Skip to content

Instantly share code, notes, and snippets.

@meetpradeepp

meetpradeepp/free_ipa_connect.py

Last active August 2, 2020 07:52
Show Gist options
  • Save meetpradeepp/6183ff72544d848a735a4217c67ae413 to your computer and use it in GitHub Desktop.
Save meetpradeepp/6183ff72544d848a735a4217c67ae413 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
free_ipa_connect.py
# free_ipa_connect.py
#
# Code to query free_ipa demo site
#
#
#
#
import sys
import ldap3
import json
from ldap3 import Server, Connection, ALL, SCHEMA, NTLM, SUBTREE, BASE
from ldap3 import ObjectDef, Reader
AD = 'FreeIPA' #FreeIPA or Microsoft
AD_SERVERS = ['ipa.demo1.freeipa.org']
AD_USER_BASEDN = 'dc=demo1,dc=freeipa,dc=org'
AD_USER_FILTER_BYNAME = '(&(objectClass=person)(uid={username}))'
AD_USER_FILTER_BYDN = '(objectClass=person)'
AD_GROUP_FILTER_BYNAME = '(&(objectClass=groupofname)(cn={group_name}))'
AD_BIND_USER = 'admin'
AD_BIND_PWD = 'Secret123'
def ad_auth(username=AD_BIND_USER, password=AD_BIND_PWD, address=AD_SERVERS[0]):
""" Authenticates to the server"""
# Connect
ad = Server(address, use_ssl=True, get_info=ALL)
conn = None
if AD != 'FreeIPA':
conn = Connection(ad, user=username, password=password, authentication=NTLM, check_names=True)
else:
conn = Connection(ad, user=username, password=password, check_names=True)
try:
conn.bind()
print('Connection Established')
except Exception as e:
print(e.message['desc'])
return 'Error', False
# successful result
return conn, True
def get_dn_by_username(username, ad_conn=None, basedn=AD_USER_BASEDN):
""" Search and return the Distinguished name of username """
return_dn = ''
ad_filter = AD_USER_FILTER_BYNAME.replace('{username}', username)
ad_conn.search(search_base=basedn,
search_scope=SUBTREE,
search_filter=ad_filter,
size_limit=0)
#print(ad_conn.entries)
if(ad_conn.entries and len(ad_conn.entries) > 0):
user = json.loads(ad_conn.entries[0].entry_to_json())
#print(user)
return_dn = user['dn']
#ad_conn.unbind()
return return_dn
def get_email_by_dn(dn, ad_conn=None):
""" Get email by the distinguished name """
email = ''
ad_filter = AD_USER_FILTER_BYDN
ad_conn.search(search_base=dn,
search_scope=BASE,
search_filter=ad_filter,
attributes=["*"],
size_limit=0)
if(ad_conn.entries and len(ad_conn.entries) > 0):
user = json.loads(ad_conn.entries[0].entry_to_json())
#print(user)
if 'mail' in user['attributes']:
email = user['attributes']['mail'][0].lower()
print('Email:'+email)
return email
def get_group_dn(group_name, ad_conn=None, basedn=AD_USER_BASEDN):
""" Get group DN """
return_dn = ''
ad_filter = AD_GROUP_FILTER_BYNAME.replace('{group_name}', group_name)
ad_conn.search(search_base=basedn,
search_scope=SUBTREE,
search_filter=ad_filter,
attributes=["*"],
size_limit=0)
#print(ad_conn.entries)
if(ad_conn.entries and len(ad_conn.entries) > 0):
group = json.loads(ad_conn.entries[0].entry_to_json())
return_dn = group['dn']
return return_dn
def get_group_members(group_name, ad_conn=None, basedn=AD_USER_BASEDN):
""" Get group membership """
members = []
return_dn = ''
ad_filter = '(objectClass=posixgroup)'
#print(ad_filter)
ad_conn.search(search_base=basedn,
search_scope=SUBTREE,
search_filter=ad_filter,
attributes=["memberUid"],
size_limit=0)
#print(ad_conn.entries)
if(ad_conn.entries and len(ad_conn.entries) > 0):
for entry in ad_conn.entries:
group = json.loads(entry.entry_to_json())
#print(group)
# iterate over members
for m in group['attributes']['memberUid']:
members.append(get_email_by_dn(
get_dn_by_username(m,ad_conn),ad_conn))
return members
# Main Program
if __name__ == "__main__":
ad_conn, result = ad_auth()
if result:
#dn=get_dn_by_username('admin',ad_conn)
#print('Email:'+get_email_by_dn(dn,ad_conn))
group_members = get_group_members('employees', ad_conn)
for m in group_members:
print(m)
@meetpradeepp
Copy link
Author

get_group_members is not working with demo IPA server.

@meetpradeepp
Copy link
Author

was able to pull members with memberUid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment