|
|
- #!/usr/bin/python2
- # coding=utf-8
-
-
- import ldb
- from samba.samdb import SamDB
- from samba.auth import system_session
- # from samba.ndr import ndr_pack, ndr_unpack
- # from samba.dcerpc import security
- import samba.param
- # import base64
- # import binascii
- from UserAd_class import UserAd
- import zayavka_reader as z_reader
-
- base = "CN=Users,DC=techgrow,DC=local" # можно не заморачиваться с ОУ и тогда base = "CN=Users,DC=myDom,DC=lan"
- domainName = 'techgrow.local'
-
- dbconn = {'host': '10.3.11.177',
- 'user': 'readonlyuser',
- 'pass': 'Readonly@2006',
- 'base': 'techgrow'}
-
- sql = 'select * from LDAP'
- sql_update_changes = "update LDAP set Changes = 'N' where ID = '%s'"
- sql_delete = "delete from LDAP where Delete = 'Y' and ID = '%s'"
-
- ad_groups = ['vpn-users', 'gogs']
- ad_groups_users = ['vpn-users', 'gogs']
- ad_groups_bitrix = ['vpn-web-vpn', 'gogs']
- ad_groups_1c = ['vpn-1c-vpn', 'Domain Users']
- ad_group_xserv = 'ics'
- ad_group_rdp = 'Пользователи удаленного рабочего стола'
-
-
- def users_make_ad(sam, base):
- expression = "(&(objectCategory=person)(objectClass=user))"
- users = {}
- res = sam.search(base=base, expression=expression, attrs=['*', 'userAccountControl'])
- for i in res:
- enabled = 0
- if int(str(i['userAccountControl'])) & 2 == 0:
- enabled = 1
- memberOf = []
- for k in i['memberOf']:
- memberOf.append(str(k).split(',')[0].split('=')[1])
- users[str(i['samAccountName'])] = {'samAccountName': str(i['samAccountName']),
- 'memberOf': memberOf,
- 'userAccountControl': int(str(i['userAccountControl'])),
- 'enabled': enabled}
- return users
-
-
- def main():
- lp = samba.param.LoadParm()
- lp.load(samba.param.default_path()) # или lp.load("/etc/samba/smb.conf")
- sam = SamDB(lp=lp, session_info=system_session())
- expression = "(&(objectCategory=person)(objectClass=user))"
-
- res = sam.search(base=base, expression=expression, attrs=['*', 'userAccountControl'])
- for i in res:
- print(str(i['samAccountName']))
- res, err = z_reader.mysql_reader(dbconn, sql)
- if err:
- print(err)
- exit(0)
- z_users = z_reader.users_make_zayavka(res)
- i = 0
- for z_user in z_users:
- print(z_user, z_users[z_user])
- ad_user = UserAd(sam, base, domainName, z_users[z_user]['samAccountName'], z_users[z_user]['usrPass'])
- if z_users[z_user]['toRemove']: # удаляем, если такой есть
- print("removing user")
- if ad_user.exists:
- ad_user.remove()
- dat, err = z_reader.mysql_reader(dbconn, sql_delete % z_users[z_user]['id'])
- if err:
- print(err)
- continue
- if not ad_user.exists:
- print("make new user")
- ad_res = ad_user.add()
- if ad_res:
- print(ad_res)
- if z_users[z_user]['pwChange']: # обновляем пароль
- ad_res = ad_user.set_passwd()
- if ad_res:
- print(ad_res)
- dat, err = z_reader.mysql_reader(dbconn, sql_update_changes % z_users[z_user]['id'])
- if err:
- print(err)
- if z_users[z_user]['enabled']: # инаблим или дисаблим
- ad_user.enable()
- else:
- ad_user.disable()
- for group in z_users[z_user]['memberOf']:
- ad_user.add_in_group(group)
-
-
- if __name__ == '__main__':
- main()
-
|
