Skip to content

Instantly share code, notes, and snippets.

@avuko

avuko/ldapsearch.py

Last active July 29, 2019 09:38
Show Gist options
  • Save avuko/5dae7521c7b109f1554bc272e244136a to your computer and use it in GitHub Desktop.
Save avuko/5dae7521c7b109f1554bc272e244136a to your computer and use it in GitHub Desktop.
Download ZIP
ldap search queries in python (with NTLM + SSL)
Raw
ldapsearch.py
#!/usr/bin/env python3
import secrets
import sys
from ldap3 import Server, Connection, ALL, NTLM
try:
username = sys.argv[1]
except IndexError:
exit('please provide a username: {} <name>'.format(sys.argv[0]))
# MS useraccountcontrol values:
accountstatus = {'512': "Enabled Account",
'514': "Disabled Account",
'544': "Enabled, Password Not Required",
'546': "Disabled, Password Not Required",
'66048': "Enabled, Password Doesn't Expire",
'66050': "Disabled, Password Doesn't Expire",
'66080': "Enabled, Password Doesn't Expire & Not Required",
'66082': "Disabled, Password Doesn't Expire & Not Required"}
server = Server(secrets.server, port=636, use_ssl=True, get_info=ALL)
conn = Connection(server,
auto_bind=True,
user=secrets.username, # 'domain\username'
password=secrets.password,
authentication=NTLM)
# DEBUG
# print(conn)
# print(server.info, conn.extend.standard.who_am_i())
conn.search(secrets.domain, # 'dc=example,dc=com'
'(&(objectclass=person)(cn={}))'.format(username),
attributes=['lastLogon', 'whenCreated', 'WhenChanged',
'useraccountcontrol'])
user = conn.entries[0]
# repr(user)
accountstate = str(user.userAccountControl)
print([username,
accountstatus[accountstate],
user]
# user.lastlogon,
# user.whencreated,
#user.whenchanged]
)
@avuko
Copy link
Author

avuko commented Jul 29, 2019
edited
Loading

cat secrets.py

#!/usr/bin/env python3
username = 'domain\username'
password = 'correct horse battery staple'
server = '10.10.10.10'
domain = 'dc=example,dc=com'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment