Created
April 19, 2024 13:35
-
-
Save lanbugs/d46b6460f14b84ede119a47ae35561ad to your computer and use it in GitHub Desktop.
Search users in AD, disable users in Mattermost which are in the wrong department
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Disable users which are in the wrong department in Mattermost | |
| # Written by Maximilian Thoma 2024 | |
| # Free to use for everyone :-) | |
| # Required packages: ldap3, mattermostdriver | |
| from mattermostdriver import Driver | |
| from ldap3 import Server, Connection, SUBTREE, ALL | |
| # SETTINGS | |
| # Mattermost | |
| MM_URL = "mattermost.lab.local" | |
| MM_USERNAME = "automate1@lab.local" | |
| MM_PASSWORD = "password" | |
| MM_VERIFY_SSL = False | |
| # LDAP Settings | |
| LDAP_USER = "CN=LDAP Bind Mattermost,CN=Users,DC=lab,DC=local" | |
| LDAP_PASS = "SuperSecret" | |
| LDAP_SERVER = "ldap://192.168.1.13" | |
| LDAP_SSL = False | |
| SEARCH_BASE = "CN=Users,DC=lab,DC=local" | |
| # General | |
| IGNORE_USERS = ['playbooks', 'system-bot', 'feedbackbot', 'calls', 'superadmin', 'automate'] | |
| ALLOWED_DEPARTMENTS = ['DEPARTMENT1', 'DEPARTMENT2', 'DEPARTMENT3'] | |
| ######################################################################################################################## | |
| # DO NOT CHANGE SOMETHING BELOW | |
| def search_department_of_user(user): | |
| server = Server(LDAP_SERVER, use_ssl=LDAP_SSL, get_info=ALL) | |
| conn = Connection(server, user=LDAP_USER, password=LDAP_PASS, auto_bind=True) | |
| conn.search(SEARCH_BASE, f"(sAMAccountName={user})", search_scope=SUBTREE, attributes=['department']) | |
| if conn.entries: | |
| account = conn.entries[0] | |
| department = account.department.value if 'department' in account else 'NO_DEPARTMENT' | |
| conn.unbind() | |
| return department | |
| else: | |
| conn.unbind() | |
| return 'USER_NOT_FOUND' | |
| def main(): | |
| # Init driver | |
| mm = Driver({ | |
| 'url': MM_URL, | |
| 'login_id': MM_USERNAME, | |
| 'password': MM_PASSWORD, | |
| 'verify': MM_VERIFY_SSL, | |
| 'scheme': 'https' if MM_VERIFY_SSL else 'http', | |
| 'debug': False | |
| }) | |
| # Login before do any actions | |
| mm.login() | |
| # Get all users | |
| users = mm.users.get_users() | |
| # Iterate users | |
| for user in users: | |
| print(f"--- work on user: {user['username']} " + "-"*(61-len(user['username']))) | |
| # Only work on user if not in IGNORE LIST | |
| if user['username'] not in IGNORE_USERS: | |
| user_dep = search_department_of_user(user['username']) | |
| if user_dep not in ALLOWED_DEPARTMENTS: | |
| print(f"user: {user['username']} found in department: {user_dep} not in allowed departments") | |
| # Disable User | |
| print(f"user: {user['username']} will be disabled!") | |
| mm.users.deactivate_user(user['id']) | |
| else: | |
| print(f"user: {user['username']} found in department: {user_dep} and is allowed.") | |
| else: | |
| print(f"user {user['username']} is in skiplist.") | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment