zayavka-samba-ad/importer.py

#!/usr/bin/python2
# coding=utf-8


import ldb
from samba.samdb import SamDB
from samba.auth import system_session
# from samba.ndr import ndr_pack, ndr_unpack
# from samba.dcerpc import security
import samba.param
# import base64
# import binascii
from UserAd_class import UserAd
import zayavka_reader as z_reader

base = "CN=Users,DC=techgrow,DC=local"  # можно не заморачиваться с ОУ и тогда base = "CN=Users,DC=myDom,DC=lan"
domainName = 'techgrow.local'

dbconn = {'host': '10.1.11.26',
          'user': 'LDAP2018',
          'pass': 'Pr4t7UEZITwW1AYG',
          'base': 'sitemanager0'}

sql = 'select * from LDAP'
sql_update_changes = "update LDAP set Changes = 'N' where ID = '%s'"
sql_delete = "delete from LDAP where Delete = 'Y' and ID = '%s'"

ad_groups = ['vpn-users', 'gogs']


def users_make_ad(sam, base):
    expression = "(&(objectCategory=person)(objectClass=user))"
    users = {}
    res = sam.search(base=base, expression=expression, attrs=['*', 'userAccountControl'])
    for i in res:
        enabled = 0
        if int(str(i['userAccountControl'])) & 2 == 0:
            enabled = 1
        memberOf = []
        for k in i['memberOf']:
            memberOf.append(str(k).split(',')[0].split('=')[1])
        users[str(i['samAccountName'])] = {'samAccountName': str(i['samAccountName']),
                                           'memberOf': memberOf,
                                           'userAccountControl': int(str(i['userAccountControl'])),
                                           'enabled': enabled}
    return users


def main():
    lp = samba.param.LoadParm()
    lp.load(samba.param.default_path())  # или lp.load("/etc/samba/smb.conf")
    sam = SamDB(lp=lp, session_info=system_session())
    res, err = z_reader.mysql_reader(dbconn, sql)
    if err:
        print err
        exit(0)
    z_users = z_reader.users_make_zayavka(res, ad_groups)
    print len(z_users)
    for z_user in z_users:
        print z_user
        ad_user = UserAd(sam, base, domainName, z_users[z_user]['samAccountName'], z_users[z_user]['usrPass'])
        if z_users[z_user]['toRemove']:  # удаляем, если такой есть
            if ad_user.exists:
                ad_user.remove()
                dat, err = z_reader.mysql_reader(dbconn, sql_delete % z_users[z_user]['ID'])
                if err:
                    print err
            continue
        if not ad_user.exists:
            ad_user.add()
        if z_users[z_user]['pwChange']:  # обновляем пароль
            ad_user.set_passwd()
            dat, err = z_reader.mysql_reader(dbconn, sql_update_changes % z_users[z_user]['ID'])
            if err:
                print err
        if z_users[z_user]['enabled']:  # инаблим или дисаблим
            ad_user.enable()
        else:
            ad_user.disable()
        for group in z_users[z_user]['memberOf']:
            ad_user.add_in_group(group)


if __name__ == '__main__':
    main()