def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get("distinguished_name")
new_ou = params.get("new_ou")
relative_dn = ""
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f"Escaped DN {dn}")
pattern = re.search(r"CN=[^,]*,", dn)
self.logger.debug(pattern)
if pattern:
relative_dn = pattern.group()
relative_dn = relative_dn[:-1]
self.logger.debug(relative_dn)
conn.modify_dn(dn, relative_dn, new_superior=new_ou)
result = conn.result
output = result["description"]
if result["result"] == 0:
return {"success": True}
self.logger.error("failed: error message %s" % output)
return {"success": False}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
query = params.get('search_filter')
query = query.replace("\\>=", ">=")
query = query.replace("\\<=", "<=")
# find pars of `(` `)`
pairs = formatter.find_parentheses_pairs(query)
# replace ( and ) when they are part of a name rather than a search parameter
escaped_query = formatter.escape_brackets_for_query(query, pairs)
self.logger.info(f"Escaped query: {escaped_query}")
attributes = params.get(Input.ATTRIBUTES)
if not attributes:
attributes = [
ldap3.ALL_ATTRIBUTES, ldap3.ALL_OPERATIONAL_ATTRIBUTES
]
conn.search(search_base=params.get('search_base'),
search_filter=escaped_query,
attributes=attributes)
result_list_json = conn.response_to_json()
result_list_object = json.loads(result_list_json)
entries = result_list_object["entries"]
return {Output.RESULTS: entries, Output.COUNT: len(entries)}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get('distinguished_name')
new_ou = params.get('new_ou')
relative_dn = ''
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f'Escaped DN {dn}')
pattern = re.search(r'CN=[^,]*,', dn)
self.logger.debug(pattern)
if pattern:
relative_dn = pattern.group()
relative_dn = relative_dn[:-1]
self.logger.debug(relative_dn)
conn.modify_dn(dn, relative_dn, new_superior=new_ou)
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
return {'success': False}
def run(self, params={}):
formatter = ADUtils()
dn = params.get("distinguished_name")
new_password = params.get("new_password")
conn = self.connection.conn
ssl = self.connection.ssl
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f"Escaped DN {dn}")
if ssl is False:
raise PluginException(
cause="SSL must be enabled", assistance="SSL must be enabled for the reset password action"
)
try:
conn.raise_exceptions = True
success = extend.ad_modify_password(conn, dn, new_password, old_password=None)
except LDAPException as e:
raise PluginException(
cause="LDAP returned an error in the response.",
assistance="LDAP failed to reset the password for this user",
data=e,
)
return {"success": success}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dc_list = [s for s in temp_list if 'DC' in s]
dc = ','.join(dc_list)
escaped_dn = ','.join(temp_list)
pairs = ADUtils.find_parentheses_pairs(escaped_dn)
self.logger.info(pairs)
# replace ( and ) when they are part of a name rather than a search parameter
if pairs:
for key, value in pairs.items():
tempstring = escaped_dn
if tempstring.find('=', key, value) == -1:
escaped_dn = escaped_dn[:value] + '\\29' + escaped_dn[
value + 1:]
escaped_dn = escaped_dn[:key] + '\\28' + escaped_dn[key +
1:]
self.logger.info(escaped_dn)
conn.search(search_base=dc,
search_filter=f'(distinguishedName={escaped_dn})',
attributes=['userAccountControl'])
results = conn.response
dn_test = [d['dn'] for d in results if 'dn' in d]
try:
dn_test[0]
except Exception as ex:
self.logger.error('The DN ' + escaped_dn + ' was not found')
raise PluginException(cause="The DN was not found",
assistance="The DN " + escaped_dn +
" was not found") from ex
user_list = [d['attributes'] for d in results if 'attributes' in d]
user_control = user_list[0]
try:
account_status = user_control['userAccountControl']
except Exception as ex:
self.logger.error('The DN ' + escaped_dn + ' is not a user')
raise PluginException(cause="The DN is not a user",
assistance="The DN " + escaped_dn +
" is not a user") from ex
user_account_flag = 2
account_status = account_status | user_account_flag
conn.modify(
escaped_dn,
{'userAccountControl': [(MODIFY_REPLACE, [account_status])]})
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
return {'success': False}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
escaped_dn = ','.join(temp_list)
password_expire = {"pwdLastSet": ('MODIFY_REPLACE', [0])}
success = conn.modify(dn=escaped_dn, changes=password_expire)
return {'success': success}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f'Escaped DN {dn}')
password_expire = {"pwdLastSet": ('MODIFY_REPLACE', [0])}
success = conn.modify(dn=dn, changes=password_expire)
return {'success': success}
def run(self, params={}):
conn = self.connection.conn
dn = params.get(Input.DISTINGUISHED_NAME)
group_dn = params.get(Input.GROUP_DN)
add_remove = params.get(Input.ADD_REMOVE)
# Normalize dn
dn, search_base = ADUtils.format_dn(dn)
dn = ADUtils.unescape_asterisk(dn)
self.logger.info(f"Escaped DN {dn}")
# Normalize group dn
group_dn = ADUtils.format_dn(group_dn)[0]
group_dn = ADUtils.unescape_asterisk(group_dn)
self.logger.info(f"Escaped group DN {group_dn}")
# Check that dn exists in AD
if not ADUtils.check_user_dn_is_valid(conn, dn, search_base):
self.logger.error(f"The DN {dn} was not found")
raise PluginException(cause="The DN was not found.",
assistance=f"The DN {dn} was not found.")
try:
if add_remove == "add":
group = extend.ad_add_members_to_groups(conn,
dn,
group_dn,
fix=True,
raise_error=True)
else:
group = extend.ad_remove_members_from_groups(conn,
dn,
group_dn,
fix=True,
raise_error=True)
except LDAPException as e:
raise PluginException(
cause=
"Either the user or group distinguished name was not found.",
assistance=
"Please check that the distinguished names are correct",
data=e,
)
if group is False:
self.logger.error(
f"ModifyGroups: Unexpected result for group. Group was {str(group)}"
)
raise PluginException(preset=PluginException.Preset.UNKNOWN)
return {Output.SUCCESS: group}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get('distinguished_name')
dn, search_base = formatter.format_dn(dn)
self.logger.info(f'Escaped DN {dn}')
pairs = formatter.find_parentheses_pairs(dn)
self.logger.info(pairs)
# replace ( and ) when they are part of a name rather than a search parameter
if pairs:
dn = formatter.escape_brackets_for_query(dn, pairs)
self.logger.info(f'Search DN {dn}')
conn.search(search_base=search_base,
search_filter=f'(distinguishedName={dn})',
attributes=['userAccountControl'])
results = conn.response
dn_test = [d['dn'] for d in results if 'dn' in d]
try:
dn_test[0]
except Exception as ex:
self.logger.error('The DN ' + dn + ' was not found')
raise PluginException(cause="The DN was not found",
assistance="The DN " + dn +
" was not found") from ex
user_list = [d['attributes'] for d in results if 'attributes' in d]
user_control = user_list[0]
try:
account_status = user_control['userAccountControl']
except Exception as ex:
self.logger.error('The DN ' + dn + ' is not a user')
raise PluginException(cause="The DN is not a user",
assistance="The DN " + dn +
" is not a user") from ex
user_account_flag = 2
account_status = account_status | user_account_flag
conn.modify(
dn, {'userAccountControl': [(MODIFY_REPLACE, [account_status])]})
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
return {'success': False}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dn = ','.join(temp_list)
conn.delete(dn)
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
raise Exception('failed: error message %s' % output)
def run(self, params={}):
return {
Output.SUCCESS:
ADUtils.change_account_status(self.connection.conn,
params.get(Input.DISTINGUISHED_NAME),
False, self.logger)
}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
conn.delete(dn)
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
raise PluginException(PluginException.Preset.UNKNOWN,
assistance='failed: error message %s' % output)
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get("distinguished_name")
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
conn.delete(dn)
result = conn.result
output = result["description"]
if result["result"] == 0:
return {"success": True}
self.logger.error("failed: error message %s" % output)
raise PluginException(
cause=PluginException.causes[PluginException.Preset.UNKNOWN],
assistance=f"failed: error message {output}")
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
group_dn = params.get('group_dn')
add_remove = params.get('add_remove')
# Normalize dn
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dn = ','.join(temp_list)
# Normalize group dn
group_dn = ADUtils.dn_normalize(group_dn)
temp_list = ADUtils.dn_escape_and_split(group_dn)
group_dn = ','.join(temp_list)
if add_remove == 'add':
try:
group = extend.ad_add_members_to_groups(conn, dn, group_dn)
except LDAPInvalidDnError as e:
raise PluginException(
cause=
'Either the user or group distinguished name was not found.',
assistance=
'Please check that the distinguished names are correct',
data=e)
else:
try:
group = extend.ad_remove_members_from_groups(conn,
dn,
group_dn,
fix=True)
except LDAPInvalidDnError as e:
raise PluginException(
cause=
'Either the user or group distinguished name was not found.',
assistance=
'Please check that the distinguished names are correct',
data=e)
if group is False:
self.logger.error(
'ModifyGroups: Unexpected result for group. Group was ' +
str(group))
raise PluginException(preset=PluginException.Preset.UNKNOWN)
return {'success': group}
def run(self, params={}):
conn = self.connection.conn
query = params.get('search_filter')
query = ADUtils.dn_normalize(query)
temp_list = ADUtils.dn_escape_and_split(query)
query_list = [s for s in temp_list if 'DC' in s]
query = ','.join(query_list)
escaped_query = ','.join(temp_list)
escaped_query = escaped_query.replace("\\>=", ">=")
escaped_query = escaped_query.replace("\\<=", "<=")
# find pars of `(` `)`
pairs = ADUtils.find_parentheses_pairs(escaped_query)
# replace ( and ) when they are part of a name rather than a search parameter
for key, value in pairs.items():
tempstring = escaped_query
if tempstring.find('=', key, value) == -1:
escaped_query = escaped_query[:value] + '\\29' + escaped_query[
value + 1:]
escaped_query = escaped_query[:key] + '\\28' + escaped_query[
key + 1:]
self.logger.info(f"Escaped query: {escaped_query}")
conn.search(search_base=params.get('search_base'),
search_filter=escaped_query,
attributes=[
ldap3.ALL_ATTRIBUTES, ldap3.ALL_OPERATIONAL_ATTRIBUTES
])
result_list_json = conn.response_to_json()
result_list_object = json.loads(result_list_json)
entries = result_list_object["entries"]
for entry in entries:
if entry.get("dn"):
entry["dn"] = entry["dn"].replace("\\", "")
if entry.get("attributes") and entry.get("attributes").get(
"distinguishedName"):
entry.get("attributes")["distinguishedName"] = \
entry.get("attributes").get("distinguishedName").replace("\\", "")
return {'results': entries}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dn = ','.join(temp_list)
group_dn = params.get('group_dn')
add_remove = params.get('add_remove')
if add_remove == 'add':
group = extend.ad_add_members_to_groups(conn, dn, group_dn)
else:
group = extend.ad_remove_members_from_groups(conn, dn, group_dn, fix=True)
if group is False:
self.logger.log("ModifyGroups: Unexpected result for group. Group was " + str(group))
raise PluginException(PluginException.Preset.UNKNOWN)
return {'success': group}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dn = ','.join(temp_list)
group_dn = params.get('group_dn')
add_remove = params.get('add_remove')
if add_remove == 'add':
group = extend.ad_add_members_to_groups(conn, dn, group_dn)
else:
group = extend.ad_remove_members_from_groups(conn,
dn,
group_dn,
fix=True)
if group is False:
raise Exception('something went wrong')
return {'success': group}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get("distinguished_name")
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f"Escaped DN {dn}")
password_expire = {"pwdLastSet": ("MODIFY_REPLACE", [0])}
try:
conn.raise_exceptions = True
conn.modify(dn=dn, changes=password_expire)
except LDAPException as e:
raise PluginException(
cause="LDAP returned an error.",
assistance=
"Error was returned when trying to force password reset for this user.",
data=e,
)
return {"success": True}
def run(self, params={}):
formatter = ADUtils()
dn = params.get('distinguished_name')
new_password = params.get('new_password')
conn = self.connection.conn
ssl = self.connection.ssl
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f'Escaped DN {dn}')
if ssl is False:
raise PluginException(cause='SSL must be enabled',
assistance='SSL must be enabled for the reset password action')
success = extend.ad_modify_password(conn, dn, new_password, old_password=None)
result = conn.result
if success is False:
raise PluginException(PluginException.Preset.UNKNOWN,
data=result)
return {'success': success}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dc_list = [s for s in temp_list if 'DC' in s]
dc = ','.join(dc_list)
escaped_dn = ','.join(temp_list)
conn.search(search_base=dc,
search_filter='(distinguishedName=' + escaped_dn + ')',
attributes=['userAccountControl'])
results = conn.response
dn_test = [d['dn'] for d in results if 'dn' in d]
try:
dn_test[0]
except Exception as ex:
