Browse Source

Fix after test ...

Simon Fonteneau 2 months ago
parent
commit
800e92e349
3 changed files with 31 additions and 19 deletions
  1. 1
    2
      README.md
  2. 1
    4
      gaps.conf
  3. 29
    13
      gapslib.py

+ 1
- 2
README.md View File

@@ -1,9 +1,8 @@
1 1
 Google Apps Password Sync for Samba4
2 2
 ===========
3 3
 
4
-
5 4
 Reads from your Samba4 AD and updates passwords in Google Apps 
6
-Note that this solution requires you to enable "password hash userPassword schemes = CryptSHA256" in smb.conf if you use CryptSHA256 or CryptSHA512
5
+Note that this solution requires you to enable "password hash userPassword schemes = CryptSHA256 CryptSHA512" in smb.conf
7 6
 
8 7
 Python Dependencies
9 8
 ===========

+ 1
- 4
gaps.conf View File

@@ -2,12 +2,9 @@
2 2
 domain = yourdomain.com
3 3
 replace_domain = false
4 4
 path_password_file=/root/dict_mail_password.json
5
-#attr_password=virtualCryptSHA256
5
+attr_password=virtualCryptSHA256
6 6
 #attr_password=virtualCryptSHA512
7 7
 
8
-#NTLM
9
-attr_password=unicodePwd
10
-
11 8
 [google]
12 9
 admin_email = adminuser@yourdomain.com
13 10
 service_json = /etc/gaps/service.json

+ 29
- 13
gapslib.py View File

@@ -55,8 +55,6 @@ def createDirectoryService(user_email):
55 55
 
56 56
 def update_password(mail, pwd):
57 57
     # Create a new service object
58
-    print mail
59
-    print pwd
60 58
     service = createDirectoryService(config.get('google', 'admin_email'))
61 59
 
62 60
     try:
@@ -66,15 +64,15 @@ def update_password(mail, pwd):
66 64
         return 0
67 65
 
68 66
     user['hashFunction'] = 'crypt'
69
-    user['password'] = password
70
-
67
+    user['password'] = pwd.replace('{CRYPT}','')
71 68
     try:
69
+        #Change password
72 70
         service.users().update(userKey = mail, body=user).execute()
73 71
         syslog.syslog(syslog.LOG_WARNING, '[NOTICE] Updated password for %s' % mail)
74
-        dict_mail_password[str(user["mail"])]=str(password[passwordattr])
72
+        dict_mail_password[str(mail)]=str(pwd)
75 73
         open(filename,'w').write(json.dumps(dict_mail_password))
76
-    except:
77
-        syslog.syslog(syslog.LOG_WARNING, '[ERROR] Could not update password for %s ' % mail)
74
+    except Exception as e:
75
+        syslog.syslog(syslog.LOG_WARNING, '[ERROR] %s : %s' % (mail,str(e)))
78 76
     finally:
79 77
         service = None
80 78
 
@@ -91,25 +89,43 @@ def run():
91 89
     creds = Credentials()
92 90
     creds.guess(lp)
93 91
     samdb_loc = SamDB(url=param_samba['pathsamdb'], session_info=system_session(),credentials=creds, lp=lp)
94
-    filename ='dict_mail_password.json'
95 92
     testpawd = GetPasswordCommand()
96 93
     testpawd.lp = lp
97
-
98 94
     passwordattr = config.get('common', 'attr_password')
95
+    allmail = {}
96
+
97
+    # Search all users
99 98
     for user in samdb_loc.search(base=param_samba['adbase'], expression="(&(objectClass=user)(mail=*))", attrs=["mail","sAMAccountName"]):
100 99
         mail = str(user["mail"])
100
+
101
+        #replace mail if replace_domain in config
101 102
         if config.get('common', 'replace_domain'):
102 103
             mail = mail.split('@')[0] + '@' + config.get('common', 'domain')
103 104
 
105
+        #give password
104 106
         password = testpawd.get_account_attributes(samdb_loc,None,param_samba['basedn'],filter="(sAMAccountName=%s)" % (str(user["sAMAccountName"])),scope=ldb.SCOPE_SUBTREE,attrs=[passwordattr],decrypt=True)
107
+        password = str(password[passwordattr])
105 108
 
106
-        if passwordattr == 'unicodePwd':
107
-            password = '$3$$' + str(password[passwordattr]).encode('hex')
108
-        else:
109
-            password = str(password[passwordattr])
109
+        #add mail in all mail
110
+        allmail[mail] = None
110 111
 
112
+        # Update if password different in dict mail password
111 113
         if str(password) != dict_mail_password.get(mail,''):
112 114
             update_password(mail, password)
113 115
 
116
+    #delete user found in dict mail password but not found in samba
117
+    listdelete = []
118
+    for user in dict_mail_password :
119
+        if not user in allmail:
120
+            listdelete.append(user)
121
+
122
+    for user in listdelete:
123
+        del dict_mail_password[user]
124
+
125
+    #write new json dict mail password
126
+    with open(filename, "w") as fOut:
127
+        open(filename,'w').write(json.dumps(dict_mail_password))
128
+
129
+
114 130
 
115 131
 

Loading…
Cancel
Save