def run(self, params={}):
conn = self.connection.conn
dn = params.get(Input.DISTINGUISHED_NAME)
group_dn = params.get(Input.GROUP_DN)
add_remove = params.get(Input.ADD_REMOVE)
# Normalize dn
dn, search_base = ADUtils.format_dn(dn)
dn = ADUtils.unescape_asterisk(dn)
self.logger.info(f"Escaped DN {dn}")
# Normalize group dn
group_dn = ADUtils.format_dn(group_dn)[0]
group_dn = ADUtils.unescape_asterisk(group_dn)
self.logger.info(f"Escaped group DN {group_dn}")
# Check that dn exists in AD
if not ADUtils.check_user_dn_is_valid(conn, dn, search_base):
self.logger.error(f"The DN {dn} was not found")
raise PluginException(cause="The DN was not found.",
assistance=f"The DN {dn} was not found.")
try:
if add_remove == "add":
group = extend.ad_add_members_to_groups(conn,
dn,
group_dn,
fix=True,
raise_error=True)
else:
group = extend.ad_remove_members_from_groups(conn,
dn,
group_dn,
fix=True,
raise_error=True)
except LDAPException as e:
raise PluginException(
cause=
"Either the user or group distinguished name was not found.",
assistance=
"Please check that the distinguished names are correct",
data=e,
)
if group is False:
self.logger.error(
f"ModifyGroups: Unexpected result for group. Group was {str(group)}"
)
raise PluginException(preset=PluginException.Preset.UNKNOWN)
return {Output.SUCCESS: group}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get('distinguished_name')
new_ou = params.get('new_ou')
relative_dn = ''
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f'Escaped DN {dn}')
pattern = re.search(r'CN=[^,]*,', dn)
self.logger.debug(pattern)
if pattern:
relative_dn = pattern.group()
relative_dn = relative_dn[:-1]
self.logger.debug(relative_dn)
conn.modify_dn(dn, relative_dn, new_superior=new_ou)
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
return {'success': False}
def run(self, params={}):
formatter = ADUtils()
dn = params.get("distinguished_name")
new_password = params.get("new_password")
conn = self.connection.conn
ssl = self.connection.ssl
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f"Escaped DN {dn}")
if ssl is False:
raise PluginException(
cause="SSL must be enabled", assistance="SSL must be enabled for the reset password action"
)
try:
conn.raise_exceptions = True
success = extend.ad_modify_password(conn, dn, new_password, old_password=None)
except LDAPException as e:
raise PluginException(
cause="LDAP returned an error in the response.",
assistance="LDAP failed to reset the password for this user",
data=e,
)
return {"success": success}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get("distinguished_name")
new_ou = params.get("new_ou")
relative_dn = ""
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f"Escaped DN {dn}")
pattern = re.search(r"CN=[^,]*,", dn)
self.logger.debug(pattern)
if pattern:
relative_dn = pattern.group()
relative_dn = relative_dn[:-1]
self.logger.debug(relative_dn)
conn.modify_dn(dn, relative_dn, new_superior=new_ou)
result = conn.result
output = result["description"]
if result["result"] == 0:
return {"success": True}
self.logger.error("failed: error message %s" % output)
return {"success": False}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get('distinguished_name')
group_dn = params.get('group_dn')
add_remove = params.get('add_remove')
# Normalize dn
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f'Escaped DN {dn}')
# Normalize group dn
group_dn = formatter.format_dn(group_dn)[0]
group_dn = formatter.unescape_asterisk(group_dn)
self.logger.info(f'Escaped group DN {group_dn}')
if add_remove == 'add':
try:
group = extend.ad_add_members_to_groups(conn, dn, group_dn)
except LDAPInvalidDnError as e:
raise PluginException(
cause=
'Either the user or group distinguished name was not found.',
assistance=
'Please check that the distinguished names are correct',
data=e)
else:
try:
group = extend.ad_remove_members_from_groups(conn,
dn,
group_dn,
fix=True)
except LDAPInvalidDnError as e:
raise PluginException(
cause=
'Either the user or group distinguished name was not found.',
assistance=
'Please check that the distinguished names are correct',
data=e)
if group is False:
self.logger.error(
'ModifyGroups: Unexpected result for group. Group was ' +
str(group))
raise PluginException(preset=PluginException.Preset.UNKNOWN)
return {'success': group}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f'Escaped DN {dn}')
password_expire = {"pwdLastSet": ('MODIFY_REPLACE', [0])}
success = conn.modify(dn=dn, changes=password_expire)
return {'success': success}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get('distinguished_name')
