# -*- coding: utf-8 -*-
import json
from ldap3 import Server, Connection, ALL, SUBTREE, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES
from ldap3.extend.microsoft.addMembersToGroups import ad_add_members_to_groups
from ldap3.extend.microsoft.removeMembersFromGroups import ad_remove_members_from_groups
LDAP_SERVER = "服务器ip"
LDAP_USER = "用户@域名"
LDAP_PASSWORD = "密码"
LDAP_BASE_DN = "DC=xx,DC=com,DC=cn"
LDAP_CONPANY = "xx"
LDAP_SSL_PORT = 636
LDAP_USE_SSL = True
class KyeLdap(object):
"""AD域管理"""
def __init__(self):
self.server = Server(LDAP_SERVER, get_info=ALL)
self.conn = Connection(self.server, LDAP_USER, LDAP_PASSWORD, auto_bind=True)
self.base_dn = LDAP_BASE_DN
def query__groups(self):
"""获取ad域中的xx用户组"""
self.conn.search(search_base="OU=xx,OU=xx Group,OU=xx," + self.base_dn,
search_filter='(objectClass=Group)',
search_scope=SUBTREE,
attributes=[ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES])
data = json.loads(self.conn.response_to_json())
print(data)
# 生成response json数据
_groups = {"groups": []}
for obj in data["entries"]:
_groups["groups"].append({"dn": obj["dn"], "name": obj["attributes"]["name"]})
return _groups
# def query_user_info(self, employee_code):
# """
# 通过工号查询ad域用户dn信息
# @param employee_code: 员工工号
# """
# search_condition = '(&(|(employeeID={0})(sAMAccountName={0}))(objectClass=Person))'.format(employee_code)
# self.conn.search(search_base=self.base_dn,
# search_filter=search_condition,
# search_scope=SUBTREE,
# attributes=[ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES])
# data = json.loads(self.conn.response_to_json())
# if data.get("entries"):
# if data.get("entries")[0].get("attributes").get("employeeID"):
# ecode = data["entries"][0]["attributes"]["employeeID"]
# else:
# ecode = data["entries"][0]["attributes"]["sAMAccountName"]
# user_info = {"employee_code": ecode,
# "name": data["entries"][0]["attributes"]["name"],
# "dn": data["entries"][0]["attributes"]["distinguishedName"]}
# return user_info
# else:
# return ("未查询到工号为 %s 的用户" % employee_code)
#
# def query_user_list(self, attr=[ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES]):
# """
# AD域OU=xx组织下的用户数据
# @return: List
# """
# self.conn.search(search_base='OU=xx,DC=xx,DC=com,DC=cn',
# search_filter='(objectClass=organizationalPerson)',
# search_scope=SUBTREE,
# attributes=attr,
# paged_size=1000)
# ad_user_list = json.loads(self.conn.response_to_json())["entries"]
# cookie = self.conn.result['controls']['1.2.840.113556.1.4.319']['value']['cookie']
#
# while cookie:
# self.conn.search(search_base='OU=xx,DC=xx,DC=com,DC=cn',
# search_filter='(objectClass=organizationalPerson)',
# search_scope=SUBTREE,
# attributes=attr,
# paged_size=1000,
# paged_cookie=cookie)
# ad_user_list += json.loads(self.conn.response_to_json())["entries"]
# cookie = self.conn.result['controls']['1.2.840.113556.1.4.319']['value']['cookie']
# return ad_user_list
#
# def group_add_user(self, user_dn, group_dn):
# """
# 增加用户到某个AD Group下
# @param user_dn: ad域用户的dn信息
# @param group_dn: 组dn信息
# """
# res = ad_add_members_to_groups(self.conn, user_dn, group_dn)
# return res
#
# def group_remove_user(self, user_dn, group_dn, fix=True):
# """
# 从某个AD Group中移除用户
# @param user_dn: ad域用户dn信息
# @param group_dn: 组dn信息
# """
# res = ad_remove_members_from_groups(self.conn, user_dn, group_dn, fix)
# return res
aa = KyeLdap()
print(aa.query__groups())
