import ldap import ldap.sasl import subprocess import re import os class SambaSIDFixer: def __init__(self): self.LDAP_SECRET1 = '/etc/lliurex-cap-secrets/ldap-master/ldap' self.LDAP_SECRET2 = '/etc/lliurex-secrets/passgen/ldap.secret' def getActualSambaSID(self): result = subprocess.Popen('LANG=C LANGUAGE=en net getlocalsid',stdout=subprocess.PIPE, stderr=subprocess.PIPE,shell=True).communicate()[0] sid = re.search('SID for domain \w+ is: (.*)',result) if sid != None: sid = sid.group(1) return sid def connection_ldapi(self): self.auth=ldap.sasl.sasl('','EXTERNAL') try: self.connect_ldapi=ldap.initialize('ldapi:///',trace_level=0) self.connect_ldapi.protocol_version=3 self.connect_ldapi.sasl_interactive_bind_s("",self.auth) return True except: self.connect_ldapi = None return False def connection_ldap(self): try: self.connect_ldap=ldap.initialize('ldap://localhost:389',trace_level=0) self.connect_ldap.protocol_version=3 if os.path.exists(self.LDAP_SECRET1): f=open(self.LDAP_SECRET1) lines=f.readlines() f.close() password=lines[0].replace("\n","") elif os.path.exists(self.LDAP_SECRET2): f=open(self.LDAP_SECRET2) lines=f.readlines() f.close() password=lines[0].replace("\n","") else: self.connect_ldap = None return False ldapbasedn = "dc=ma5,dc=lliurex,dc=net" self.connect_ldap.bind_s("cn=admin,"+ldapbasedn,password) return True except Exception as e: print "\n\nError" + str(e) + "\n\n" self.connect_ldap = None return False def updateUsers(self,actualDomainSID): allUsers = self.connect_ldap.search_s('dc=ma5,dc=lliurex,dc=net',ldap.SCOPE_SUBTREE,attrlist=['sambaSID','objectClass']) for x in allUsers: if(x[1].has_key('sambaSID')): dn = x[0] values = x[1] if values['sambaSID'][0].find(actualDomainSID) != 0: newSID = actualDomainSID if not 'sambaDomain' in values['objectClass']: newSID = actualDomainSID + "-" + values['sambaSID'][0].split("-")[-1] updateSID = [(ldap.MOD_REPLACE,'sambaSID',newSID)] try: self.connect_ldap.modify_s(dn,updateSID) except Exception as e: print " *** Error : " , e pass def run(self): print self.connection_ldap() actualDomainSID = self.getActualSambaSID() self.updateUsers(actualDomainSID) if __name__ == '__main__': a = SambaSIDFixer() a.run()