save

alainabbas · alainabbas · commit 46d59727e812 · 2024-08-24T19:33:35.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -159,4 +159,7 @@ cython_debug/
 #  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
+.idea/
+.DS_Store
+/src/.ssh
+src/etc/config.conf
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,2 @@
+paramiko>=3.4.1
+Jinja2>=3.1.4
diff --git a/src/bin/changepwd.py b/src/bin/changepwd.py
@@ -0,0 +1,13 @@
+import sys
+sys.path.insert(0, '../lib')
+import ad_utils as ad
+import backend_utils as u
+
+entity=u.readjsoninput()
+config=u.read_config('../etc/config.conf')
+ad.set_config(config)
+ad.__DEBUG__=1
+if u.is_backend_concerned(entity):
+  ad.ad_exec_script(entity,'changepassword.template',entity['payload']['uid']+  " '"+ entity['payload']['oldPassword'] + "' '"+ entity['payload']['newPassword'] +"'")
+else:
+  u.returcode(0,"not concerned")
diff --git a/src/bin/resetpwd.py b/src/bin/resetpwd.py
@@ -0,0 +1,13 @@
+import sys
+sys.path.insert(0, '../lib')
+import ad_utils as ad
+import backend_utils as u
+
+entity=u.readjsoninput()
+config=u.read_config('../etc/config.conf')
+ad.set_config(config)
+ad.__DEBUG__=1
+if u.is_backend_concerned(entity):
+  ad.ad_exec_script(entity,'resetpassword.template',entity['payload']['uid']+ " '"+ entity['payload']['newPassword']) +"'"
+else:
+  u.returcode(0,"not concerned")
diff --git a/src/bin/upsertidentity.py b/src/bin/upsertidentity.py
@@ -0,0 +1,12 @@
+import sys
+sys.path.insert(0, '../lib')
+import ad_utils as ad
+import backend_utils as u
+
+entity=u.readjsoninput()
+config=u.read_config('../etc/config.conf')
+ad.set_config(config)
+if u.is_backend_concerned(entity):
+  ad.ad_exec_script(entity,'upsertidentity.template')
+else:
+  u.returcode(0,"not concerned")
diff --git a/src/etc/config.conf.exemple b/src/etc/config.conf.exemple
@@ -0,0 +1,10 @@
+host=ad.mydomain.com
+user=administrator
+base=dc=mydomain,dc=com
+userbase=ou=peoples,dc=mydomain,dc=com
+rdnattribute=uid
+branchForEtd=ou=Etudiants
+branchForAdm=ou=Administratifs
+branchForEsn=ou=Enseignants
+branchAttr=supannTypeEntiteAffectation
+backendFor=adm,etd,esn
diff --git a/src/ps1_templates/changepassword.template b/src/ps1_templates/changepassword.template
@@ -0,0 +1,16 @@
+param (
+    [string]$user,
+    [string]$oldp,
+    [string]$newp
+)
+try{
+    Set-ADUser -Identity $user -CannotChangePassword $false
+    Set-ADAccountPassword -Identity $user -OldPassword (ConvertTo-SecureString -AsPlainText $oldp -Force) -NewPassword (ConvertTo-SecureString -AsPlainText $newp -Force)
+    Set-ADUser -Identity $user -CannotChangePassword $true
+}catch{
+    Write-Host $_
+    exit 1
+}
+Set-ADUser -Identity $user -CannotChangePassword $true
+WriteHost "Password changed"
+Exit 0
diff --git a/src/ps1_templates/resetpassword.template b/src/ps1_templates/resetpassword.template
@@ -0,0 +1,14 @@
+param (
+    [string]$user,
+    [string]$newp
+)
+try{
+    Set-ADUser -Identity $user -CannotChangePassword $false -Enabled $true
+    Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString -AsPlainText $newp -Force) -Reset
+    Set-ADUser -Identity $user -CannotChangePassword $true
+}catch{
+   Write-Host $_
+    exit 1
+}
+Set-ADUser -Identity $user -CannotChangePassword $true
+Exit 0
diff --git a/src/ps1_templates/upsertidentity.template b/src/ps1_templates/upsertidentity.template
@@ -0,0 +1,51 @@
+
+try{
+    $tab=Get-ADUser -Filter 'employeeNumber -eq "{{ e.employeeNumber }}" -and employeeType -eq "{{ e.employeeType }}"' -Properties "DistinguishedName"
+	if ($tab["DistinguishedName"] -ne "{{ dn }}"){
+	    try{
+	        $dn=$tab["DistinguishedName"]
+            move-adObject "$dn" -targetpath "{{ path }}"
+	    }catch{
+	        Write-Host $_
+            exit 1
+	    }
+	}
+	$UserExists = $true
+}
+catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException] {
+    $UserExists = $false
+} 
+if ($UserExists -eq $false){
+    $np = @{
+       Path="{{ path }}"
+       EmployeeNumber="{{ e.employeeNumber }}"
+       Name="{{ e.cn }}"
+       DisplayName="{{ e.displayName }}"
+       GivenName="{{ e.givenName }}"
+       Surname="{{ e.sn }}"
+       SamAccountName="{{ e.uid }}"
+       EmailAddress="{{ e.mail }}"
+       UserPrincipalName = "{{ e.uid }}" + '@' + "{{ domain }}"
+       Enabled=$false
+       CannotChangePassword=$true
+       ChangePasswordAtLogon = $false
+    }
+    try{
+        new-adUser @np -OtherAttributes @{ 'EmployeeType' = '{{ e.employeeType }}' }
+        Write-Host "Identity created"
+    }catch{
+        Write-Host $_
+        exit 1
+    }
+}else{
+    try{
+        $dn=$tab["DistinguishedName"]
+        $UserPrincipalName = "{{ e.uid }}" + '@' + "{{ domain }}"
+        set-adUser -Identity "$dn" -SamAccountName "{{ e.uid }}" -DisplayName "{{e.displayName}}" -GivenName "{{ e.givenName }}" -EmailAddress "{{ e.mail }}" -UserPrincipalName "$UserPrincipalName"
+        Write-Host "Identity modified"
+    }catch{
+        Write-Host $_
+        exit 1
+    }
+}
+exit 0
