#!/usr/bin/python2 # coding=utf-8 import ldb from samba.samdb import SamDB from samba.auth import system_session # from samba.ndr import ndr_pack, ndr_unpack # from samba.dcerpc import security import samba.param # import base64 # import binascii base = "CN=Users,DC=techgrow,DC=local" # можно не заморачиваться с ОУ и тогда base = "CN=Users,DC=myDom,DC=lan" domainName = 'techgrow.local' class UserAd: def __init__(self, sam, base, domainName, usrName, usrPass=''): self.sam = sam self.base = base self.domainName = domainName self.usrName = usrName self.usrPass = usrPass self.exists = self.chek_if_exists() if not self.exists: self.add() self.memberOf = self.check_memberof() def chek_if_exists(self): expression = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))" % self.usrName if len(self.sam.search(base=base, expression=expression, attrs=['sAMAccountName'])) > 0: return True else: return False def check_memberof(self): expression = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))" % self.usrName res = self.sam.search(base=base, expression=expression, attrs=['memberOf']) groups = [] for k in res[0]['memberOf']: groups.append(str(k).split(',')[0].split('=')[1]) return groups def add(self): ld = {'dn': 'CN=%s,%s' % (self.usrName, base), "sAMAccountName": self.usrName, "userPrincipalName": "%s@%s" % (self.usrName, self.domainName), "objectClass": "user", "displayName": self.usrName, "description": self.usrName, "homeDirectory": r"\\%s\users\%s" % ("dc01", self.usrName), 'scriptPath': "loginScr.cmd", } self.sam.transaction_start() try: self.sam.add(ld) self.sam.setpassword("(samAccountName=%s)" % ldb.binary_encode(self.usrName), self.usrPass, False) except Exception as exc: self.sam.transaction_cancel() return exc else: self.sam.transaction_commit() self.chek_if_exists() return False def set_passwd(self): self.sam.transaction_start() try: self.sam.setpassword("(samAccountName=%s)" % ldb.binary_encode(self.usrName), self.usrPass, False) except Exception as exc: self.sam.transaction_cancel() return exc else: self.sam.transaction_commit() return False def add_in_group(self, grpName): self.sam.transaction_start() try: self.sam.add_remove_group_members(grpName, [self.usrName], add_members_operation=True) except Exception as exc: self.sam.transaction_cancel() return exc else: self.sam.transaction_commit() self.memberOf = self.check_memberof() return False def remove_from_group(self, grpName): self.sam.transaction_start() try: self.sam.add_remove_group_members(grpName, [self.usrName], add_members_operation=True) except Exception as exc: self.sam.transaction_cancel() return exc else: self.sam.transaction_commit() return False def delete(self): return False def disable(self): return False def users_make_ad(sam, base): expression = "(&(objectCategory=person)(objectClass=user))" users = {} res = sam.search(base=base, expression=expression, attrs=['*', 'userAccountControl']) for i in res: enabled = 0 if int(str(i['userAccountControl'])) & 2 == 0: enabled = 1 memberOf = [] for k in i['memberOf']: memberOf.append(str(k).split(',')[0].split('=')[1]) users[str(i['samAccountName'])] = {'samAccountName': str(i['samAccountName']), 'memberOf': memberOf, 'userAccountControl': int(str(i['userAccountControl'])), 'enabled': enabled} return users def main(): lp = samba.param.LoadParm() lp.load(samba.param.default_path()) # или lp.load("/etc/samba/smb.conf") sam = SamDB(lp=lp, session_info=system_session()) print(users_make_ad(sam, base)) test_usr = UserAd(sam, base, domainName, 'tst', "secret34daD") print test_usr.memberOf err = test_usr.set_passwd() if err: print err if __name__ == '__main__': main()