使用python脚本编写一个读取AD域中的组与用户信息同步到openldap中如果openldap中已经存在账号则更新如果不存在则创建
以下是Python脚本示例,可供参考。
import ldap
import ldap.modlist
# AD域的连接信息
ad_server = 'ldap://ad.example.com:389'
ad_username = 'administrator@example.com'
ad_password = 'password'
# OpenLDAP的连接信息
ldap_server = 'ldap://ldap.example.com:389'
ldap_username = 'cn=admin,dc=example,dc=com'
ldap_password = 'password'
# AD域中的组和用户信息
groups = [{'name': 'group1', 'dn': 'CN=group1,OU=Groups,DC=example,DC=com', 'members': ['user1', 'user2']},
{'name': 'group2', 'dn': 'CN=group2,OU=Groups,DC=example,DC=com', 'members': ['user3', 'user4']}]
users = [{'username': 'user1', 'dn': 'CN=user1,OU=Users,DC=example,DC=com', 'password': 'password1', 'email': 'user1@example.com'},
{'username': 'user2', 'dn': 'CN=user2,OU=Users,DC=example,DC=com', 'password': 'password2', 'email': 'user2@example.com'},
{'username': 'user3', 'dn': 'CN=user3,OU=Users,DC=example,DC=com', 'password': 'password3', 'email': 'user3@example.com'},
{'username': 'user4', 'dn': 'CN=user4,OU=Users,DC=example,DC=com', 'password': 'password4', 'email': 'user4@example.com'}]
# 连接AD域
ad_conn = ldap.initialize(ad_server)
ad_conn.set_option(ldap.OPT_REFERRALS, 0)
ad_conn.simple_bind_s(ad_username, ad_password)
# 连接OpenLDAP
ldap_conn = ldap.initialize(ldap_server)
ldap_conn.set_option(ldap.OPT_REFERRALS, 0)
ldap_conn.simple_bind_s(ldap_username, ldap_password)
# 同步组信息
for group in groups:
# 获取组成员列表
members = []
for member in group['members']:
user_dn = 'CN={},OU=Users,DC=example,DC=com'.format(member)
user_filter = '(distinguishedName={})'.format(user_dn)
user_attrs = ['sAMAccountName']
user_result = ad_conn.search_s(user_dn, ldap.SCOPE_BASE, user_filter, user_attrs)
if user_result:
members.append('cn={},ou=users,dc=example,dc=com'.format(user_result[0][1]['sAMAccountName'][0].decode('utf-8')))
# 创建或更新组
group_attrs = [('objectClass', [b'top', b'posixGroup']), ('cn', [group['name'].encode('utf-8')]), ('gidNumber', [str(hash(group['dn']))[-9:].encode('utf-8')]), ('memberUid', members)]
group_filter = '(cn={})'.format(group['name'])
group_result = ldap_conn.search_s('ou=groups,dc=example,dc=com', ldap.SCOPE_SUBTREE, group_filter)
if group_result:
ldap_conn.modify_s(group_result[0][0], ldap.modlist.modifyModlist(group_result[0][1], group_attrs))
else:
ldap_conn.add_s('cn={},ou=groups,dc=example,dc=com'.format(group['name']), group_attrs)
# 同步用户信息
for user in users:
# 获取用户属性
user_filter = '(sAMAccountName={})'.format(user['username'])
user_attrs = ['cn', 'givenName', 'sn', 'mail']
user_result = ad_conn.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, user_filter, user_attrs)
if user_result:
user_attrs = [('objectClass', [b'top', b'person', b'organizationalPerson', b'inetOrgPerson']), ('uid', [user['username'].encode('utf-8')]), ('cn', [user_result[0][1]['cn'][0]]), ('givenName', [user_result[0][1]['givenName'][0]]), ('sn', [user_result[0][1]['sn'][0]]), ('mail', [user_result[0][1]['mail'][0]]), ('userPassword', [user['password'].encode('utf-8')])]
# 创建或更新用户
user_filter = '(uid={})'.format(user['username'])
user_result = ldap_conn.search_s('ou=users,dc=example,dc=com', ldap.SCOPE_SUBTREE, user_filter)
if user_result:
ldap_conn.modify_s(user_result[0][0], ldap.modlist.modifyModlist(user_result[0][1], user_attrs))
else:
ldap_conn.add_s(user['dn'], user_attrs)
# 关闭连接
ad_conn.unbind()
ldap_conn.unbind()
注意:该脚本仅作为示例,需要根据实际环境进行修改和调整。同时,在使用该脚本前应该确保已经安装了Python LDAP模块
原文地址: https://www.cveoy.top/t/topic/fHvH 著作权归作者所有。请勿转载和采集!