# -*- coding:utf8 -*-
import ldap3
from ldap3import Connection,Server,ALL,SUBTREE,MODIFY_REPLACE
from appimport app, out_logger
import psutil
class AdApi(object):
server =None
connect =None
@staticmethod
def init_connection():
try:
# AdApi.server = Server(app.config['ADSERVER'], app.config['ADSERVERPORT'], get_info=ALL)
AdApi.server = Server(app.config['ADSERVER'], app.config['ADSERVERPORT'], use_ssl=True)
AdApi.connect = Connection(AdApi.server, user=app.config['ADACCOUNT'], password=app.config['ADPASSWORD'], auto_bind=True)
AdApi.connect.start_tls()
except Exception, e:
out_logger.exception("init_connection error: %s", e)
@staticmethod
def list_ad_user(adconfig):
#从AD域服务器拉取用户列表,每次1000
if AdApi.serveris None or AdApi.connectis None:
AdApi.init_connection()
try:
AdApi.connect.search(adconfig, '(objectclass=person)', attributes=['cn', 'description','userAccountControl'], paged_size=1000,
search_scope=SUBTREE)
ad_users_list =list()
ad_users_list.extend(AdApi.connect.entries)
cookie = AdApi.connect.result['controls']['1.2.840.113556.1.4.319']['value']['cookie']
while cookie:
AdApi.connect.search(adconfig, '(objectclass=person)', attributes=['cn', 'description','userAccountControl'], paged_size=1000,
search_scope=SUBTREE, paged_cookie=cookie)
ad_users_list.extend(AdApi.connect.entries)
cookie = AdApi.connect.result['controls']['1.2.840.113556.1.4.319']['value']['cookie']
out_logger.debug(ad_users_list)
return ad_users_list
except Exception, e:
out_logger.exception("init_connection error: %s", e)
AdApi.server =None
AdApi.connect =None
@staticmethod
def delete_ad_user(username,adconfig):
# 删除ad用户
if AdApi.serveris None or AdApi.connectis None:
AdApi.init_connection()
try:
out_logger.info("delete_ad_user :"+username)
res = AdApi.connect.delete('CN=' + username +',' + adconfig)
out_logger.info(res)
return res
except Exception, e:
out_logger.exception("delete_ad_user error: %s", e)
AdApi.server =None
AdApi.connect =None
return False
@staticmethod
def add_ad_user(username, password, description,adflag):
# 增加ad用户
if AdApi.serveris None or AdApi.connectis None:
AdApi.init_connection()
try:
out_logger.info("add_ad_user :"+username)
AdApi.connect.add('CN=' + username +',' + adflag, ['User'],
{'displayName': username, 'description': description,
'userPrincipalName':'%s@%s' % (username, app.config['DN']), 'userAccountControl':'544',
'sAMAccountName': username, 'pwdLastSet': -1})
#增加用户之后,修改密码
USER_DN ='cn=%s,%s' % (username, adflag)
CURREENTPWD =''
NEWPWD = password
ldap3.extend.microsoft.modifyPassword.ad_modify_password(AdApi.connect, USER_DN, NEWPWD, CURREENTPWD, controls=None)
res = AdApi.connect.result
if res['result'] ==0 and res['description'] =='success':
return True
else:
return False
except Exception, e:
out_logger.exception("add_ad_user error: %s", e)
AdApi.server =None
AdApi.connect =None
return False
@staticmethod
def disable_ad_user(username,adconfig):
#禁用ad用户
if AdApi.serveris None or AdApi.connectis None:
AdApi.init_connection()
try:
out_logger.info("disable_ad_user :"+username)
AdApi.connect.modify('CN=' + username +',' + adconfig, {'userAccountControl': [(MODIFY_REPLACE, ['514'])]})
res = AdApi.connect.result
if res['result'] ==0 and res['description'] =='success':
return True
else:
return False
except Exception, e:
out_logger.exception("disable_ad_user error: %s", e)
AdApi.server =None
AdApi.connect =None
return False
@staticmethod
def enable_ad_user(username,adconfig):
# 启用ad用户
if AdApi.serveris None or AdApi.connectis None:
AdApi.init_connection()
try:
out_logger.info("enable_ad_user :" + username)
AdApi.connect.modify('CN=' + username +',' + adconfig,
{'userAccountControl': [(MODIFY_REPLACE, ['544'])]})
res = AdApi.connect.result
if res['result'] ==0 and res['description'] =='success':
return True
else:
return False
except Exception, e:
out_logger.exception("enable_ad_user error: %s", e)
AdApi.server =None
AdApi.connect =None
return False
@staticmethod
def get_user_pwd_last_set(username):
if AdApi.serveris None or AdApi.connectis None:
AdApi.init_connection()
try:
AdApi.connect.search(app.config['BASEDN'], '(&(objectclass=User)(CN=%s))' % username, attributes=['pwdLastSet'])
ens = AdApi.connect.entries
for ein ens:
pwd_last_set = e['pwdLastSet']
pwd_last_set = pwd_last_set.value
return pwd_last_set
except Exception, e:
out_logger.exception("get_user_pwd_last_set error: %s", e)
AdApi.server =None
AdApi.connect =None