Skip to content

Instantly share code, notes, and snippets.

@lanbugs
Created April 19, 2024 13:35
Show Gist options
  • Save lanbugs/d46b6460f14b84ede119a47ae35561ad to your computer and use it in GitHub Desktop.
Save lanbugs/d46b6460f14b84ede119a47ae35561ad to your computer and use it in GitHub Desktop.
Search users in AD, disable users in Mattermost which are in the wrong department
#!/usr/bin/env python3
# Disable users which are in the wrong department in Mattermost
# Written by Maximilian Thoma 2024
# Free to use for everyone :-)
# Required packages: ldap3, mattermostdriver
from mattermostdriver import Driver
from ldap3 import Server, Connection, SUBTREE, ALL
# SETTINGS
# Mattermost
MM_URL = "mattermost.lab.local"
MM_USERNAME = "automate1@lab.local"
MM_PASSWORD = "password"
MM_VERIFY_SSL = False
# LDAP Settings
LDAP_USER = "CN=LDAP Bind Mattermost,CN=Users,DC=lab,DC=local"
LDAP_PASS = "SuperSecret"
LDAP_SERVER = "ldap://192.168.1.13"
LDAP_SSL = False
SEARCH_BASE = "CN=Users,DC=lab,DC=local"
# General
IGNORE_USERS = ['playbooks', 'system-bot', 'feedbackbot', 'calls', 'superadmin', 'automate']
ALLOWED_DEPARTMENTS = ['DEPARTMENT1', 'DEPARTMENT2', 'DEPARTMENT3']
########################################################################################################################
# DO NOT CHANGE SOMETHING BELOW
def search_department_of_user(user):
server = Server(LDAP_SERVER, use_ssl=LDAP_SSL, get_info=ALL)
conn = Connection(server, user=LDAP_USER, password=LDAP_PASS, auto_bind=True)
conn.search(SEARCH_BASE, f"(sAMAccountName={user})", search_scope=SUBTREE, attributes=['department'])
if conn.entries:
account = conn.entries[0]
department = account.department.value if 'department' in account else 'NO_DEPARTMENT'
conn.unbind()
return department
else:
conn.unbind()
return 'USER_NOT_FOUND'
def main():
# Init driver
mm = Driver({
'url': MM_URL,
'login_id': MM_USERNAME,
'password': MM_PASSWORD,
'verify': MM_VERIFY_SSL,
'scheme': 'https' if MM_VERIFY_SSL else 'http',
'debug': False
})
# Login before do any actions
mm.login()
# Get all users
users = mm.users.get_users()
# Iterate users
for user in users:
print(f"--- work on user: {user['username']} " + "-"*(61-len(user['username'])))
# Only work on user if not in IGNORE LIST
if user['username'] not in IGNORE_USERS:
user_dep = search_department_of_user(user['username'])
if user_dep not in ALLOWED_DEPARTMENTS:
print(f"user: {user['username']} found in department: {user_dep} not in allowed departments")
# Disable User
print(f"user: {user['username']} will be disabled!")
mm.users.deactivate_user(user['id'])
else:
print(f"user: {user['username']} found in department: {user_dep} and is allowed.")
else:
print(f"user {user['username']} is in skiplist.")
if __name__ == '__main__':
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment