#! /bin/env python# # USAGE# $ python ad_utils.py "My Group Name"## Author:

1. #! /bin/env python
2. #
3. # USAGE
4. # $ python ad_utils.py "My Group Name"
5. #
6. # Author:
7. # Trinh Nguyen
8. # dangtrinhnt@gmail.com
9. # www.dangtrinh.com
10.  
11. import sys
12. import ldap
13.  
14.  
15. AD_SERVERS = [ '<dc ip address>', 'dc ip address']
16. AD_USER_BASEDN = "<BASE DN. E.g. OU=Users,DC=Example,DC=Com>"
17. AD_USER_FILTER = '(&(objectClass=USER)(sAMAccountName={username}))'
18. AD_USER_FILTER2 = '(&(objectClass=USER)(dn={userdn}))'
19. AD_GROUP_FILTER = '(&(objectClass=GROUP)(cn={group_name}))'
20. AD_BIND_USER = 'administrator@example.com'
21. AD_BIND_PWD = 'administratorpassword'
22.  
23.  
24.  
25. # ldap connection
26. def ad_auth(username=AD_BIND_USER, password=AD_BIND_PWD, address=AD_SERVERS[0]):
27. conn = ldap.initialize('ldap://' + address)
28. conn.protocol_version = 3
29. conn.set_option(ldap.OPT_REFERRALS, 0)
30.  
31. result = True
32.  
33. try:
34. conn.simple_bind_s(username, password)
35. print "Succesfully authenticated"
36. except ldap.INVALID_CREDENTIALS:
37. return "Invalid credentials", False
38. except ldap.SERVER_DOWN:
39. return "Server down", False
40. except ldap.LDAPError, e:
41. if type(e.message) == dict and e.message.has_key('desc'):
42. return "Other LDAP error: " + e.message['desc'], False
43. else:
44. return "Other LDAP error: " + e, False
45.  
46. return conn, result
47.  
48. def get_dn_by_username(username, ad_conn, basedn=AD_USER_BASEDN):
49. return_dn = ''
50. ad_filter = AD_USER_FILTER.replace('{username}', username)
51. results = ad_conn.search_s(basedn, ldap.SCOPE_SUBTREE, ad_filter)
52. if results:
53. for dn, others in results:
54. return_dn = dn
55. return return_dn
56.  
57. #
58. # query only enabled users with the following filter
59. # (!(userAccountControl:1.2.840.113556.1.4.803:=2))
60. #
61. def get_email_by_dn(dn, ad_conn):
62. email = ''
63. result = ad_conn.search_s(dn, ldap.SCOPE_BASE, \
64. '(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))')
65. if result:
66. for dn, attrb in result:
67. if 'mail' in attrb and attrb['mail']:
68. email = attrb['mail'][0].lower()
69. break
70. return email
71.  
72.  
73. def get_group_members(group_name, ad_conn, basedn=AD_USER_BASEDN):
74. members = []
75. ad_filter = AD_GROUP_FILTER.replace('{group_name}', group_name)
76. result = ad_conn.search_s(basedn, ldap.SCOPE_SUBTREE, ad_filter)
77. if result:
78. if len(result[0]) >= 2 and 'member' in result[0][1]:
79. members_tmp = result[0][1]['member']
80. for m in members_tmp:
81. email = get_email_by_dn(m, ad_conn)
82. if email:
83. members.append(email)
84. return members
85.  
86.  
87. if __name__ == "__main__":
88. group_name = sys.argv[1]
89. ad_conn, result = ad_auth()
90. if result:
91. group_members = get_group_members(group_name, ad_conn)
92. for m in group_members:
93. print m