zayavka-samba-ad/UserAd_class.py

import ldb
from samba.samdb import SamDB
from samba.auth import system_session
# from samba.ndr import ndr_pack, ndr_unpack
# from samba.dcerpc import security
import samba.param
# import base64
# import binascii

base = "CN=Users,DC=techgrow,DC=local"  # можно не заморачиваться с ОУ и тогда base = "CN=Users,DC=myDom,DC=lan"
domainName = 'techgrow.local'


class UserAd:
    def __init__(self, sam, base, domainName, usrName, usrPass=''):
        self.sam = sam
        self.base = base
        self.domainName = domainName
        self.usrName = usrName
        self.usrPass = usrPass
        self.exists = self.chek_if_exists()
        if not self.exists:
            self.add()
        self.memberOf = self.check_memberof()

    def chek_if_exists(self):
        expression = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))" % self.usrName
        if len(self.sam.search(base=base, expression=expression, attrs=['sAMAccountName'])) > 0:
            return True
        else:
            return False

    def check_memberof(self):
        expression = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))" % self.usrName
        res = self.sam.search(base=base, expression=expression, attrs=['memberOf'])
        groups = []
        for k in res[0]['memberOf']:
            groups.append(str(k).split(',')[0].split('=')[1])
        return groups

    def add(self):
        ld = {'dn': 'CN=%s,%s' % (self.usrName, base),
              "sAMAccountName": self.usrName,
              "userPrincipalName": "%s@%s" % (self.usrName, self.domainName),
              "objectClass": "user",
              "displayName": self.usrName,
              "description": self.usrName,
              "homeDirectory": r"\\%s\users\%s" % ("dc01", self.usrName),
              'scriptPath': "loginScr.cmd",
              }
        self.sam.transaction_start()
        try:
            self.sam.add(ld)
            self.sam.setpassword("(samAccountName=%s)" % ldb.binary_encode(self.usrName), self.usrPass, False)
        except Exception as exc:
            self.sam.transaction_cancel()
            return exc
        else:
            self.sam.transaction_commit()
            self.chek_if_exists()
            return False

    def set_passwd(self):
        self.sam.transaction_start()
        try:
            self.sam.setpassword("&(objectClass=user)(samAccountName=%s)" % ldb.binary_encode(self.usrName), self.usrPass, False)
        except Exception as exc:
            self.sam.transaction_cancel()
            return exc
        else:
            self.sam.transaction_commit()
            return False

    def add_in_group(self, grpName):
        self.sam.transaction_start()
        try:
            self.sam.add_remove_group_members(grpName, [self.usrName], add_members_operation=True)
        except Exception as exc:
            self.sam.transaction_cancel()
            return exc
        else:
            self.sam.transaction_commit()
            self.memberOf = self.check_memberof()
            return False

    def remove_from_group(self, grpName):
        self.sam.transaction_start()
        try:
            self.sam.add_remove_group_members(grpName, [self.usrName], add_members_operation=True)
        except Exception as exc:
            self.sam.transaction_cancel()
            return exc
        else:
            self.sam.transaction_commit()
            return False

    def remove(self):
        smb_filter = ("(&(sAMAccountName=%s)(sAMAccountType=805306368))" %
                      ldb.binary_encode(self.usrName))

        try:
            res = self.sam.search(base=self.sam.domain_dn(),
                                  scope=ldb.SCOPE_SUBTREE,
                                  expression=smb_filter,
                                  attrs=["dn"])
            user_dn = res[0].dn
        except IndexError:
            return 'Unable to find user "%s"' % self.usrName

        try:
            self.sam.delete(user_dn)
        except Exception as e:
            return 'Failed to remove user "%s", %s' % (self.usrName, e)
        return False

    def disable(self):
        self.sam.transaction_start()
        try:
            self.sam.disable_account("&(objectClass=user)(samAccountName=%s)" % ldb.binary_encode(self.usrName))
        except Exception as exc:
            self.sam.transaction_cancel()
            return exc
        else:
            return False

    def enable(self):
        self.sam.transaction_start()
        try:
            self.sam.enable_account("&(objectClass=user)(samAccountName=%s)" % ldb.binary_encode(self.usrName))
        except Exception as exc:
            self.sam.transaction_cancel()
            return exc
        else:
            return False


def main():
    lp = samba.param.LoadParm()
    lp.load(samba.param.default_path())  # или lp.load("/etc/samba/smb.conf")
    sam = SamDB(lp=lp, session_info=system_session())
    test_usr = UserAd(sam, base, domainName, 'tst', "secret34daD")
    print test_usr.memberOf
    err = test_usr.set_passwd()
    if err:
        print err


if __name__ == '__main__':
    main()