msad 0.2.0__tar.gz → 0.3.1__tar.gz

msad-0.3.1/PKG-INFO

@@ -0,0 +1,113 @@
+Metadata-Version: 2.4
+Name: msad
+Version: 0.3.1
+Summary: msad is a commandline for interacting with Active Directory
+Author-email: Matteo Redaelli <matteo.redaelli@gmail.com>
+License-Expression: GPL-3.0-or-later
+Project-URL: Homepage, https://github.com/matteoredaelli/msad
+Project-URL: Issues, https://github.com/matteoredaelli/msad/issues
+Classifier: Programming Language :: Python :: 3
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+
+# msAD
+
+
+msad is a library and command line tool for working with an Active Directory / LDAP server. It can be used for:
+- search objects (users, groups, computers,..)
+- search group members
+- add/remove members to/from AD groups using DN or sAMaccoutName
+- change AD passwords
+- check if a user is disabled or locked, group membership
+
+
+## Usage
+
+```bash
+msad --help
+```
+
+```text
+ COMMAND is one of the following:
+
+     add_member
+       Adds the user to a group (using DN or sAMAccountName)
+
+     change_password
+
+     check_user
+       Get some info about a user: is it locked? disabled? password expired?
+
+     group_flat_members
+       Extract all the (nested) members of a group
+
+     group_member
+       Check if the user is a member of a group (using DN or sAMAccountName)
+
+     group_members
+       Extract the direct members of a group
+
+     has_expired_password
+       Check is user has the expired password
+
+     has_never_expires_password
+       Check if a user has never expires password
+
+     is_disabled
+       Check if a user is disabled
+
+     is_locked
+       Check if the user is locked
+
+     remove_member
+       Remove the user from a group (using DN or sAMAccountName)
+
+     search
+
+     user_groups
+       Extract the list of groups of a user (using DN or sAMAccountName)
+
+     users
+       Find users inside AD. The filter can be the cn or userPrincipalName or samaccoutnname or mail to be searched. Can contain *
+
+```
+
+## Sample
+
+I find useful to add an alias in my ~/.bash_aliases
+
+```bash
+alias msad='/usr/local/bin/msad --host=dmc1it.group.redaelli.org --port=636 --search_base dc=group,dc=redaelli,dc=org'
+```
+
+Retreive info about a user
+
+```bash
+msad check_user matteo 90 \[qliksense_analyzer,qliksense_professional\] 2>/dev/null
+```
+
+```json
+{"is_disabled": false}
+{"is_locked": false}
+{"has_never_expires_password": false}
+{"has_expired_password": false}
+{"membership_qliksense_analyzer": false}
+{"membership_qliksense_professional": true}
+```
+
+Getting nested group members (it is a pages search, it can retreive more than 1000 users)
+
+```bash
+msad --out_format csv --attributes samaccountname,mail,sn,givenName group_flat_members "dc=group,dc=redaelli,dc=org" --group_name "qliksense_admin"
+```
+
+
+## License
+
+Copyright © 2021 2022 Matteo Redaelli
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.

