group.save()