You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
102 lines
3.6 KiB
102 lines
3.6 KiB
#!/usr/bin/python2
|
|
# coding=utf-8
|
|
|
|
|
|
import ldb
|
|
from samba.samdb import SamDB
|
|
from samba.auth import system_session
|
|
# from samba.ndr import ndr_pack, ndr_unpack
|
|
# from samba.dcerpc import security
|
|
import samba.param
|
|
# import base64
|
|
# import binascii
|
|
from UserAd_class import UserAd
|
|
import zayavka_reader as z_reader
|
|
|
|
base = "CN=Users,DC=techgrow,DC=local" # можно не заморачиваться с ОУ и тогда base = "CN=Users,DC=myDom,DC=lan"
|
|
domainName = 'techgrow.local'
|
|
|
|
dbconn = {'host': '10.3.11.177',
|
|
'user': 'readonlyuser',
|
|
'pass': 'Readonly@2006',
|
|
'base': 'techgrow'}
|
|
|
|
sql = 'select * from LDAP'
|
|
sql_update_changes = "update LDAP set Changes = 'N' where ID = '%s'"
|
|
sql_delete = "delete from LDAP where Delete = 'Y' and ID = '%s'"
|
|
|
|
ad_groups = ['vpn-users', 'gogs']
|
|
ad_groups_users = ['vpn-users', 'gogs']
|
|
ad_groups_bitrix = ['vpn-web-vpn', 'gogs']
|
|
ad_groups_1c = ['vpn-1c-vpn', 'Domain Users']
|
|
ad_group_xserv = 'ics'
|
|
ad_group_rdp = 'Пользователи удаленного рабочего стола'
|
|
|
|
|
|
def users_make_ad(sam, base):
|
|
expression = "(&(objectCategory=person)(objectClass=user))"
|
|
users = {}
|
|
res = sam.search(base=base, expression=expression, attrs=['*', 'userAccountControl'])
|
|
for i in res:
|
|
enabled = 0
|
|
if int(str(i['userAccountControl'])) & 2 == 0:
|
|
enabled = 1
|
|
memberOf = []
|
|
for k in i['memberOf']:
|
|
memberOf.append(str(k).split(',')[0].split('=')[1])
|
|
users[str(i['samAccountName'])] = {'samAccountName': str(i['samAccountName']),
|
|
'memberOf': memberOf,
|
|
'userAccountControl': int(str(i['userAccountControl'])),
|
|
'enabled': enabled}
|
|
return users
|
|
|
|
|
|
def main():
|
|
lp = samba.param.LoadParm()
|
|
lp.load(samba.param.default_path()) # или lp.load("/etc/samba/smb.conf")
|
|
sam = SamDB(lp=lp, session_info=system_session())
|
|
expression = "(&(objectCategory=person)(objectClass=user))"
|
|
|
|
res = sam.search(base=base, expression=expression, attrs=['*', 'userAccountControl'])
|
|
for i in res:
|
|
print(str(i['samAccountName']))
|
|
res, err = z_reader.mysql_reader(dbconn, sql)
|
|
if err:
|
|
print(err)
|
|
exit(0)
|
|
z_users = z_reader.users_make_zayavka(res)
|
|
i = 0
|
|
for z_user in z_users:
|
|
print(z_user, z_users[z_user])
|
|
ad_user = UserAd(sam, base, domainName, z_users[z_user]['samAccountName'], z_users[z_user]['usrPass'])
|
|
if z_users[z_user]['toRemove']: # удаляем, если такой есть
|
|
print("removing user")
|
|
if ad_user.exists:
|
|
ad_user.remove()
|
|
dat, err = z_reader.mysql_reader(dbconn, sql_delete % z_users[z_user]['id'])
|
|
if err:
|
|
print(err)
|
|
continue
|
|
if not ad_user.exists:
|
|
print("make new user")
|
|
ad_res = ad_user.add()
|
|
if ad_res:
|
|
print(ad_res)
|
|
if z_users[z_user]['pwChange']: # обновляем пароль
|
|
ad_res = ad_user.set_passwd()
|
|
if ad_res:
|
|
print(ad_res)
|
|
dat, err = z_reader.mysql_reader(dbconn, sql_update_changes % z_users[z_user]['id'])
|
|
if err:
|
|
print(err)
|
|
if z_users[z_user]['enabled']: # инаблим или дисаблим
|
|
ad_user.enable()
|
|
else:
|
|
ad_user.disable()
|
|
for group in z_users[z_user]['memberOf']:
|
|
ad_user.add_in_group(group)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|
|
|