msad-0.3.1/README.md

@@ -0,0 +1,100 @@
+# msAD
+
+
+msad is a library and command line tool for working with an Active Directory / LDAP server. It can be used for:
+- search objects (users, groups, computers,..)
+- search group members
+- add/remove members to/from AD groups using DN or sAMaccoutName
+- change AD passwords
+- check if a user is disabled or locked, group membership
+
+
+## Usage
+
+```bash
+msad --help
+```
+
+```text
+ COMMAND is one of the following:
+
+     add_member
+       Adds the user to a group (using DN or sAMAccountName)
+
+     change_password
+
+     check_user
+       Get some info about a user: is it locked? disabled? password expired?
+
+     group_flat_members
+       Extract all the (nested) members of a group
+
+     group_member
+       Check if the user is a member of a group (using DN or sAMAccountName)
+
+     group_members
+       Extract the direct members of a group
+
+     has_expired_password
+       Check is user has the expired password
+
+     has_never_expires_password
+       Check if a user has never expires password
+
+     is_disabled
+       Check if a user is disabled
+
+     is_locked
+       Check if the user is locked
+
+     remove_member
+       Remove the user from a group (using DN or sAMAccountName)
+
+     search
+
+     user_groups
+       Extract the list of groups of a user (using DN or sAMAccountName)
+
+     users
+       Find users inside AD. The filter can be the cn or userPrincipalName or samaccoutnname or mail to be searched. Can contain *
+
+```
+
+## Sample
+
+I find useful to add an alias in my ~/.bash_aliases
+
+```bash
+alias msad='/usr/local/bin/msad --host=dmc1it.group.redaelli.org --port=636 --search_base dc=group,dc=redaelli,dc=org'
+```
+
+Retreive info about a user
+
+```bash
+msad check_user matteo 90 \[qliksense_analyzer,qliksense_professional\] 2>/dev/null
+```
+
+```json
+{"is_disabled": false}
+{"is_locked": false}
+{"has_never_expires_password": false}
+{"has_expired_password": false}
+{"membership_qliksense_analyzer": false}
+{"membership_qliksense_professional": true}
+```
+
+Getting nested group members (it is a pages search, it can retreive more than 1000 users)
+
+```bash
+msad --out_format csv --attributes samaccountname,mail,sn,givenName group_flat_members "dc=group,dc=redaelli,dc=org" --group_name "qliksense_admin"
+```
+
+
+## License
+
+Copyright © 2021 2022 Matteo Redaelli
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.

msad-0.3.1/pyproject.toml

@@ -0,0 +1,30 @@
+[project]
+name = "msad"
+version = "0.3.1"
+authors = [
+  { name="Matteo Redaelli", email="matteo.redaelli@gmail.com" },
+]
+description = "msad is a commandline for interacting with Active Directory"
+readme = "README.md"
+requires-python = ">=3.8"
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "Operating System :: OS Independent",
+]
+license = "GPL-3.0-or-later"
+#license = {file = "LICENSE"}
+#license-file = ["LICENSE"]
+#license-expression = "*"
+
+license-files = []
+
+[project.urls]
+Homepage = "https://github.com/matteoredaelli/msad"
+Issues = "https://github.com/matteoredaelli/msad/issues"
+
+[project.scripts]
+msad = "msad:command_line"
+
+[build-system]
+requires = ["setuptools >= 78.1.0"]
+build-backend = "setuptools.build_meta"

msad-0.3.1/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

{msad-0.2.0 → msad-0.3.1/src}/msad/command_line.py

@@ -75,7 +75,8 @@ class AD:
     add/remove members to/from groups,
     change password
     check if a user is locked, disabled
-    check if a user's password is expired"""
+    check if a user's password is expired
+    ..."""
 
     def __init__(
         self,
@@ -94,7 +95,9 @@ class AD:
         try:
             self._conn = _get_connection(host, port, use_ssl, sso, user, password)
         except:
-            logging.error("Cannot loging to Active Directory. Bye")
+            logging.error(
+                f"Cannot login to Active Directory (host: {host}, port: {port}). Bye"
+            )
             sys.exit(1)
         self._attributes = attributes
         self._sep = sep
@@ -116,9 +119,9 @@ class AD:
         )
         result = list(filter(lambda e: "attributes" in e, self._conn.response))
         result = list(map(lambda e: e["attributes"], result))
-        return self.pprint(result)
+        return self._pprint(result)
 
-    def pprint(self, ldapresult):
+    def _pprint(self, ldapresult):
         if not ldapresult or self._out_format == "default":
             return ldapresult
         elif self._out_format == "json1":
@@ -142,35 +145,39 @@ class AD:
             return result
 
     def users(self, user):
-        """Search users inside AD
-        filter: is the cn or userPrincipalName or samaccoutnname or mail to be searched. Can contain *
+        """Find users inside AD. The
+        filter can be the cn or userPrincipalName or samaccoutnname or mail to be searched. Can contain *
         """
         result = msad.users(
             self._conn, self._search_base, user, attributes=self._attributes
         )
-        return self.pprint(result)
+        return self._pprint(result)
 
     def is_disabled(self, user):
         """Check if a user is disabled"""
         return msad.user.is_disabled(self._conn, self._search_base, user)
 
     def is_locked(self, user):
-        """Locked user?"""
+        """Check if the user is locked"""
         return msad.user.is_locked(self._conn, self._search_base, user)
 
+    def password_changed_in_days(self, user):
+        return msad.user.password_changed_in_days(self._conn, self._search_base, user)
+    
     def has_expired_password(self, user, max_age):
-        """user with expired password?"""
+        """Check is user has the expired password"""
         return msad.has_expired_password(self._conn, self._search_base, user, max_age)
 
     def has_never_expires_password(self, user):
-        """user with never exires password?"""
+        """Check if a user has never expires password"""
         return msad.has_never_expires_password(self._conn, self._search_base, user)
 
     def check_user(self, user, max_age, groups=[]):
-        """Get info about a user"""
+        """Get some info about a user: is it locked? disabled? password expired?"""
         return msad.check_user(self._conn, self._search_base, user, max_age, groups)
 
     def group_flat_members(self, group_name=None, group_dn=None):
+        """Extract all the (nested) members of a group"""
         result = msad.group_flat_members(
             self._conn,
             self._search_base,
@@ -179,18 +186,18 @@ class AD:
             group_dn,
             attributes=self._attributes,
         )
-        return self.pprint(result)
+        return self._pprint(result)
 
     def group_members(self, group_name=None, group_dn=None):
-        """Get members od a group"""
+        """Extract the direct members of a group"""
         if group_name is None and group_dn is None:
             logging.error("group_name or group_dn must be entered")
             return None
         result = msad.group_members(self._conn, self._search_base, group_name, group_dn)
-        return self.pprint(result)
+        return self._pprint(result)
 
     def add_member(self, group_name=None, group_dn=None, user_name=None, user_dn=None):
-        """Adding a user to a group"""
+        """Adds the user to a group (using DN or sAMAccountName)"""
         return msad.add_member(
             conn=self._conn,
             search_base=self._search_base,
@@ -201,7 +208,7 @@ class AD:
         )
 
     def user_groups(self, user_name=None, user_dn=None):
-        """groups of a user"""
+        """Extract the list of groups of a user (using DN or sAMAccountName)"""
         return msad.user.user_groups(
             self._conn, self._search_base, self._limit, user_name, user_dn
         )
@@ -209,7 +216,7 @@ class AD:
     def remove_member(
         self, group_name=None, group_dn=None, user_name=None, user_dn=None
     ):
-        """Remove a user from a group"""
+        """Remove the user from a group (using DN or sAMAccountName)"""
         return msad.remove_member(
             conn=self._conn,
             search_base=self._search_base,
@@ -222,7 +229,7 @@ class AD:
     def group_member(
         self, group_name=None, group_dn=None, user_name=None, user_dn=None
     ):
-        """group membership"""
+        """Check if the user is a member of a group (using DN or sAMAccountName)"""
         return msad.group_member(
             conn=self._conn,
             search_base=self._search_base,
@@ -234,11 +241,15 @@ class AD:
 
 
 BANNER = """
-    _    ____
-   / \  |  _ \
-  / _ \ | | | |
- / ___ \| |_| |
-/_/   \_\____/
+ __  __  ____     _     ____  
+|  \/  |/ ___|   / \   |  _ \ 
+| |\/| |\___ \  / _ \  | | | |
+| |  | | ___) |/ ___ \ | |_| |
+|_|  |_||____//_/   \_\|____/ 
+                              
+https://github.com/matteoredaelli/msad
+
+https://pypi.org/project/msad/
 
