Пример #1
0
def search_group(stog_filter = None, attrib = None):
    if not stog_filter:
            stog_filter = STOG_FILTER
    #print 'stog_filter is ', stog_filter
    creds = Creds(LDAP_BASE_DN)
    creds.acquire(MGR_CRED, MGR_PASSWD)
    activate(creds)
    client = Client(LDAP_BASE_DN)
    try:
        users = client.search(stog_filter, scheme='gc')
    except ldap.LDAPError, e:
        print e
Пример #2
0
def add_group():
    groups = get_data(0)
    creds = Creds(LDAP_BASE_DN)
    creds.acquire(MGR_CRED, MGR_PASSWD)
    activate(creds)

    client = Client(LDAP_BASE_DN)
    for group in groups:
        attrs = []
        stog_id = str(group['id'])
        stog_ou = group['path'].encode('utf-8')
        path = get_ou(stog_ou)
        dn = '%s%s' % (path, client.dn_from_domain_name(LDAP_BASE_DN))
        ou = group['name'].encode('utf-8')
        attrs.append(('ou', [ou]))
        attrs.append(('objectClass', ['top', 'organizationalUnit']))
        attrs.append(('description', [stog_id]))
        #path1 = search_group(stog_filter = 'description=' + stog_id)
        #print dn
        try:
            client.add(dn, attrs)
            logging.debug("[Group]Time %s add a new group, id is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), ou)
        except (ADError, LDAPError):
            logging.debug("[Error Group]Time %s add group error, id is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), ou)
Пример #3
0
from ad import Client, Creds, activate

domain = 'freeadi.org'

creds = Creds(domain)
creds.load()
activate(creds)

client = Client(domain)
users = client.search('(objectClass=user)', scheme='gc')
for dn,attrs in users:
    name = attrs['sAMAccountName'][0]
    domain = client.domain_name_from_dn(dn)
    print '-> %s (%s)' % (name, domain)
Пример #4
0
import sys
from ad import Client, Creds, Locator, activate
from ad import AD_USERCTRL_NORMAL_ACCOUNT, AD_USERCTRL_ACCOUNT_DISABLED

domain = 'freeadi.org'
user = '******'
password = '******'

if len(sys.argv) != 3:
    sys.stderr.write('Usage: useradd <username> <password>\n')
    sys.exit(1)
username = sys.argv[1]
userpass = sys.argv[2]

creds = Creds(domain)
creds.acquire(user, password)
activate(creds)

client = Client(domain)
result = client.search('(sAMAccountName=%s)' % username)
if len(result) > 0:
    sys.stderr.write('Error: user %s already exists\n' % username)
    sys.exit(1)

dn = 'cn=%s,cn=users,%s' % (username, client.dn_from_domain_name(domain))
attrs = []
attrs.append(('cn', [username]))
attrs.append(('sAMAccountName', [username]))
princ = '%s@%s' % (username, domain)
attrs.append(('userPrincipalName', [princ]))
ctrl = AD_USERCTRL_NORMAL_ACCOUNT | AD_USERCTRL_ACCOUNT_DISABLED
Пример #5
0
def add_user():
    users = get_user()
    creds = Creds(LDAP_BASE_DN)
    creds.acquire(MGR_CRED, MGR_PASSWD)
    activate(creds)

    client = Client(LDAP_BASE_DN)
    #sys.exit(users["data"])
    #print type(users)
    #print users["data"]
    for user in users["data"]:
        attrs = []
        stog_uid = user['uid'].encode('utf-8')
        stog_ou = str(user['ou']).encode('utf-8')
        telephoneNumber = str(user['mobile'])
        lo = user['l'].encode('utf-8')
        uid = str(user['uid'])
        c = user['c'].encode('utf-8')
        displayname = user['displayname'].encode('utf-8')
        cn = user['cn'].encode('utf-8')
        st = user['l'].encode('utf-8')
        employeeNumber = str(user['employeeNumber'])
        employeeType = user['employeeType'].encode('utf-8')
        mail = str(user['mail'])
        title = user['title'].encode('utf-8')
        sn = user['sn'].encode('utf-8')
        status = user['status']
        entryDN = str(user['entryDN']).encode('utf-8')
        if user['sex'] == 2:
            sex = '1'
        else:
            sex = '0'
        #user['sex'] == 2 ? sex = '0' : sex = '1'

        givenName = user['givenName'].encode('utf-8')
        #passwd = str(get_passwd(user['entryDN']))

        path = search_group(stog_filter = 'description=' + stog_ou)
        #print "path is ", path
        if path:
            dn = 'CN=%s,%s' % (stog_uid, path)
            #print "dn is ", dn

            path1 = search_group(stog_filter = 'cn=' + stog_uid)
            #print "path1 ", path1
            if path1 is None:
                attrs.append(('cn', [stog_uid]))
                attrs.append(('sAMAccountName', [stog_uid]))
                princ = '%s@%s' % (stog_uid, LDAP_BASE_DN)
                attrs.append(('userPrincipalName', [princ]))
                attrs.append(('description', [displayname]))
                ctrl = AD_USERCTRL_NORMAL_ACCOUNT | AD_USERCTRL_ACCOUNT_DISABLED
                attrs.append(('userAccountControl', [str(ctrl)]))
                attrs.append(('objectClass', ['user']))
                attrs.append(('Gender', [sex]))
                attrs.append(('co', [c]))
                attrs.append(('displayname', [displayname]))
                attrs.append(('sn', [sn]))
                attrs.append(('st', [st]))
                attrs.append(('givenName', [givenName]))
                attrs.append(('sk-employeeNumber', [employeeNumber]))
                attrs.append(('sk-employeeType', [employeeType]))
                attrs.append(('mail', [mail]))
                attrs.append(('title', [title]))
                attrs.append(('telephoneNumber', [telephoneNumber]))
                attrs.append(('mobile', [telephoneNumber]))
                try:
                    client.add(dn, attrs)
                    logging.debug("[User]Time %s add a new user, id is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), stog_uid)
                except (ADError, LDAPError):
                    print ADError,LDAPError
                    logging.debug("[Error User]Time %s add user error, id is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), stog_uid)

            else:
                print 'status', status
                if status == 128:
                    try:
                        client.rename(path1, 'cn=' + stog_uid, 'OU=已离职用户,OU=虚拟组,OU=总部,OU=美团,DC=sankuai,DC=info')
                        ctrl = 514
                        dnc = 'cn=' + stog_uid + ',OU=已离职用户,OU=虚拟组,OU=总部,OU=美团,DC=sankuai,DC=info'
                        mods = []
                        mods.append(('replace', 'userAccountControl', [str(ctrl)]))
                        client.modify(dnc, mods)
                        logging.debug("[leave office success] Time %s,old dn is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), path1)
                        continue
                    except:
                        logging.debug("[leave office failed] Time %s,old dn is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), path1)
                if cmp(path1, dn) != 0:
                    try:
                        client.rename(path1, 'cn=' + stog_uid, path)
                        logging.debug("[modrdn success] Time %s,old dn is %s, new dn is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), path1, dn)
                    except:
                        logging.debug("[modrdn failed] Time %s,old dn is %s, new dn is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), path1, dn)
                #attrs.append(('replace', 'cn', [stog_uid]))
                #attrs.append(('replace', 'sAMAccountName', [stog_uid]))
                princ = '%s@%s' % (stog_uid, LDAP_BASE_DN)
                attrs.append(('replace', 'userPrincipalName', [princ]))
                #ctrl = AD_USERCTRL_NORMAL_ACCOUNT | AD_USERCTRL_ACCOUNT_DISABLED
                #ctrl = AD_USERCTRL_NORMAL_ACCOUNT
                #attrs.append(('replace', 'userAccountControl', [str(ctrl)]))
                #attrs.append(('replace', 'objectClass', ['user']))
                attrs.append(('replace', 'Gender', [sex]))
                attrs.append(('replace', 'co', ['中国']))
                attrs.append(('replace', 'displayname', [displayname]))
                attrs.append(('replace', 'sn', [sn]))
                attrs.append(('replace', 'st', [st]))
                attrs.append(('replace', 'givenName', [givenName]))
                attrs.append(('replace', 'sk-employeeNumber', [employeeNumber]))
                attrs.append(('replace', 'sk-employeeType', [employeeType]))
                attrs.append(('replace', 'mail', [mail]))
                attrs.append(('replace', 'title', [title]))
                attrs.append(('replace', 'telephoneNumber', [str(0)]))
                attrs.append(('replace', 'mobile', [telephoneNumber]))
                attrs.append(('replace', 'description', [displayname]))
                try:
                    client.modify(dn, attrs)
                    logging.debug("[Modify User]Time %s add a new user, id is %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), stog_uid)
                except (ADError, LDAPError):
                    print ADError, LDAPError
                    logging.debug("[Modify User Error]Time %s add a new user, id is %s, error is %s, %s", strftime("%Y-%m-%d %H:%M:%S started", time.localtime()), stog_uid, ADError, LDAPError)
Пример #6
0
""" Use python-ad and GSSAPI/Kerberos to connect to AD. """

# requires python-ad: https://github.com/sfu-rcg/python-ad
try:
    from ad import Client, Creds, activate
except ImportError:
    raise Exception("python-ad package required.")

try:
    import ldap
except ImportError:
    raise Exception("python-ldap package required.")



from amlib import conf

ad_user = conf.c['am_user']+'@'+conf.c['ad_domain']
ad_pass = conf.c['am_pass']
creds = Creds(conf.c['ad_domain'])

creds.acquire(principal=ad_user, password=ad_pass)
activate(creds)
c = Client(conf.c['ad_domain'])
Пример #7
0
#!/usr/bin/python
# coding=UTF-8
from ad import Client, Creds, activate
#from ad import Client, Creds, activate

domain = 'hdtr.com'
user = '******'
password = '******'
server='192.168.12.2'

creds = Creds(domain)
creds.acquire(user, password, server)
activate(creds)

client = ad.Client(domain)
users = client.search('(objectClass=user)')
for dn,attrs in users:
    name = attrs['sAMAccountName'][0]
    print '-> %s' % name