diff --git a/config.ini.sample b/config.ini.sample index 8e40276..02b509e 100644 --- a/config.ini.sample +++ b/config.ini.sample @@ -11,3 +11,4 @@ token = 123456789abcdef ccnetPath = /opt/seafile/conf/ccnet.conf + diff --git a/seafile-ldap.py b/seafile-ldap.py index 52ebae7..27b2298 100644 --- a/seafile-ldap.py +++ b/seafile-ldap.py @@ -8,6 +8,7 @@ import argparse import os import requests import urllib3 +import json def request(resource, seafile, method='GET', data=None): if data is None: @@ -33,10 +34,6 @@ def request(resource, seafile, method='GET', data=None): return {'ok': r.ok, 'status_code': r.status_code, 'response': r.text} raise ValueError(r) -def checkIfUserHasEmail(user): - ldap.search(config['LDAP SERVER']['groupBaseDN'], '(&(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberof={0}))'.format(config['LDAP SERVER']['seafileGroupDN']), attributes=['*']) - - parser = argparse.ArgumentParser(description='Sync LDAP with Seafile') #group = parser.add_mutually_exclusive_group() #group.add_argument('-e', '--encrypt', action='store_true', help='encrypt') @@ -125,18 +122,34 @@ except core.exceptions.LDAPBindError as e: exit() logger.debug("Bind successful.") +logger.debug("Searching for users that have a email address, are enabled, and in the {} group.".format(config['LDAP SERVER']['seafileGroupDN'])) +ldap.search(config['LDAP SERVER']['groupBaseDN'], '(&(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberof={0}))'.format(config['LDAP SERVER']['seafileGroupDN']), attributes=['*']) +logger.debug("Found {0} users.".format(len(ldap.entries))) +ADusers = ldap.entries +for user in ADusers: + logger.debug("User: {0} - Email: {1} - UserDN: {2}".format(user.name, user.mail, user.distinguishedName)) + +seafileUsers = request('admin/search-user/?query=@johnhgaunt.com', seafile)['response']['user_list'] +for user in seafileUsers: + logger.debug("User: {0} - Email: {1} - isActive: {2}".format(user['name'], user['email'], user['is_active'])) +#print(ldap.entries[0].distinguishedName) +exit() +#Create a connection object, and bind with the given DN and password. +try: + conn = Connection(server, bindAccount, bindPassword, auto_bind=True) + print('LDAP Bind Successful.') + # Perform a search for a pre-defined criteria. + # Mention the search filter / filter type and attributes. + conn.search('CN=Users,dc=home,dc=johnhgaunt,dc=com', '(&(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberOf=CN=Seafile,CN=Users,DC=home,DC=johnhgaunt,DC=com))') + # Print the resulting entries. + for entry in conn.entries: + print(entry) +except core.exceptions.LDAPBindError as e: + #If the LDAP bind failed for reasons such as authentication failure. + print('LDAP Bind Failed: ', e) # sync ad users with seafile, if disabled or deleted ad user, disable in seafile -# I don't think this will work as saml/openid users are not listed with the admin/users/ nor the admin/search-users/ returns those users -#logger.debug("Searching for users that have a email address, are enabled, and in the {} group.".format(config['LDAP SERVER']['seafileGroupDN'])) -#ldap.search(config['LDAP SERVER']['groupBaseDN'], '(&(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberof={0}))'.format(config['LDAP SERVER']['seafileGroupDN']), attributes=['*']) -#logger.debug("Found {0} users.".format(len(ldap.entries))) -#for user in ldap.entries: -# logger.debug("User: {0} -- UserDN: {1}".format(user.name, user.distinguishedName)) -#seafileUsers = request('admin/search-user/?query=@', seafile)['response'] - -#print(ldap.entries[0].distinguishedName) # get ad groups and import them into seafile # loop through each group and list members