 """
 
@@ -246,6 +257,7 @@ BANNER = """
 def main():
     """main"""
     logging.basicConfig(level=os.environ.get("LOGLEVEL", "INFO"))
+    logging.info(BANNER)
     fire.Fire(AD)
 
 

{msad-0.2.0 → msad-0.3.1/src}/msad/user.py

@@ -70,24 +70,20 @@ def has_never_expires_password(conn, search_base, user):
     return True if len(result) == 1 else None
 
 
-def password_changed_in_days(conn, search_base, user):
+def password_changed_in_days(conn, search_base, user, limit=1000):
     search_filter = f"(samaccountname={user})"
     result = search(
-        conn, search_base, search_filter, limit=1, attributes=["pwdLastSet"]
+        conn, search_base, search_filter, limit=limit, attributes=["sAMAccountName","pwdLastSet"]
     )
 
     if len(result) == 0:
         return None
-    result = result[0]["pwdLastSet"]
-    logging.info(f"Password changed at {result}")
+
     now = datetime.datetime.now()
+    result = [ {"sAMAccountName": u["sAMAccountName"],
+                "days": (now - u["pwdLastSet"].replace(tzinfo=None)).days} for u in result]
 
-    if result == 0:
-        return True
-    else:
-        delta = now - result.replace(tzinfo=None)
-        days = delta.days
-        return days
+    return result
 
 
 def has_expired_password(conn, search_base, user, max_age):

msad-0.3.1/src/msad.egg-info/PKG-INFO

@@ -0,0 +1,113 @@
+Metadata-Version: 2.4
+Name: msad
+Version: 0.3.1
+Summary: msad is a commandline for interacting with Active Directory
+Author-email: Matteo Redaelli <matteo.redaelli@gmail.com>
+License-Expression: GPL-3.0-or-later
+Project-URL: Homepage, https://github.com/matteoredaelli/msad
+Project-URL: Issues, https://github.com/matteoredaelli/msad/issues
+Classifier: Programming Language :: Python :: 3
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+
+# msAD
+
+
+msad is a library and command line tool for working with an Active Directory / LDAP server. It can be used for:
+- search objects (users, groups, computers,..)
+- search group members
+- add/remove members to/from AD groups using DN or sAMaccoutName
+- change AD passwords
+- check if a user is disabled or locked, group membership
+
+
+## Usage
+
+```bash
+msad --help
+```
+
+```text
+ COMMAND is one of the following:
+
+     add_member
+       Adds the user to a group (using DN or sAMAccountName)
+
+     change_password
+
+     check_user
+       Get some info about a user: is it locked? disabled? password expired?
+
+     group_flat_members
+       Extract all the (nested) members of a group
+
+     group_member
+       Check if the user is a member of a group (using DN or sAMAccountName)
+
+     group_members
+       Extract the direct members of a group
+
+     has_expired_password
+       Check is user has the expired password
+
+     has_never_expires_password
+       Check if a user has never expires password
+
+     is_disabled
+       Check if a user is disabled
+
+     is_locked
+       Check if the user is locked
+
+     remove_member
+       Remove the user from a group (using DN or sAMAccountName)
+
+     search
+
+     user_groups
+       Extract the list of groups of a user (using DN or sAMAccountName)
+
+     users
+       Find users inside AD. The filter can be the cn or userPrincipalName or samaccoutnname or mail to be searched. Can contain *
+
+```
+
+## Sample
+
+I find useful to add an alias in my ~/.bash_aliases
+
+```bash
+alias msad='/usr/local/bin/msad --host=dmc1it.group.redaelli.org --port=636 --search_base dc=group,dc=redaelli,dc=org'
+```
+
+Retreive info about a user
+
+```bash
+msad check_user matteo 90 \[qliksense_analyzer,qliksense_professional\] 2>/dev/null
+```
+
+```json
+{"is_disabled": false}
+{"is_locked": false}
+{"has_never_expires_password": false}
+{"has_expired_password": false}
+{"membership_qliksense_analyzer": false}
+{"membership_qliksense_professional": true}
+```
+
+Getting nested group members (it is a pages search, it can retreive more than 1000 users)
+
+```bash
+msad --out_format csv --attributes samaccountname,mail,sn,givenName group_flat_members "dc=group,dc=redaelli,dc=org" --group_name "qliksense_admin"
+```
+
+
+## License
+
+Copyright © 2021 2022 Matteo Redaelli
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.

