From 202619d6846653925af9fd0b11ab70f032550159 Mon Sep 17 00:00:00 2001 From: John Gaunt Date: Thu, 21 Oct 2021 15:35:09 -0400 Subject: [PATCH 1/3] update ini and added email in ldap seafile group search --- config.ini.sample | 6 ++++-- seafile-ldap.py | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/config.ini.sample b/config.ini.sample index e038e1e..4b439c7 100644 --- a/config.ini.sample +++ b/config.ini.sample @@ -13,9 +13,9 @@ port = 636 # ldap ssl, true for yes, false for no ssl = true # group DN for where the groups are located -groupBaseDN = CN=Users,,DC=samples,DC=com +groupBaseDN = CN=Users,DC=samples,DC=com # user DN for where the groups are located -userBaseDN = CN=Users,,DC=samples,DC=com +userBaseDN = CN=Users,DC=samples,DC=com # group that grants access to seafile, if not in this group, no access to seafile seafileGroupDN = CN=Seafile,CN=Users,DC=samples,DC=com @@ -31,5 +31,7 @@ password = super_Secret_p@ssword_G0es_H3r3 url = https://seafile.com # token for a admin account token = 123456789abcdef +# local admin accountin Seafile, we want to make sure to not diable this account +admin = admin@seafile.com diff --git a/seafile-ldap.py b/seafile-ldap.py index 46507d6..cf40eea 100644 --- a/seafile-ldap.py +++ b/seafile-ldap.py @@ -98,7 +98,7 @@ logger.debug("Searching for users that have a email address, are enabled, and in ldap.search(config['LDAP SERVER']['groupBaseDN'], '(&(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberof={0}))'.format(config['LDAP SERVER']['seafileGroupDN']), attributes=['*']) logger.debug("Found {0} users.".format(len(ldap.entries))) for user in ldap.entries: - logger.debug("User: {0} -- UserDN: {1}".format(user.name, user.distinguishedName)) + logger.debug("User: {0} - Email: {1} - UserDN: {1}".format(user.name, user.mail, user.distinguishedName)) seafileUsers = request('admin/search-user/?query=@johnhgaunt.com', seafile)['response'] From d21370943657cf4c33044e5f5748e6ed75f3a2af Mon Sep 17 00:00:00 2001 From: John Gaunt Date: Thu, 21 Oct 2021 15:37:29 -0400 Subject: [PATCH 2/3] Update seafile-ldap.py --- seafile-ldap.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/seafile-ldap.py b/seafile-ldap.py index cf40eea..a18f418 100644 --- a/seafile-ldap.py +++ b/seafile-ldap.py @@ -127,3 +127,11 @@ except core.exceptions.LDAPBindError as e: # add users to group if missing and in the seafile group # remove members in not in group or seafile group # remove seafile groups if ad group is removed +ldap.search(config['LDAP SERVER']['groupBaseDN'], '(objectClass=group)', attributes=['*']) +#print(ldap.entries) +for group in ldap.entries: + try: + if group.member: + logger.debug("{0}".format(group.name)) + finally: + continue From 5d15c77cd57e0842baef31db42df7bf26179ca55 Mon Sep 17 00:00:00 2001 From: John Gaunt Date: Thu, 21 Oct 2021 16:53:33 -0400 Subject: [PATCH 3/3] Update seafile-ldap.py --- seafile-ldap.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/seafile-ldap.py b/seafile-ldap.py index a18f418..f8d7fc2 100644 --- a/seafile-ldap.py +++ b/seafile-ldap.py @@ -8,6 +8,7 @@ import argparse import os import requests import urllib3 +import json def request(resource, seafile, method='GET', data=None): if data is None: @@ -97,11 +98,13 @@ logger.debug("Bind successful.") logger.debug("Searching for users that have a email address, are enabled, and in the {} group.".format(config['LDAP SERVER']['seafileGroupDN'])) ldap.search(config['LDAP SERVER']['groupBaseDN'], '(&(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(memberof={0}))'.format(config['LDAP SERVER']['seafileGroupDN']), attributes=['*']) logger.debug("Found {0} users.".format(len(ldap.entries))) -for user in ldap.entries: - logger.debug("User: {0} - Email: {1} - UserDN: {1}".format(user.name, user.mail, user.distinguishedName)) - -seafileUsers = request('admin/search-user/?query=@johnhgaunt.com', seafile)['response'] - +ADusers = ldap.entries +for user in ADusers: + logger.debug("User: {0} - Email: {1} - UserDN: {2}".format(user.name, user.mail, user.distinguishedName)) + +seafileUsers = request('admin/search-user/?query=@johnhgaunt.com', seafile)['response']['user_list'] +for user in seafileUsers: + logger.debug("User: {0} - Email: {1} - isActive: {2}".format(user['name'], user['email'], user['is_active'])) #print(ldap.entries[0].distinguishedName) exit() #Create a connection object, and bind with the given DN and password.