mix
/
zayavka-samba-ad


								#!/usr/bin/python2

								# coding=utf-8


								import ldb

								from samba.samdb import SamDB

								from samba.auth import system_session

								# from samba.ndr import ndr_pack, ndr_unpack

								# from samba.dcerpc import security

								import samba.param

								# import base64

								# import binascii


								base = "CN=Users,DC=techgrow,DC=local"  # можно не заморачиваться с ОУ и тогда base = "CN=Users,DC=myDom,DC=lan"

								domainName = 'techgrow.local'


								class UserAd:

								    def __init__(self, sam, base, domainName, usrName, usrPass=''):

								        self.sam = sam

								        self.base = base

								        self.domainName = domainName

								        self.usrName = usrName

								        self.usrPass = usrPass

								        self.exists = self.chek_if_exists()

								        if not self.exists:

								            self.add()

								        self.memberOf = self.check_memberof()


								    def chek_if_exists(self):

								        expression = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))" % self.usrName

								        if len(self.sam.search(base=base, expression=expression, attrs=['sAMAccountName'])) > 0:

								            return True

								        else:

								            return False


								    def check_memberof(self):

								        expression = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))" % self.usrName

								        res = self.sam.search(base=base, expression=expression, attrs=['memberOf'])

								        groups = []

								        for k in res[0]['memberOf']:

								            groups.append(str(k).split(',')[0].split('=')[1])

								        return groups


								    def add(self):

								        ld = {'dn': 'CN=%s,%s' % (self.usrName, base),

								              "sAMAccountName": self.usrName,

								              "userPrincipalName": "%s@%s" % (self.usrName, self.domainName),

								              "objectClass": "user",

								              "displayName": self.usrName,

								              "description": self.usrName,

								              "homeDirectory": r"\\%s\users\%s" % ("dc01", self.usrName),

								              'scriptPath': "loginScr.cmd",

								              }

								        self.sam.transaction_start()

								        try:

								            self.sam.add(ld)

								            self.sam.setpassword("(samAccountName=%s)" % ldb.binary_encode(self.usrName), self.usrPass, False)

								        except Exception as exc:

								            self.sam.transaction_cancel()

								            return exc

								        else:

								            self.sam.transaction_commit()

								            self.chek_if_exists()

								            return False


								    def set_passwd(self):

								        self.sam.transaction_start()

								        try:

								            self.sam.setpassword("(samAccountName=%s)" % ldb.binary_encode(self.usrName), self.usrPass, False)

								        except Exception as exc:

								            self.sam.transaction_cancel()

								            return exc

								        else:

								            self.sam.transaction_commit()

								            return False


								    def add_in_group(self, grpName):

								        self.sam.transaction_start()

								        try:

								            self.sam.add_remove_group_members(grpName, [self.usrName], add_members_operation=True)

								        except Exception as exc:

								            self.sam.transaction_cancel()

								            return exc

								        else:

								            self.sam.transaction_commit()

								            self.memberOf = self.check_memberof()

								            return False


								    def remove_from_group(self, grpName):

								        self.sam.transaction_start()

								        try:

								            self.sam.add_remove_group_members(grpName, [self.usrName], add_members_operation=True)

								        except Exception as exc:

								            self.sam.transaction_cancel()

								            return exc

								        else:

								            self.sam.transaction_commit()

								            return False


								    def delete(self):

								        return False


								    def disable(self):

								        return False


								def users_make_ad(sam, base):

								    expression = "(&(objectCategory=person)(objectClass=user))"

								    users = {}

								    res = sam.search(base=base, expression=expression, attrs=['*', 'userAccountControl'])

								    for i in res:

								        enabled = 0

								        if int(str(i['userAccountControl'])) & 2 == 0:

								            enabled = 1

								        memberOf = []

								        for k in i['memberOf']:

								            memberOf.append(str(k).split(',')[0].split('=')[1])

								        users[str(i['samAccountName'])] = {'samAccountName': str(i['samAccountName']),

								                                           'memberOf': memberOf,

								                                           'userAccountControl': int(str(i['userAccountControl'])),

								                                           'enabled': enabled}

								    return users


								def main():

								    lp = samba.param.LoadParm()

								    lp.load(samba.param.default_path())  # или lp.load("/etc/samba/smb.conf")

								    sam = SamDB(lp=lp, session_info=system_session())

								    print(users_make_ad(sam, base))

								    test_usr = UserAd(sam, base, domainName, 'tst', "secret34daD")

								    print test_usr.memberOf

								    err = test_usr.set_passwd()

								    if err:

								        print err


								if __name__ == '__main__':

								    main()