#!/usr/bin/env pythonimport ldapimport sysimport keyringimport getpassimpo

1. #!/usr/bin/env python
2.  
3. import ldap
4. import sys
5. import keyring
6. import getpass
7. import logging
8. import pprint
9.  
10. keyring_service = 'slapd'
11.  
12. LDAP_SERVER = 'ldaps://ldap.spotify.net'
13. LDAP_BASE_DN = 'cn=users,dc=carmen,dc=int,dc=sto,dc=spotify,dc=net'
14. SUSPENDED_USER_QUERY = "(&(objectClass=apple-user)(loginShell=/dev/null))"
15. GROUP_QUERY = "(&(objectClass=apple-group)(memberUid=$suspended_user))"
16. ADMIN_QUERY = "(&(objectClass=apple-group)(apple-group-services=$suspended_user))"
17.  
18. global ldap_connection
19. force_user = ''
20.  
21. def ldap_connect():
22. (LDAP_USER, LDAP_PASS) = credentials(1)
23. login_dn = make_user_dn(LDAP_USER)
24. #print login_dn
25. global ldap_connection
26. try:
27. ldap_connection = ldap.initialize(LDAP_SERVER)
28. except ldap.LDAPError, e:
29. logging.error(e)
30.  
31. try:
32. ldap_connection.simple_bind_s(login_dn, LDAP_PASS)
33. except ldap.LDAPError, e:
34. logging.error(e)
35.  
36. def credentials(reset=0):
37. if force_user:
38. user = force_user
39. else:
40. user = getpass.getuser()
41. password = keyring.get_password(keyring_service,user)
42. if not password:
43. logging.warning("No %s password found in keyring." % keyring_service)
44. password = getpass.getpass("Please enter password for user '" + user + "':")
45. keyring.set_password(keyring_service,user,password)
46. elif reset:
47. logging.info("Request to reset password for user.")
48. password = getpass.getpass("Please enter new password for user '" + user + "':")
49. keyring.set_password(keyring_service,user,password)
50. #print "Returning (%s, %s)" % (user, password)
51. return (user, password)
52.  
53. def make_user_dn(username):
54. user_dn = 'uid=' + username + ',' + LDAP_BASE_DN
55. return user_dn
56.  
57. def ldap_search(ldap_server, search_base, query):
58. if not ldap_connection:
59. ldap_connect()
60. try:
61. search_scope = ldap.SCOPE_SUBTREE
62. retrieve_attributes = None
63.  
64. ldap_result = ldap_connection.search_s(
65. search_base,
66. search_scope,
67. query,
68. retrieve_attributes
69. )
70. suspended_users = []
71. suspended_users.append(ldap_result)
72.  
73. if len(suspended_users) == 0:
74. print('No suspended users found.')
75. return
76.  
77. except ldap.LDAPError, e:
78. print('LDAPError: %s.' % e)
79.  
80. pprint.pprint(suspended_users)
81.  
82.  
83. def delUserFromGroup(self, cngroup, uiduser):
84. """
85. Remove a user from a posixGroup account.
86. Remove memberUid in LDAP entry attributes.
87.  
88. @param cngroup: name of the group (not full ldap path)
89. @type cngroup: unicode
90.  
91. @param uiduser: user uid (not full ldap path)
92. @type uiduser: unicode
93. """
94. cngroup = cngroup.encode("utf-8")
95. uiduser = uiduser.encode("utf-8")
96. groupdn = 'cn=' + cngroup + ',' + self.baseGroupsDN
97. userdn = self.searchUserDN(uiduser)
98. r = AF().log(PLUGIN_NAME, AA.BASE_DEL_USER_FROM_GROUP, [(groupdn, AT.GROUP), (userdn, AT.USER)])
99. try:
100. self.l.modify_s(groupdn, [(ldap.MOD_DELETE, 'memberUid', uiduser)])
101. except ldap.NO_SUCH_ATTRIBUTE:
102. # There are no member in this group
103. pass
104. r.commit()
105.  
106. def main():
107. ldap_connect()
108. ldap_search(LDAP_SERVER, LDAP_BASE_DN, SUSPENDED_USER_QUERY)
109.  
110.  
111. if __name__ == '__main__':
112. main()