Reading Microsoft AD users via python
I have the following script in python, that reads user properties from Microsoft Active Directory. However I have some basic issues regarding string manipulation with this tool.
Basically, I try to read:
username, first name, last name
and then feed this result to a shell command in my linux system.
however I cannot properly handle the following situations:
a- first name field is blank
b- first name field contains spaces example "Erick Perez"
c- same for last name field (a and b)
d- last name or first name contains numbers, tildes or the letter ñ. (ASCII 0164)
Please advice.
Basically, I try to read:
username, first name, last name
and then feed this result to a shell command in my linux system.
however I cannot properly handle the following situations:
a- first name field is blank
b- first name field contains spaces example "Erick Perez"
c- same for last name field (a and b)
d- last name or first name contains numbers, tildes or the letter ñ. (ASCII 0164)
Please advice.
#!/usr/bin/python
#--------------------------------------------------------------------------------------------------
# Notes:
# This script automatically creates zimbra accounts from active directory.
# The user must be enabled, otherwise it will be skipped.
#--------------------------------------------------------------------------------------------------
# Variables can be changed here:
import ldap, string, os, time, sys
# BaseDN to search for user accounts.
base = 'cn=users,dc=quadrian,dc=gob,dc=pa'
scope = ldap.SCOPE_SUBTREE
# We filter for user accounts only, we skip machine and groups
filter = "(&(objectclass=person) (uid=%s))"
# Active Directory Domain Name
domain = "quadrian.gob.pa"
# Active Directory Domain Controller
ldapserver="ancon"
#ldap port usually 389
port="389"
# Email domain to be used in mail applications
emaildomain="quadrian.gob.pa"
# Bind Domain for LDAP user account that will query the AD
ldapbinddomain="organojudicial"
#the account name of the account to bind to ldap and query de AD
ldapbind="zimbrasync"
ldappassword="xxxxxxx"
pathtozmprov="/opt/zimbra/bin/zmprov"
#--------------------------------------------------------------------------------------------------
# Here We list all Zimbra Accounts. So we can compare if the account we read from AD
# is already created in Zimbra or not.
f = os.popen(pathtozmprov +' gaa')
zmprovgaa= []
zmprovgaa = f.readlines()
# Here we initialize the LDAP connection
l=ldap.initialize("ldap://"+ldapserver+"."+domain+":"+port)
try:
l.simple_bind_s(ldapbinddomain+"\\"+ldapbind,ldappassword)
except ldap.INVALID_CREDENTIALS:
print "Your username or password to bind to LDAP is incorrect."
sys.exit()
except ldap.LDAPError, e:
if type(e.message) == dict and e.message.has_key('desc'):
print e.message['desc']
else:
print e
sys.exit()
# End of LDAP initialization
# Now we look for ENABLED user accounts in AD and get the following values
# sAMAccountName is the username to log on to the domain
# givenName is the first name
# sn is the surname or last name
# example of current usernames in the domain
# 4-982-345
# ericklatam
# memberOf are the groups this user belongs to
try:
res = l.search_s(base,scope, "(&(ObjectCategory=user) (userAccountControl=512))", ['sAMAccountName','givenName','sn','memberOf'])
#userAccountControl 512 = normal , 514 = disabled account
for (dn, vals) in res:
accountname = vals['sAMAccountName'][0].lower()
print "accountname: "+accountname
try:
sirname = vals['sn'][0].lower()
except:
sirname = vals['sAMAccountName'][0].lower()
try:
givenname = vals['givenName'][0]
except:
givenname = vals['sAMAccountName'][0].lower()
try:
groups = vals['memberOf']
except:
groups = 'none'
initial = givenname[:1].upper()
sirname = sirname.replace(' ', )
sirname = sirname.replace('\\', )
sirname = sirname.replace('-', )
sirname = sirname.capitalize()
name = initial + "." + sirname
accountname = accountname + "@" + emaildomain
password = " \'\' "
sys.stdout.flush()
# if the account doesn't exist in the output of zmprov gaa create the account
if accountname +"\n" not in zmprovgaa:
print accountname," exists in active directory but not in zimbra, the account is being created\n"
time.sleep(1)
os.system(pathtozmprov +' ca %s %s displayName %s' % (accountname,password,name))
l.unbind_s()
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well, did you solved the problem with my hints? Or why you accepted it?
ASKER
i will repost with exmaples.