Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import ldap
- import ldap.modlist as modlist
- import sys
- import getpass
- def login():
- pprompt = lambda: (getpass.getpass('User password: '), getpass.getpass('Confirm user password: '))
- p1, p2 = pprompt()
- while p1 != p2:
- print('Passwords do not match. Try again')
- p1, p2 = pprompt()
- return p1
- AD_LDAP_URL='ldaps://<ldapserver>:636'
- ADMIN_USER='<bind admin user>'
- # User must be authorized to create accounts, naturally.
- BASE_DN='<base dn - where the user will be created>'
- REALM='<Kerberos REALM - ALL CAPITALS'
- if len(sys.argv) == 1:
- print("Sintaxe: ldapuser.py <username> <host>")
- print("\t\t\t <username>: (required) username to be created")
- print("\t\t\t <host>: (optional) host to be used on service principal")
- else:
- ADMIN_PASSWORD=getpass.getpass('Enter Bind Password: ')
- username=sys.argv[1]
- if len(sys.argv) > 2:
- host='/'+str(sys.argv[2])
- service=str(username)+str(host)+str(REALM)
- username=str(username)+str(host)
- else:
- service=''
- password=login()
- # The value of password still needs to adhere to the domain's password policy.
- unicode_pass = unicode('\"' + password + '\"', 'iso-8859-1')
- password_value = unicode_pass.encode('utf-16-le')
- principal=str(username)+str(REALM)
- l = ldap.initialize(AD_LDAP_URL)
- l.simple_bind_s(ADMIN_USER, ADMIN_PASSWORD)
- dn='CN='+str(username)+','+str(BASE_DN)
- attrs = {}
- attrs['objectclass'] = ['top','person','organizationalPerson','user']
- attrs['cn'] = str(username)
- attrs['unicodePwd'] = str(password_value)
- attrs['userPrincipalName'] = str(principal)
- attrs['userAccountControl'] = str(66048)
- if service != '':
- attrs['servicePrincipalName'] = str(service)
- else:
- attrs['samaccountname'] = str(username)
- attrs['lockoutTime'] = str(0)
- attrs['accountExpires'] = str(0)
- ldif = modlist.addModlist(attrs)
- l.add_s(dn,ldif)
- print "User "+str(username)+" added\n Principal="+str(principal)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement