Last active
August 2, 2020 07:52
-
-
Save meetpradeepp/6183ff72544d848a735a4217c67ae413 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# free_ipa_connect.py | |
# | |
# Code to query free_ipa demo site | |
# | |
# | |
# | |
# | |
import sys | |
import ldap3 | |
import json | |
from ldap3 import Server, Connection, ALL, SCHEMA, NTLM, SUBTREE, BASE | |
from ldap3 import ObjectDef, Reader | |
AD = 'FreeIPA' #FreeIPA or Microsoft | |
AD_SERVERS = ['ipa.demo1.freeipa.org'] | |
AD_USER_BASEDN = 'dc=demo1,dc=freeipa,dc=org' | |
AD_USER_FILTER_BYNAME = '(&(objectClass=person)(uid={username}))' | |
AD_USER_FILTER_BYDN = '(objectClass=person)' | |
AD_GROUP_FILTER_BYNAME = '(&(objectClass=groupofname)(cn={group_name}))' | |
AD_BIND_USER = 'admin' | |
AD_BIND_PWD = 'Secret123' | |
def ad_auth(username=AD_BIND_USER, password=AD_BIND_PWD, address=AD_SERVERS[0]): | |
""" Authenticates to the server""" | |
# Connect | |
ad = Server(address, use_ssl=True, get_info=ALL) | |
conn = None | |
if AD != 'FreeIPA': | |
conn = Connection(ad, user=username, password=password, authentication=NTLM, check_names=True) | |
else: | |
conn = Connection(ad, user=username, password=password, check_names=True) | |
try: | |
conn.bind() | |
print('Connection Established') | |
except Exception as e: | |
print(e.message['desc']) | |
return 'Error', False | |
# successful result | |
return conn, True | |
def get_dn_by_username(username, ad_conn=None, basedn=AD_USER_BASEDN): | |
""" Search and return the Distinguished name of username """ | |
return_dn = '' | |
ad_filter = AD_USER_FILTER_BYNAME.replace('{username}', username) | |
ad_conn.search(search_base=basedn, | |
search_scope=SUBTREE, | |
search_filter=ad_filter, | |
size_limit=0) | |
#print(ad_conn.entries) | |
if(ad_conn.entries and len(ad_conn.entries) > 0): | |
user = json.loads(ad_conn.entries[0].entry_to_json()) | |
#print(user) | |
return_dn = user['dn'] | |
#ad_conn.unbind() | |
return return_dn | |
def get_email_by_dn(dn, ad_conn=None): | |
""" Get email by the distinguished name """ | |
email = '' | |
ad_filter = AD_USER_FILTER_BYDN | |
ad_conn.search(search_base=dn, | |
search_scope=BASE, | |
search_filter=ad_filter, | |
attributes=["*"], | |
size_limit=0) | |
if(ad_conn.entries and len(ad_conn.entries) > 0): | |
user = json.loads(ad_conn.entries[0].entry_to_json()) | |
#print(user) | |
if 'mail' in user['attributes']: | |
email = user['attributes']['mail'][0].lower() | |
print('Email:'+email) | |
return email | |
def get_group_dn(group_name, ad_conn=None, basedn=AD_USER_BASEDN): | |
""" Get group DN """ | |
return_dn = '' | |
ad_filter = AD_GROUP_FILTER_BYNAME.replace('{group_name}', group_name) | |
ad_conn.search(search_base=basedn, | |
search_scope=SUBTREE, | |
search_filter=ad_filter, | |
attributes=["*"], | |
size_limit=0) | |
#print(ad_conn.entries) | |
if(ad_conn.entries and len(ad_conn.entries) > 0): | |
group = json.loads(ad_conn.entries[0].entry_to_json()) | |
return_dn = group['dn'] | |
return return_dn | |
def get_group_members(group_name, ad_conn=None, basedn=AD_USER_BASEDN): | |
""" Get group membership """ | |
members = [] | |
return_dn = '' | |
ad_filter = '(objectClass=posixgroup)' | |
#print(ad_filter) | |
ad_conn.search(search_base=basedn, | |
search_scope=SUBTREE, | |
search_filter=ad_filter, | |
attributes=["memberUid"], | |
size_limit=0) | |
#print(ad_conn.entries) | |
if(ad_conn.entries and len(ad_conn.entries) > 0): | |
for entry in ad_conn.entries: | |
group = json.loads(entry.entry_to_json()) | |
#print(group) | |
# iterate over members | |
for m in group['attributes']['memberUid']: | |
members.append(get_email_by_dn( | |
get_dn_by_username(m,ad_conn),ad_conn)) | |
return members | |
# Main Program | |
if __name__ == "__main__": | |
ad_conn, result = ad_auth() | |
if result: | |
#dn=get_dn_by_username('admin',ad_conn) | |
#print('Email:'+get_email_by_dn(dn,ad_conn)) | |
group_members = get_group_members('employees', ad_conn) | |
for m in group_members: | |
print(m) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
was able to pull members with memberUid