Advertisement
Advertisement
| 09.30.2008 at 03:13PM PDT, ID: 23776359 | Points: 500 |
|
[x]
Attachment Details
|
||
1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: |
#!/usr/bin/python
#--------------------------------------------------------------------------------------------------
# Notes:
# This script automatically creates zimbra accounts from active directory.
# The user must be enabled, otherwise it will be skipped.
#--------------------------------------------------------------------------------------------------
# Variables can be changed here:
import ldap, string, os, time, sys
# BaseDN to search for user accounts.
base = 'cn=users,dc=quadrian,dc=gob,dc=pa'
scope = ldap.SCOPE_SUBTREE
# We filter for user accounts only, we skip machine and groups
filter = "(&(objectclass=person) (uid=%s))"
# Active Directory Domain Name
domain = "quadrian.gob.pa"
# Active Directory Domain Controller
ldapserver="ancon"
#ldap port usually 389
port="389"
# Email domain to be used in mail applications
emaildomain="quadrian.gob.pa"
# Bind Domain for LDAP user account that will query the AD
ldapbinddomain="organojudicial"
#the account name of the account to bind to ldap and query de AD
ldapbind="zimbrasync"
ldappassword="xxxxxxx"
pathtozmprov="/opt/zimbra/bin/zmprov"
#--------------------------------------------------------------------------------------------------
# Here We list all Zimbra Accounts. So we can compare if the account we read from AD
# is already created in Zimbra or not.
f = os.popen(pathtozmprov +' gaa')
zmprovgaa= []
zmprovgaa = f.readlines()
# Here we initialize the LDAP connection
l=ldap.initialize("ldap://"+ldapserver+"."+domain+":"+port)
try:
l.simple_bind_s(ldapbinddomain+"\\"+ldapbind,ldappassword)
except ldap.INVALID_CREDENTIALS:
print "Your username or password to bind to LDAP is incorrect."
sys.exit()
except ldap.LDAPError, e:
if type(e.message) == dict and e.message.has_key('desc'):
print e.message['desc']
else:
print e
sys.exit()
# End of LDAP initialization
# Now we look for ENABLED user accounts in AD and get the following values
# sAMAccountName is the username to log on to the domain
# givenName is the first name
# sn is the surname or last name
# example of current usernames in the domain
# 4-982-345
# ericklatam
# memberOf are the groups this user belongs to
try:
res = l.search_s(base,scope, "(&(ObjectCategory=user) (userAccountControl=512))", ['sAMAccountName','givenName','sn','memberOf'])
#userAccountControl 512 = normal , 514 = disabled account
for (dn, vals) in res:
accountname = vals['sAMAccountName'][0].lower()
print "accountname: "+accountname
try:
sirname = vals['sn'][0].lower()
except:
sirname = vals['sAMAccountName'][0].lower()
try:
givenname = vals['givenName'][0]
except:
givenname = vals['sAMAccountName'][0].lower()
try:
groups = vals['memberOf']
except:
groups = 'none'
initial = givenname[:1].upper()
sirname = sirname.replace(' ', )
sirname = sirname.replace('\\', )
sirname = sirname.replace('-', )
sirname = sirname.capitalize()
name = initial + "." + sirname
accountname = accountname + "@" + emaildomain
password = " \'\' "
sys.stdout.flush()
# if the account doesn't exist in the output of zmprov gaa create the account
if accountname +"\n" not in zmprovgaa:
print accountname," exists in active directory but not in zimbra, the account is being created\n"
time.sleep(1)
os.system(pathtozmprov +' ca %s %s displayName %s' % (accountname,password,name))
l.unbind_s()
|