dn, search_base = formatter.format_dn(dn)
self.logger.info(f'Escaped DN {dn}')
pairs = formatter.find_parentheses_pairs(dn)
self.logger.info(pairs)
# replace ( and ) when they are part of a name rather than a search parameter
if pairs:
dn = formatter.escape_brackets_for_query(dn, pairs)
self.logger.info(f'Search DN {dn}')
conn.search(search_base=search_base,
search_filter=f'(distinguishedName={dn})',
attributes=['userAccountControl'])
results = conn.response
dn_test = [d['dn'] for d in results if 'dn' in d]
try:
dn_test[0]
except Exception as ex:
self.logger.error('The DN ' + dn + ' was not found')
raise PluginException(cause="The DN was not found",
assistance="The DN " + dn +
" was not found") from ex
user_list = [d['attributes'] for d in results if 'attributes' in d]
user_control = user_list[0]
try:
account_status = user_control['userAccountControl']
except Exception as ex:
self.logger.error('The DN ' + dn + ' is not a user')
raise PluginException(cause="The DN is not a user",
assistance="The DN " + dn +
" is not a user") from ex
user_account_flag = 2
account_status = account_status | user_account_flag
conn.modify(
dn, {'userAccountControl': [(MODIFY_REPLACE, [account_status])]})
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
return {'success': False}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get('distinguished_name')
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
conn.delete(dn)
result = conn.result
output = result['description']
if result['result'] == 0:
return {'success': True}
self.logger.error('failed: error message %s' % output)
raise PluginException(PluginException.Preset.UNKNOWN,
assistance='failed: error message %s' % output)
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get("distinguished_name")
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
conn.delete(dn)
result = conn.result
output = result["description"]
if result["result"] == 0:
return {"success": True}
self.logger.error("failed: error message %s" % output)
raise PluginException(
cause=PluginException.causes[PluginException.Preset.UNKNOWN],
assistance=f"failed: error message {output}")
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get(Input.DISTINGUISHED_NAME)
attribute = params.get(Input.ATTRIBUTE_TO_MODIFY)
attribute_value = params.get(Input.ATTRIBUTE_VALUE)
dn, search_base = formatter.format_dn(dn)
self.logger.info(f"Escaped DN {dn}")
pairs = formatter.find_parentheses_pairs(dn)
# replace ( and ) when they are part of a name rather than a search parameter
if pairs:
dn = formatter.escape_brackets_for_query(dn)
self.logger.info(dn)
# Check that the distinguishedName is valid
conn.search(
search_base=search_base,
search_filter=f"(distinguishedName={dn})",
attributes=[ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES],
)
result = conn.response_to_json()
result_list_object = loads(result)
entries = result_list_object["entries"]
dn_test = [d["dn"] for d in entries if "dn" in d]
if len(dn_test) == 0:
self.logger.error("The DN " + dn + " was not found")
raise PluginException(cause="The DN was not found.",
assistance="The DN " + dn + " was not found")
# Update attribute
dn = formatter.unescape_asterisk(dn)
conn.modify(dn, {attribute: [(MODIFY_REPLACE, [attribute_value])]})
result = conn.result
output = result["description"]
if result["result"] == 0:
return {Output.SUCCESS: True}
self.logger.error("failed: error message %s" % output)
return {Output.SUCCESS: False}
def run(self, params={}):
formatter = ADUtils()
conn = self.connection.conn
dn = params.get("distinguished_name")
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f"Escaped DN {dn}")
password_expire = {"pwdLastSet": ("MODIFY_REPLACE", [0])}
try:
conn.raise_exceptions = True
conn.modify(dn=dn, changes=password_expire)
except LDAPException as e:
raise PluginException(
cause="LDAP returned an error.",
assistance=
"Error was returned when trying to force password reset for this user.",
data=e,
)
return {"success": True}
def run(self, params={}):
formatter = ADUtils()
dn = params.get('distinguished_name')
new_password = params.get('new_password')
conn = self.connection.conn
ssl = self.connection.ssl
dn = formatter.format_dn(dn)[0]
dn = formatter.unescape_asterisk(dn)
self.logger.info(f'Escaped DN {dn}')
if ssl is False:
raise PluginException(cause='SSL must be enabled',
assistance='SSL must be enabled for the reset password action')
success = extend.ad_modify_password(conn, dn, new_password, old_password=None)
result = conn.result
if success is False:
raise PluginException(PluginException.Preset.UNKNOWN,
data=result)
return {'success': success}