1
|
|
2
|
|
3
|
import ldap
|
4
|
from scribe.ldapconf import AD_ADDRESS, AD_USER, AD_BASE, AD_PWDFILE
|
5
|
|
6
|
def get_members(conn, group_name):
|
7
|
"""
|
8
|
renvoie les membres d'un groupe
|
9
|
"""
|
10
|
ldb_filter = '(&(objectclass=group)(cn={}))'
|
11
|
res = conn.search(AD_BASE, ldap.SCOPE_SUBTREE,
|
12
|
ldb_filter.format(group_name), ['member'])
|
13
|
return conn.result(res)[1][0][1]['member']
|
14
|
|
15
|
def get_memberof(conn, user_name):
|
16
|
ldb_filter = '(&(objectclass=user)(cn={}))'
|
17
|
res = conn.search(AD_BASE, ldap.SCOPE_SUBTREE,
|
18
|
ldb_filter.format(user_name), ['memberOf'])
|
19
|
return conn.result(res)[1][0][1]['memberOf']
|
20
|
|
21
|
|
22
|
def add_member(conn, group_name, user_name):
|
23
|
"""
|
24
|
ajoute un utilisateur à un groupe (FIXME : gérer le DN complet)
|
25
|
"""
|
26
|
group_dn = 'CN={},CN=Users,{}'.format(group_name, AD_BASE)
|
27
|
user_dn = 'CN={},CN=Users,{}'.format(user_name, AD_BASE)
|
28
|
group_name = group_name.encode()
|
29
|
datas = [(ldap.MOD_ADD, 'member', [user_dn.encode()]),
|
30
|
]
|
31
|
print('Ajout au groupe {}'.format(group_name.decode()))
|
32
|
conn.modify_s(group_dn, datas)
|
33
|
return group_dn
|
34
|
|
35
|
AD_USERDN = "CN={0},CN=Users,{1}".format(AD_USER, AD_BASE)
|
36
|
AD_PWD = open(AD_PWDFILE).read().strip()
|
37
|
ldap.set_option(ldap.OPT_REFERRALS, 0)
|
38
|
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
39
|
connexion = ldap.initialize('ldaps://{}'.format(AD_ADDRESS))
|
40
|
connexion.simple_bind_s(AD_USERDN, AD_PWD)
|
41
|
|
42
|
print(get_memberof(connexion, 'prof1'))
|
43
|
print(get_members(connexion, 'Domain Admins'))
|
44
|
print(add_member(connexion, 'Domain Admins', 'prof1'))
|
45
|
print(get_members(connexion, 'Domain Admins'))
|
46
|
|
47
|
connexion.unbind_s()
|