From f0d43d9460a50747abdfe742f72a1835dab2fe5b Mon Sep 17 00:00:00 2001 From: kakwa Date: Sat, 25 Jul 2015 22:04:48 +0200 Subject: [PATCH] renaming and begining implementing the ad backend --- ldapcherry/backend/backendAD.py | 143 ++++++++++++++++++++++++++++ ldapcherry/backend/backendSamba4.py | 14 --- 2 files changed, 143 insertions(+), 14 deletions(-) create mode 100644 ldapcherry/backend/backendAD.py delete mode 100644 ldapcherry/backend/backendSamba4.py diff --git a/ldapcherry/backend/backendAD.py b/ldapcherry/backend/backendAD.py new file mode 100644 index 0000000..d459d7f --- /dev/null +++ b/ldapcherry/backend/backendAD.py @@ -0,0 +1,143 @@ +# -*- coding: utf-8 -*- +# vim:set expandtab tabstop=4 shiftwidth=4: +# +# License GPLv3 +# LdapCherry +# Copyright (c) 2014 Carpentier Pierre-Francois + +import ldapcherry.backend.backendLdap +import cherrypy +import ldap +import ldap.modlist as modlist +import ldap.filter +import logging +import ldapcherry.backend +from ldapcherry.exceptions import UserDoesntExist, GroupDoesntExist +import os +import re + + +class DelUserDontExists(Exception): + def __init__(self, user): + self.user = user + self.log = "cannot remove user, user <%(user)s> does not exist" % \ + {'user': user} + + +class CaFileDontExist(Exception): + def __init__(self, cafile): + self.cafile = cafile + self.log = "CA file %(cafile)s don't exist" % {'cafile': cafile} + +NO_ATTR = 0 +DISPLAYED_ATTRS = 1 +LISTED_ATTRS = 2 +ALL_ATTRS = 3 + + +# Generated by the followin command: + +# samba-tool group list | \ +# while read line; \ +# do +# ldapsearch -x -h localhost -D "administrator@dc.ldapcherry.org" \ +# -w qwertyP455 -b "dc=dc,dc=ldapcherry,dc=org" "(cn=$line)" dn; \ +# done | grep -e "dn: .*CN=Builtin" | \ +# sed "s/dn: CN=\(.*\),CN=.*/'\1',/" + +AD_BUILTIN_GROUPS = [ + 'Pre-Windows 2000 Compatible Access', + 'Windows Authorization Access Group', + 'Certificate Service DCOM Access', + 'Network Configuration Operators', + 'Terminal Server License Servers', + 'Incoming Forest Trust Builders', + 'Performance Monitor Users', + 'Cryptographic Operators', + 'Distributed COM Users', + 'Performance Log Users', + 'Remote Desktop Users', + 'Account Operators', + 'Event Log Readers', + 'Backup Operators', + 'Server Operators', + 'Print Operators', + 'Administrators', + 'Replicator', + 'IIS_IUSRS', + 'Guests', + 'Users', +] + +class Backend(ldapcherry.backend.backendLdap.Backend): + + def __init__(self, config, logger, name, attrslist, key): + self.config = config + self._logger = logger + self.backend_name = name + self.domain = self.get_param('domain') + self.login = self.get_param('login') + basedn = 'dc=' + re.sub(r'\.',',DC=', self.domain) + self.binddn = self.get_param('login') + '@' + self.domain + self.bindpassword = self.get_param('password') + self.ca = self.get_param('ca', False) + self.checkcert = self.get_param('checkcert', 'on') + self.starttls = self.get_param('starttls', 'off') + self.uri = self.get_param('uri') + self.timeout = self.get_param('timeout', 1) + self.userdn = 'CN=Users,' + basedn + self.groupdn = self.userdn + self.builtin = 'CN=Builtin,' + basedn + self.user_filter_tmpl = '(sAMAccountName=%(username)s)' + self.group_filter_tmpl = '(uid=%(userdn)s)' + self.search_filter_tmpl = '(|(sAMAccountName=%(searchstring)s*)(sn=%(searchstring)s*)(cn=%(searchstring)s*))' + self.dn_user_attr = 'cn' + self.key = 'sAMAccountName' + self.objectlasses = ['top', 'person', 'organizationalPerson', 'user'] + self.group_attrs = { + 'member': "%(dn)s" + } + + self.attrlist = [] + for a in attrslist: + self.attrlist.append(self._str(a)) + + def _search_group(self, searchfilter, groupdn): + ldap_client = self._bind() + try: + r = ldap_client.search_s( + groupdn, + ldap.SCOPE_SUBTREE, + searchfilter, + attrlist=['CN'] + ) + except Exception as e: + ldap_client.unbind_s() + self._exception_handler(e) + + ldap_client.unbind_s() + return r + + + def get_groups(self, username): + + username = ldap.filter.escape_filter_chars(username) + userdn = self._get_user(username, NO_ATTR) + + searchfilter = self.group_filter_tmpl % { + 'userdn': userdn, + 'username': username + } + + groups = self._search_group(searchfilter, NO_ATTR, self.groupdn) + ret = [] + for entry in groups: + ret.append(self._uni(entry[0]['CN'])) + + groups = self._search_group(searchfilter, NO_ATTR, self.builtin) + ret = [] + for entry in groups: + ret.append(self._uni(entry[0]['CN'])) + + return ret + diff --git a/ldapcherry/backend/backendSamba4.py b/ldapcherry/backend/backendSamba4.py deleted file mode 100644 index 302fcf3..0000000 --- a/ldapcherry/backend/backendSamba4.py +++ /dev/null @@ -1,14 +0,0 @@ -# -*- coding: utf-8 -*- -# vim:set expandtab tabstop=4 shiftwidth=4: -# -# License GPLv3 -# LdapCherry -# Copyright (c) 2014 Carpentier Pierre-Francois - -import ldapcherry.backend - - -class Backend(ldapcherry.backend.Backend): - - def __init__(self, config, logger, name, attrslist, key): - pass