最近有需求要串接AD操作

就利用了Python寫一些需要的功能

List Group Member

from ldap3 import Server, Connection, ALL, NTLM
host = Server('ldap://Your.AD.IP:Port', get_info = ALL)
conn = Connection(host, user='YourAccount', password='YourPassword', check_names=True, lazy=False, raise_exceptions=True)
conn.open()
conn.bind()

event = 'SomeGroup'
conn.search('cn='+event+',ou=AD_OU1,ou=AD_OU,dc=Domain,dc=com,dc=tw', '(objectClass=group)', 'SUBTREE', attributes = ['member'])

re = conn.entries
print('The ' + event + ' Member Lists:')

for entry in re:
    for member in entry.member.values:
        member = member.split(',')
        print(member[0].replace('CN=',''))
conn.unbind()

Add Member To Group

from ldap3 import Server, Connection, ALL, MODIFY_ADD

host = Server('ldap://Your.AD.IP:Port', get_info = ALL)
conn = Connection(host, user='YourAccount', password='YourPassword', check_names=True, lazy=False, raise_exceptions=True)
conn.open()
conn.bind()

user = 'SomeoneWillAddToGroup'
groupCN = 'GroupName'
conn.search(search_base = 'ou=AD_OU,dc=Domain,dc=com,dc=tw', search_filter = '(&(objectclass=person)(cn=' + user + '*))', search_scope='SUBTREE', attributes = ['*'])
re = conn.entries
getDn = re[0].distinguishedName
getDn = str(getRe)

group = 'cn='+ groupCN +',ou=AD_OU1,ou=AD_OU,dc=Domain,dc=com,dc=tw'

conn.modify(dn=group, changes={'member': [(MODIFY_ADD, [getDn])]})
print(conn.entries)
conn.unbind()

Remove Member To Group

from ldap3 import Server, Connection, ALL, MODIFY_DELETE

host = Server('ldap://Your.AD.IP:Port', get_info = ALL)
conn = Connection(host, user='YourAccount', password='YourPassword', check_names=True, lazy=False, raise_exceptions=True)
conn.open()
conn.bind()

user = 'SomeoneWillDelToGroup'
groupCN = 'GroupName'
conn.search(search_base = 'ou=AD_OU,dc=Domain,dc=com,dc=tw', search_filter = '(&(objectclass=person)(cn=' + user + '*))', search_scope='SUBTREE', attributes = ['*'])
re = conn.entries
getRe = re[0].distinguishedName
getRe = str(getRe)
group = 'cn='+ groupCN +',ou=AD_OU1,ou=AD_OU,dc=Domain,dc=com,dc=tw'

conn.modify(dn=group, changes={'member': [(MODIFY_DELETE, [getRe])]})
conn.unbind()

因為這最後是要上Lambda的,所以把功能都分開寫

有將這三個功能整合起來放到github

更多功能請到ldap3-doc上面看

也請參照RFC 4510取得更多資訊