Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import ldap
- import sys
- import keyring
- import getpass
- import logging
- import pprint
- keyring_service = 'slapd'
- LDAP_SERVER = 'ldaps://ldap.spotify.net'
- LDAP_BASE_DN = 'cn=users,dc=carmen,dc=int,dc=sto,dc=spotify,dc=net'
- SUSPENDED_USER_QUERY = "(&(objectClass=apple-user)(loginShell=/dev/null))"
- GROUP_QUERY = "(&(objectClass=apple-group)(memberUid=$suspended_user))"
- ADMIN_QUERY = "(&(objectClass=apple-group)(apple-group-services=$suspended_user))"
- global ldap_connection
- force_user = ''
- def ldap_connect():
- (LDAP_USER, LDAP_PASS) = credentials(1)
- login_dn = make_user_dn(LDAP_USER)
- #print login_dn
- global ldap_connection
- try:
- ldap_connection = ldap.initialize(LDAP_SERVER)
- except ldap.LDAPError, e:
- logging.error(e)
- try:
- ldap_connection.simple_bind_s(login_dn, LDAP_PASS)
- except ldap.LDAPError, e:
- logging.error(e)
- def credentials(reset=0):
- if force_user:
- user = force_user
- else:
- user = getpass.getuser()
- password = keyring.get_password(keyring_service,user)
- if not password:
- logging.warning("No %s password found in keyring." % keyring_service)
- password = getpass.getpass("Please enter password for user '" + user + "':")
- keyring.set_password(keyring_service,user,password)
- elif reset:
- logging.info("Request to reset password for user.")
- password = getpass.getpass("Please enter new password for user '" + user + "':")
- keyring.set_password(keyring_service,user,password)
- #print "Returning (%s, %s)" % (user, password)
- return (user, password)
- def make_user_dn(username):
- user_dn = 'uid=' + username + ',' + LDAP_BASE_DN
- return user_dn
- def ldap_search(ldap_server, search_base, query):
- if not ldap_connection:
- ldap_connect()
- try:
- search_scope = ldap.SCOPE_SUBTREE
- retrieve_attributes = None
- ldap_result = ldap_connection.search_s(
- search_base,
- search_scope,
- query,
- retrieve_attributes
- )
- suspended_users = []
- suspended_users.append(ldap_result)
- if len(suspended_users) == 0:
- print('No suspended users found.')
- return
- except ldap.LDAPError, e:
- print('LDAPError: %s.' % e)
- pprint.pprint(suspended_users)
- def delUserFromGroup(self, cngroup, uiduser):
- """
- Remove a user from a posixGroup account.
- Remove memberUid in LDAP entry attributes.
- @param cngroup: name of the group (not full ldap path)
- @type cngroup: unicode
- @param uiduser: user uid (not full ldap path)
- @type uiduser: unicode
- """
- cngroup = cngroup.encode("utf-8")
- uiduser = uiduser.encode("utf-8")
- groupdn = 'cn=' + cngroup + ',' + self.baseGroupsDN
- userdn = self.searchUserDN(uiduser)
- r = AF().log(PLUGIN_NAME, AA.BASE_DEL_USER_FROM_GROUP, [(groupdn, AT.GROUP), (userdn, AT.USER)])
- try:
- self.l.modify_s(groupdn, [(ldap.MOD_DELETE, 'memberUid', uiduser)])
- except ldap.NO_SUCH_ATTRIBUTE:
- # There are no member in this group
- pass
- r.commit()
- def main():
- ldap_connect()
- ldap_search(LDAP_SERVER, LDAP_BASE_DN, SUSPENDED_USER_QUERY)
- if __name__ == '__main__':
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement