E
Erick Perez - Quadrian Enterprises, S.A.
Hi,
I have a MS Windows AD domain, and have one OU with more tan 1000 users
objects. When I try to read it, I hit the 1000 limit of AD while returning
objects, so I'm asking for advice as to how to read them.
Here is my actual code, it is not the cleanest as I am learning python.
Suggestions are welcomed
Runnig this script on RedHat 5.x with "python zimbra2.py" returns:
{'info': '', 'desc': 'Size limit exceeded'}
The script:
#!/usr/bin/python
#---------------------------------------------------------------------------
-----------------------
# Variables can be changed here:
import ldap, string, os, time, sys
base = 'ou=usuarios con papel tapiz,dc=organojudicial,dc=gob,dc=pa'
scope = ldap.SCOPE_SUBTREE
ZimbraEmail = "CN=ZimbraEmail,CN=Users,DC=organojudicial,DC=gob,DC=pa"
domain = "organojudicial.gob.pa" # "example.com"
ldapserver="ancon"
port="389"
emaildomain="organojudicial.gob.pa"
ldapbinddomain="organojudicial"
ldapbind="zimbrasync"
ldappassword="xxxxxxxx"
pathtozmprov="/opt/zimbra/bin/zmprov"
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
#output the list of all accounts from zmprov gaa (get all accounts)
# this is related to the Zimbra Mail System
f = os.popen(pathtozmprov +' gaa')
zmprovgaa= []
zmprovgaa = f.readlines()
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
# Let's connect to the Windows AD Domain
l=ldap.initialize("ldap://"+ldapserver+"."+domain+":"+port)
try:
l.simple_bind_s(ldapbinddomain+"\\"+ldapbind,ldappassword)
except ldap.INVALID_CREDENTIALS:
print "Your username or password to bind to AD is incorrect."
sys.exit()
except ldap.LDAPError, e:
if type(e.message) == dict and e.message.has_key('desc'):
print e.message['desc']
else:
print e
sys.exit()
# end of connection procedure to AD
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
# If connection to AD is ok
# Lets find only enabled users in a specific OU controlled by the variable
named base
# and get the login username the first name, the last name and what groups
this
# user belongs to as well as the email field.
#userAccountControl 512 = normal , 514 = disabled account. We only want
enabled accounts
try:
res = l.search_s(base,scope, "(&(ObjectCategory=user)
(userAccountControl=512))", ['sAMAccountName','givenName','sn','memberOf',
'mail'])
for (dn, vals) in res:
samaccount = vals['sAMAccountName'][0].lower()
accountname = vals['sAMAccountName'][0].lower()
try:
alias1 = vals['mail'][0].lower()
except:
alias1 = 'none'
try:
sirname = vals['sn'][0]
except:
sirname = vals['sAMAccountName'][0]
try:
givenname = vals['givenName'][0]
except:
givenname = vals['sAMAccountName'][0]
try:
groups = vals['memberOf']
except:
groups = 'none'
# this code is not working. Python chokes.
#initial = givenname[:1].upper()
#sirname = sirname.replace(' ', )
#sirname = sirname.replace('\\', )
#sirname = sirname.replace('-', )
#sirname = sirname.capitalize()
name = givenname + " " + sirname
accountname = accountname + "@" + emaildomain
password = " \'\' "
sys.stdout.flush()
# If the Active Directory user is a member of the AD group called
ZimbraMail, we begin processing this user.
if ZimbraEmail in groups:
print "SAM ACCOUNT: " + samaccount
print "accountname: " + accountname
print "name: " + name
print "Alias de zimbra " + alias1
if accountname +"\n" not in zmprovgaa:
print accountname," exists in active directory but not in
zimbra, the account is being created\n"
time.sleep(1)
os.system(pathtozmprov +' ca %s %s displayName "%s"' %
(accountname,password,name))
print "Creando Alias"
os.system(pathtozmprov +' aaa %s %s' % (accountname,alias1))
time.sleep(1)
else:
print accountname, alias1, " user is not a member of the ZimbraMail
AD Group. Will not be processed\n"
#---------------------------------------------------------------------------
-----------------------
except ldap.LDAPError, error_message:
print error_message
l.unbind_s()
thanks all for your comments.
Erick.
I have a MS Windows AD domain, and have one OU with more tan 1000 users
objects. When I try to read it, I hit the 1000 limit of AD while returning
objects, so I'm asking for advice as to how to read them.
Here is my actual code, it is not the cleanest as I am learning python.
Suggestions are welcomed
Runnig this script on RedHat 5.x with "python zimbra2.py" returns:
{'info': '', 'desc': 'Size limit exceeded'}
The script:
#!/usr/bin/python
#---------------------------------------------------------------------------
-----------------------
# Variables can be changed here:
import ldap, string, os, time, sys
base = 'ou=usuarios con papel tapiz,dc=organojudicial,dc=gob,dc=pa'
scope = ldap.SCOPE_SUBTREE
ZimbraEmail = "CN=ZimbraEmail,CN=Users,DC=organojudicial,DC=gob,DC=pa"
domain = "organojudicial.gob.pa" # "example.com"
ldapserver="ancon"
port="389"
emaildomain="organojudicial.gob.pa"
ldapbinddomain="organojudicial"
ldapbind="zimbrasync"
ldappassword="xxxxxxxx"
pathtozmprov="/opt/zimbra/bin/zmprov"
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
#output the list of all accounts from zmprov gaa (get all accounts)
# this is related to the Zimbra Mail System
f = os.popen(pathtozmprov +' gaa')
zmprovgaa= []
zmprovgaa = f.readlines()
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
# Let's connect to the Windows AD Domain
l=ldap.initialize("ldap://"+ldapserver+"."+domain+":"+port)
try:
l.simple_bind_s(ldapbinddomain+"\\"+ldapbind,ldappassword)
except ldap.INVALID_CREDENTIALS:
print "Your username or password to bind to AD is incorrect."
sys.exit()
except ldap.LDAPError, e:
if type(e.message) == dict and e.message.has_key('desc'):
print e.message['desc']
else:
print e
sys.exit()
# end of connection procedure to AD
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
# If connection to AD is ok
# Lets find only enabled users in a specific OU controlled by the variable
named base
# and get the login username the first name, the last name and what groups
this
# user belongs to as well as the email field.
#userAccountControl 512 = normal , 514 = disabled account. We only want
enabled accounts
try:
res = l.search_s(base,scope, "(&(ObjectCategory=user)
(userAccountControl=512))", ['sAMAccountName','givenName','sn','memberOf',
'mail'])
for (dn, vals) in res:
samaccount = vals['sAMAccountName'][0].lower()
accountname = vals['sAMAccountName'][0].lower()
try:
alias1 = vals['mail'][0].lower()
except:
alias1 = 'none'
try:
sirname = vals['sn'][0]
except:
sirname = vals['sAMAccountName'][0]
try:
givenname = vals['givenName'][0]
except:
givenname = vals['sAMAccountName'][0]
try:
groups = vals['memberOf']
except:
groups = 'none'
# this code is not working. Python chokes.
#initial = givenname[:1].upper()
#sirname = sirname.replace(' ', )
#sirname = sirname.replace('\\', )
#sirname = sirname.replace('-', )
#sirname = sirname.capitalize()
name = givenname + " " + sirname
accountname = accountname + "@" + emaildomain
password = " \'\' "
sys.stdout.flush()
# If the Active Directory user is a member of the AD group called
ZimbraMail, we begin processing this user.
if ZimbraEmail in groups:
print "SAM ACCOUNT: " + samaccount
print "accountname: " + accountname
print "name: " + name
print "Alias de zimbra " + alias1
if accountname +"\n" not in zmprovgaa:
print accountname," exists in active directory but not in
zimbra, the account is being created\n"
time.sleep(1)
os.system(pathtozmprov +' ca %s %s displayName "%s"' %
(accountname,password,name))
print "Creando Alias"
os.system(pathtozmprov +' aaa %s %s' % (accountname,alias1))
time.sleep(1)
else:
print accountname, alias1, " user is not a member of the ZimbraMail
AD Group. Will not be processed\n"
#---------------------------------------------------------------------------
-----------------------
except ldap.LDAPError, error_message:
print error_message
l.unbind_s()
thanks all for your comments.
Erick.