msad-0.3.1/src/msad.egg-info/SOURCES.txt

@@ -0,0 +1,14 @@
+LICENSE
+README.md
+pyproject.toml
+src/msad/__init__.py
+src/msad/ad.py
+src/msad/command_line.py
+src/msad/group.py
+src/msad/search.py
+src/msad/user.py
+src/msad.egg-info/PKG-INFO
+src/msad.egg-info/SOURCES.txt
+src/msad.egg-info/dependency_links.txt
+src/msad.egg-info/entry_points.txt
+src/msad.egg-info/top_level.txt

msad-0.3.1/src/msad.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+msad = msad:command_line

msad-0.2.0/PKG-INFO

@@ -1,64 +0,0 @@
-Metadata-Version: 2.1
-Name: msad
-Version: 0.2.0
-Summary: msad is a library and commandline for interacting with Active Directory
-Home-page: https://github.com/matteoredaelli/msad
-Author: Matteo Redaelli
-Author-email: matteo.redaelli@gmail.com
-License: GPL
-Platform: UNKNOWN
-Classifier: Programming Language :: Python :: 3
-Classifier: Operating System :: OS Independent
-Requires-Python: >=3.6
-Description-Content-Type: text/markdown
-License-File: LICENSE
-
-# msAD
-
-
-msad is a library and command line tool for working with an Active Directory / LDAP server. It can be used for:
-- search objects (users, groups, computers,..)
-- search group members
-- add/remove members to/from AD groups using DN or sAMaccoutName
-- change AD passwords
-- check if a user is disabled or locked, group membership
-
-## Install
-
-```bash
-pip install msad
-```
-
-## Usage
-
-I find useful to add an alias in my ~/.bash_aliases
-
-```bash
-alias msad='/usr/local/bin/msad --host=dmc1it.group.redaelli.org --port=636 --search_base dc=group,dc=redaelli,dc=org'
-```
-
-Retreive info about a user
-
-```bash
-msad check_user matteo 90 \[qliksense_analyzer,qliksense_professional\] 2>/dev/null
-```
-
-```json
-{"is_disabled": false}
-{"is_locked": false}
-{"has_never_expires_password": false}
-{"has_expired_password": false}
-{"membership_qliksense_analyzer": false}
-{"membership_qliksense_professional": true}
-```
-
-## License
-
-Copyright © 2021 Matteo Redaelli
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-

msad-0.2.0/README.md

@@ -1,47 +0,0 @@
-# msAD
-
-
-msad is a library and command line tool for working with an Active Directory / LDAP server. It can be used for:
-- search objects (users, groups, computers,..)
-- search group members
-- add/remove members to/from AD groups using DN or sAMaccoutName
-- change AD passwords
-- check if a user is disabled or locked, group membership
-
-## Install
-
-```bash
-pip install msad
-```
-
-## Usage
-
-I find useful to add an alias in my ~/.bash_aliases
-
-```bash
-alias msad='/usr/local/bin/msad --host=dmc1it.group.redaelli.org --port=636 --search_base dc=group,dc=redaelli,dc=org'
-```
-
-Retreive info about a user
-
-```bash
-msad check_user matteo 90 \[qliksense_analyzer,qliksense_professional\] 2>/dev/null
-```
-
-```json
-{"is_disabled": false}
-{"is_locked": false}
-{"has_never_expires_password": false}
-{"has_expired_password": false}
-{"membership_qliksense_analyzer": false}
-{"membership_qliksense_professional": true}
-```
-
-## License
-
-Copyright © 2021 Matteo Redaelli
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.