self.logger.error('The DN ' + dn + ' was not found')
raise ex
user_list = [d['attributes'] for d in results if 'attributes' in d]
user_control = user_list[0]
try:
account_status = user_control['userAccountControl']
except Exception as ex:
self.logger.error('The DN ' + dn + ' is not a user')
raise ex
user_account_flag = 2
account_status = account_status | user_account_flag
conn.modify(
escaped_dn,
{'userAccountControl': [(MODIFY_REPLACE, [account_status])]})
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
return {'success': False}
def run(self, params={}):
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
temp_list = ADUtils.dn_escape_and_split(dn)
dn = ','.join(temp_list)
new_password = params.get('new_password')
conn = self.connection.conn
ssl = self.connection.ssl
if ssl is False:
raise Exception(
'SSL must be enabled for the reset password action')
success = extend.ad_modify_password(conn,
dn,
new_password,
old_password=None)
result = conn.result
if success is False:
raise Exception('something went wrong %s' % result)
return {'success': success}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get('distinguished_name')
group_dn = params.get('group_dn')
add_remove = params.get('add_remove')
# Normalize dn
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f'Escaped DN {dn}')
# Normalize group dn
group_dn = formatter.format_dn(group_dn)[0]
group_dn = formatter.unescape_asterisk(group_dn)
self.logger.info(f'Escaped group DN {group_dn}')
if add_remove == 'add':
try:
group = extend.ad_add_members_to_groups(conn, dn, group_dn)
except LDAPInvalidDnError as e:
raise PluginException(
cause=
'Either the user or group distinguished name was not found.',
assistance=
'Please check that the distinguished names are correct',
data=e)
else:
try:
group = extend.ad_remove_members_from_groups(conn,
dn,
group_dn,
fix=True)
except LDAPInvalidDnError as e:
raise PluginException(
cause=
'Either the user or group distinguished name was not found.',
assistance=
'Please check that the distinguished names are correct',
data=e)
if group is False:
self.logger.error(
'ModifyGroups: Unexpected result for group. Group was ' +
str(group))
raise PluginException(preset=PluginException.Preset.UNKNOWN)
return {'success': group}
def run(self, params={}):
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = ADUtils.dn_normalize(dn)
new_ou = params.get('new_ou')
relative_dn = ''
pattern = re.search(r'CN=[^,]*,', dn)
self.logger.debug(pattern)
if pattern:
relative_dn = pattern.group()
relative_dn = relative_dn[:-1]
self.logger.debug(relative_dn)
conn.modify_dn(dn, relative_dn, new_superior=new_ou)
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
return {'success': False}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get(Input.DISTINGUISHED_NAME)
attribute = params.get(Input.ATTRIBUTE_TO_MODIFY)
attribute_value = params.get(Input.ATTRIBUTE_VALUE)
dn, search_base = formatter.format_dn(dn)
self.logger.info(f"Escaped DN {dn}")
pairs = formatter.find_parentheses_pairs(dn)
# replace ( and ) when they are part of a name rather than a search parameter
if pairs:
dn = formatter.escape_brackets_for_query(dn)
self.logger.info(dn)
# Check that the distinguishedName is valid
conn.search(
search_base=search_base,
search_filter=f"(distinguishedName={dn})",
attributes=[ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES],
)
result = conn.response_to_json()
result_list_object = loads(result)
entries = result_list_object["entries"]
dn_test = [d["dn"] for d in entries if "dn" in d]
if len(dn_test) == 0:
self.logger.error("The DN " + dn + " was not found")
raise PluginException(cause="The DN was not found.",
assistance="The DN " + dn + " was not found")
# Update attribute
dn = formatter.unescape_asterisk(dn)
conn.modify(dn, {attribute: [(MODIFY_REPLACE, [attribute_value])]})
result = conn.result
output = result["description"]
if result["result"] == 0:
return {Output.SUCCESS: True}
self.logger.error("failed: error message %s" % output)
return {Output.SUCCESS: False}