| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 |
- #!/usr/bin/python
- #
- # Copyright (c) 2017-2018 Joe Clarke <jclarke@cisco.com>
- # All rights reserved.
- #
- # Redistribution and use in source and binary forms, with or without
- # modification, are permitted provided that the following conditions
- # are met:
- # 1. Redistributions of source code must retain the above copyright
- # notice, this list of conditions and the following disclaimer.
- # 2. Redistributions in binary form must reproduce the above copyright
- # notice, this list of conditions and the following disclaimer in the
- # documentation and/or other materials provided with the distribution.
- #
- # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- # SUCH DAMAGE.
- from pyad import *
- import sys
- import re
- import sparker
- import CLEUCreds
- import time
- AD_DN_BASE = 'cn=Users, dc=ad, dc=ciscolive, dc=network'
- DEFAULT_GROUP = 'NOC Users'
- AD_DOMAIN = 'ad.ciscolive.network'
- SPARK_TEAM = 'CL19 NOC Team'
- if __name__ == '__main__':
- spark = sparker.Sparker(token=CLEUCreds.SPARK_TOKEN)
- members = spark.get_members(SPARK_TEAM)
- #pyad.set_defaults(ldap_server=AD_DC, username=AD_USERNAME, password=AD_PASSWORD, ssl=True)
- ou = adcontainer.ADContainer.from_dn(AD_DN_BASE)
- if members is not None:
- for member in members['items']:
- m = re.search(r'([^@]+)@cisco.com$', member['personEmail'])
- if m:
- names = member['personDisplayName'].split(' ')
- fullname = names[0] + ' ' + names[-1]
- try:
- ad_user = aduser.ADUser.from_dn('cn={}, {}'.format(
- fullname, AD_DN_BASE))
- if ad_user is not None:
- sys.stderr.write(
- 'Not creating {} as they already exist.\n'.format(m.group(1)))
- continue
- except Exception:
- pass
- try:
- new_user = aduser.ADUser.create(
- fullname, ou, password=CLEUCreds.DEFAULT_USER_PASSWORD)
- except Exception as e:
- sys.stderr.write(
- "Failed to create user {}: {}\n".format(m.group(1), e))
- continue
- new_user.update_attribute('mail', member['personEmail'])
- try:
- new_user.update_attribute('sAMAccountName', m.group(1))
- new_user.update_attribute(
- 'userPrincipalName', '{}@{}'.format(m.group(1), AD_DOMAIN))
- except Exception:
- try:
- new_user.delete()
- sys.stderr.write(
- 'Error adding user {} (maybe duplicate?)\n'.format(m.group(1)))
- continue
- except:
- pass
- try:
- new_user.force_pwd_change_on_login()
- except Exception as e:
- sys.stderr.write('Error setting password policy for user {}: {}'.format(m.group(1), e))
- def_group = adgroup.ADGroup.from_cn(DEFAULT_GROUP)
- def_group.add_members([new_user])
- print('Added user {}'.format(m.group(1)))
- time.sleep(1)
- else:
- sys.stderr.write(
- 'Unable to get members from Spark.\nMake sure the bot is part of the Spark team.\n')
|
