Python et Active Directory ************************** Il existe un module standard qui permet à python de ce connecter à un serveur AD. On peut trouver le module sur les lien web suivant: * http://www.python-ldap.org * http://pypi.python.org/pypi/python-ldap/ la doc est sur http://www.python-ldap.org/doc/html/ldap.html .. note:: j'ai trouvé un installeur sur l'adresse http://www.lfd.uci.edu/~gohlke/pythonlibs/ si easy_install python-ldap ne fonctionne pas exemple d'utilisation simple permettant de ce connecter .. code-block:: python import ldap con = ldap.open('myservdc1') con.simple_bind_s('f.aoustin@myprop.fr','frederic2702') recherche de toutes les personnes ce nommant jack .. code-block:: python import ldap ldap_client = ldap.initialize('ldap://myservdc1') ldap_client.set_option(ldap.OPT_REFERRALS,0) ldap_client.simple_bind_s('f.aoustin@myprop.fr', 'frederic2702') baseDN = "DC=Myprop,DC=fr" searchScope = ldap.SCOPE_SUBTREE retrieveAttributes = None searchFilter = "cn=*jack*" results = ldap_client.search_s(baseDN, searchScope, searchFilter, retrieveAttributes) for dn,entry in results: print str(dn) for i in entry: print "\t", i, " : ", entry[i] une modification .. code-block:: python import ldap import ldap.modlist as modlist ldap_client = ldap.initialize('ldap://myservdc1') ldap_client.set_option(ldap.OPT_REFERRALS,0) ldap_client.simple_bind_s('f.aoustin@myprop.fr', 'frederic2702') baseDN = "DC=Myprop,DC=fr" searchScope = ldap.SCOPE_SUBTREE retrieveAttributes = None searchFilter = "cn=*aoustin*" results = ldap_client.search_s(baseDN, searchScope, searchFilter, retrieveAttributes) results = [(dn,entry) for dn,entry in results if dn <> None ] for dn,entry in results: old = {'title':entry['title']} new = {'title':'Chef de projet informatique'} ldif = modlist.modifyModlist(old,new) ldap_client.modify_s(dn,ldif) ldap_client.unbind_s() fichier qui permet de faire des modifications en masse via un fichier csv .. code-block:: python #!/usr/bin/env python import glob from optparse import OptionParser import sys import os, os.path import ldap import ldap.modlist as modlist import csv VERSION="0.1" PROG="majldap" DESCRIPTION="mise a jour ldap par fichier csv" AUTHOR="Service Informatique Mysociety" def read_csv(file_csv): data = [] objs = [] reader = csv.reader(open(file_csv, "rb"), delimiter=';') for row in reader: data.append(row) for i in data[1:]: obj = {} for j in range(0, len(data[0])): obj[data[0][j]] = i[j] objs.append(obj) return objs def update_ldap(ldap_client, searchScope, retrieveAttributes, obj, level1): if level1 == True: searchFilter = "sn=*%(sn)s*" % obj else: searchFilter = "(&(sn=*%(sn)s*) (givenName=*%(givenName)s*))" % obj try: results = ldap_client.search_s(baseDN, searchScope, searchFilter, retrieveAttributes) results = [(dn,entry) for dn,entry in results if dn <> None ] except Exception, e: raise "%s %s %s" % (obj['sn'], obj['givenName'], parser.error(e)) if len(results) == 0: raise Exception ("%(sn)s %(givenName)s does not exist" % obj) if len(results) == 1: dn,entry = results[0] for i in obj.keys(): if i not in ('sn','givenName'): old = {i:entry.get(i,'')} new = {i:obj[i]} ldif = modlist.modifyModlist(old,new) ldap_client.modify_s(dn,ldif) if len(results) > 1: if level1 == True: update_ldap(ldap_client, searchScope, retrieveAttributes, obj, False) else: raise Exception ("multi result for %(sn)s %(givenName)s" % obj) if __name__ == '__main__': parser = OptionParser(version="%s %s" % (PROG,VERSION)) parser.description= DESCRIPTION parser.epilog = AUTHOR parser.add_option("-p", "--password", dest="password", help ="password pour connexion ldap", default="", type="string") parser.add_option("-u", "--user", dest="user", help ="user pour connexion ldap", default="", type="string") parser.add_option("-s", "--server", dest="server", help ="serveur ldap pour connexion ldap", default="ldap://myservdc1", type="string") parser.add_option("-f", "--file", dest="file", help ="fichier csv", default="", type="string") parser.add_option("-b", "--base-dn", dest="basdn", help ="baseDN", default="DC=Myprop,DC=fr", type="string") (options, args) = parser.parse_args() try: password = options.password user = options.user server = options.server csv_file = options.file baseDN = options.basdn objs = read_csv(csv_file) ldap_client = ldap.initialize(server) ldap_client.set_option(ldap.OPT_REFERRALS,0) ldap_client.simple_bind_s(user, password) searchScope = ldap.SCOPE_SUBTREE retrieveAttributes = None for obj in objs: try: print "TREATMENT %(sn)s %(givenName)s" % obj update_ldap(ldap_client, searchScope, retrieveAttributes, obj, True) except Exception, e: print e except Exception, e: print parser.error(e) parser.print_help() sys.exit(1) des filtres utilent: - to find disabled users : (&(objectCategory=User)(userAccountControl:1.2.840.113556.1.4.803:=2)) - to find enabled users : (&(objectCategory=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))