msad-0.2.0/msad.egg-info/PKG-INFO

@@ -1,64 +0,0 @@
-Metadata-Version: 2.1
-Name: msad
-Version: 0.2.0
-Summary: msad is a library and commandline for interacting with Active Directory
-Home-page: https://github.com/matteoredaelli/msad
-Author: Matteo Redaelli
-Author-email: matteo.redaelli@gmail.com
-License: GPL
-Platform: UNKNOWN
-Classifier: Programming Language :: Python :: 3
-Classifier: Operating System :: OS Independent
-Requires-Python: >=3.6
-Description-Content-Type: text/markdown
-License-File: LICENSE
-
-# msAD
-
-
-msad is a library and command line tool for working with an Active Directory / LDAP server. It can be used for:
-- search objects (users, groups, computers,..)
-- search group members
-- add/remove members to/from AD groups using DN or sAMaccoutName
-- change AD passwords
-- check if a user is disabled or locked, group membership
-
-## Install
-
-```bash
-pip install msad
-```
-
-## Usage
-
-I find useful to add an alias in my ~/.bash_aliases
-
-```bash
-alias msad='/usr/local/bin/msad --host=dmc1it.group.redaelli.org --port=636 --search_base dc=group,dc=redaelli,dc=org'
-```
-
-Retreive info about a user
-
-```bash
-msad check_user matteo 90 \[qliksense_analyzer,qliksense_professional\] 2>/dev/null
-```
-
-```json
-{"is_disabled": false}
-{"is_locked": false}
-{"has_never_expires_password": false}
-{"has_expired_password": false}
-{"membership_qliksense_analyzer": false}
-{"membership_qliksense_professional": true}
-```
-
-## License
-
-Copyright © 2021 Matteo Redaelli
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-

msad-0.2.0/msad.egg-info/SOURCES.txt

@@ -1,16 +0,0 @@
-LICENSE
-README.md
-setup.cfg
-setup.py
-msad/__init__.py
-msad/ad.py
-msad/command_line.py
-msad/group.py
-msad/search.py
-msad/user.py
-msad.egg-info/PKG-INFO
-msad.egg-info/SOURCES.txt
-msad.egg-info/dependency_links.txt
-msad.egg-info/entry_points.txt
-msad.egg-info/requires.txt
-msad.egg-info/top_level.txt

msad-0.2.0/msad.egg-info/entry_points.txt

@@ -1,3 +0,0 @@
-[console_scripts]
-msad = msad.command_line:main
-

msad-0.2.0/msad.egg-info/requires.txt

@@ -1,2 +0,0 @@
-fire
-ldap3

msad-0.2.0/setup.cfg

@@ -1,8 +0,0 @@
-[metadata]
-description-file = README.md
-license_files = LICENSE
-
-[egg_info]
-tag_build = 
-tag_date = 0
-

msad-0.2.0/setup.py

@@ -1,41 +0,0 @@
-# Copyright (c) 2021 Matteo Redaelli
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-import setuptools
-
-with open("README.md", "r") as fh:
-    long_description = fh.read()
-
-setuptools.setup(
-    name="msad",
-    version="0.2.0",
-    author="Matteo Redaelli",
-    author_email="matteo.redaelli@gmail.com",
-    description="msad is a library and commandline for interacting with Active Directory",
-    long_description=long_description,
-    long_description_content_type="text/markdown",
-    url="https://github.com/matteoredaelli/msad",
-    packages=setuptools.find_packages(),
-    license="GPL",
-    entry_points={
-        "console_scripts": ["msad=msad.command_line:main"],
-    },
-    classifiers=[
-        "Programming Language :: Python :: 3",
-        "Operating System :: OS Independent",
-    ],
-    install_requires=["ldap3", "fire"],
-    python_requires=">=3.6",
-)