Using Python to administer Samba-AD¶
You can find the official documentation of the api on the Samba website.
Note
Samba Python API are based on Python 3.6 or higher.
Importing the necessary Python libraries¶
#!/usr/bin/python
# -*- coding: utf-8 -*-
import getpass
import ldb
from samba.auth import system_session
from samba.credentials import Credentials
from samba.dcerpc import security
from samba.dcerpc.security import dom_sid
from samba.ndr import ndr_pack, ndr_unpack
from samba.param import LoadParm
from samba.samdb import SamDB
Creating the Python classes that will help you¶
For opening a connection in LDAP mode (with a network access):
lp = LoadParm() creds = Credentials() creds.guess(lp) creds.set_username('user_account_name') creds.set_password('my_super_password') samdb = SamDB(url='ldap://127.0.0.1:389', session_info=system_session(),credentials=creds, lp=lp)
For opening a live connection on the LDB database (direct access to the LDB database files):
lp = LoadParm() creds = Credentials() creds.guess(lp) samdb = SamDB(url='/var/lib/samba/private/sam.ldb', session_info=system_session(),credentials=creds, lp=lp)
Acting on the Organizational Units¶
Deleting an Organizational Unit¶
def delete_ou(samdb, dn):
samdb.transaction_start()
try:
samdb.delete(dn)
except:
samdb.transaction_cancel()
raise
else:
samdb.transaction_commit()
delete_ou(samdb,'OU=department,OU=city,DC=mydomain,DC=lan')
Creating an Organizational Unit¶
samdb.create_ou('OU=department,OU=city,DC=mydomain,DC=lan')
Acting on users¶
Creating a user¶
samdb.newuser(username="test-toto",password='password')
Deleting a user¶
samdb.deleteuser(username="jpdrole")
Setting a user’s password¶
samdb.setpassword("(sAMAccountName=test-toto)", "123456", force_change_at_next_login=False, username=None)
Moving a user to another Organizational Unit¶
samdb.rename('CN=test-toto,CN=Users,DC=mydomain,DC=lan','CN=test-toto,OU=tata,OU=tranquilit,DC=mydomain,DC=lan')
Acting on groups¶
Creating a group¶
samdb.newgroup(groupname='waptselfservice')
Adding a user or machine to a group¶
samdb.add_remove_group_members(groupname='waptselfservice', members=['test-toto','dcardon','vcardon'], add_members_operation=True)
Deleting a user or machine from a group¶
samdb.add_remove_group_members(groupname='waptselfservice', members=['test-toto','dcardon','vcardon'], add_members_operation=False)
Searching for objects in an Active Directory Samba Forest¶
Displaying all user, group, computer objects¶
query = "(|(objectclass=user)(objectclass=computer)(objectclass=group))"
result = samdb.search('DC=mydomain,DC=lan', expression=query, scope=ldb.SCOPE_SUBTREE)
for item in result:
if 'sAMAccountName' in item:
print(item['distinguishedName'])
print(item['sAMAccountName'])
Searching for an object by its sAMAccountName¶
query = ("(sAMAccountName=test-toto)")
result = samdb.search('DC=mydomain,DC=lan', expression=query, scope=ldb.SCOPE_SUBTREE)
Acting on attributes¶
Modifying an attribute¶
Warning
Watch the indentation. The second line of the LDIF string (here changetype) and all subsequent lines must not be indented as is usually done in Python, because LDIF parsers do not accept spaces at the beginning of lines.
ldif_data = """dn: %s
changetype: modify
replace: mail
mail: test-toto@tranquil.it
""" % dn
samdb.modify_ldif(ldif_data)
Adding an attribute¶
Warning
Watch the indentation. The second line of the LDIF string (here changetype) and all subsequent lines must not be indented as is usually done in Python, because LDIF parsers do not accept spaces at the beginning of lines.
ldif_data = """dn: CN=test-toto,OU=tata,OU=tranquilit,DC=mydomain,DC=lan
changetype: modify
add: telephoneNumber
telephoneNumber: 0102030405
"""
samdb.modify_ldif(ldif_data)