msad 0.4.0__py3-none-any.whl → 0.4.1__py3-none-any.whl

msad/user.py

@@ -20,11 +20,11 @@ import logging
 import getpass
 import ldap3
 import datetime
-from .search import get_dn, search
-from .group import *
+from .search import disabled_users, get_dn, search, locked_users, never_expires_password
+from .group import group_member
 
 
-def _enter_password(text):
+def _enter_password(text: str):
     try:
         p = getpass.getpass(text)
     except Exception as error:
@@ -34,7 +34,7 @@ def _enter_password(text):
         return p
 
 
-def change_password(conn, search_base, user):
+def change_password(conn, search_base: str, user: str):
     user_dn = get_dn(conn, search_base, user)
 
     if not user_dn:
@@ -47,7 +47,7 @@ def change_password(conn, search_base, user):
         conn.extend.microsoft.modify_password(user_dn, newpwd, oldpwd)
 
 
-def is_disabled(conn, search_base, user):
+def is_disabled(conn, search_base: str, user: str):
     result = disabled_users(
         conn, search_base, f"(samaccountname={user})", limit=1, attributes=None
     )
@@ -55,37 +55,21 @@ def is_disabled(conn, search_base, user):
     return True if len(result) == 1 else None
 
 
-def is_locked(conn, search_base, user):
+def is_locked(conn, search_base: str, user: str):
     result = locked_users(
         conn, search_base, f"(samaccountname={user})", limit=1, attributes=None
     )
     return True if len(result) == 1 else None
 
 
-def has_never_expires_password(conn, search_base, user):
+def has_never_expires_password(conn, search_base: str, user: str):
     result = never_expires_password(
         conn, search_base, f"(samaccountname={user})", limit=1, attributes=None
     )
     return True if len(result) == 1 else None
 
 
-def password_changed_in_days(conn, search_base, user, limit=1000):
-    search_filter = f"(samaccountname={user})"
-    result = search(
-        conn, search_base, search_filter, limit=limit, attributes=["sAMAccountName","pwdLastSet"]
-    )
-
-    if len(result) == 0:
-        return None
-
-    now = datetime.datetime.now()
-    result = [ {"sAMAccountName": u["sAMAccountName"],
-                "days": (now - u["pwdLastSet"].replace(tzinfo=None)).days} for u in result]
-
-    return result
-
-
-def has_expired_password(conn, search_base, user, max_age):
+def password_changed_in_days(conn, search_base: str, user: str, limit: int = 2000, max_age: int):
     #    return search(conn, search_base, search_filter, attributes=attributes)
     search_filter = f"(samaccountname={user})"
     result = search(
@@ -106,7 +90,7 @@ def has_expired_password(conn, search_base, user, max_age):
         return True if days > max_age else False
 
 
-def check_user(conn, search_base, user, max_age, groups=[]):
+def check_user(conn, search_base:str, user:str, max_age:int, groups=[]):
     # result = {}
     yield ({"is_disabled": is_disabled(conn, search_base, user)})
     yield ({"is_locked": is_locked(conn, search_base, user)})
@@ -127,13 +111,13 @@ def check_user(conn, search_base, user, max_age, groups=[]):
         yield (
             {
                 f"membership_{group}": group_member(
-                    conn, search_base, group_name=group, user_name=user
+                    conn, search_base, group=group, user=user
                 )
             }
         )
 
 
-def user_groups(conn, search_base, limit, user, nested=True):
+def user_groups(conn, search_base:str , limit: int, user: str, nested: bool =True):
     """retrieve all groups (also nested) of a user"""
 
     user_dn = get_dn(conn, search_base, user)

{msad-0.4.0.dist-info → msad-0.4.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: msad
-Version: 0.4.0
+Version: 0.4.1
 Summary: msad is a commandline for interacting with Active Directory
 Project-URL: Homepage, https://github.com/matteoredaelli/msad
 Project-URL: Issues, https://github.com/matteoredaelli/msad/issues
@@ -9,7 +9,7 @@ License-Expression: GPL-3.0-or-later
 License-File: LICENSE
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
-Requires-Python: >=3.9
+Requires-Python: >=3.11
 Requires-Dist: cryptography
 Requires-Dist: gssapi
 Requires-Dist: ldap3
@@ -24,21 +24,22 @@ It supports authentication with user/pwd and kerberos
 
 It supports paginations: it can retreive more than 2000 objects (a limit of AD)
 
-It can be used for:
-- search objects (users, groups, computers,..)
-- search (recursively) group memberships and all user's groups
-- add/remove members to/from AD groups using DN or sAMaccoutName
-- change AD passwords
-- check if a user is disabled or locked, group membership
+Features:
+
+- [X] search objects (users, groups, computers,..)
+- [X] search (recursively) group memberships and all user's groups
+- [X] add/remove members to/from AD groups using DN or sAMaccoutName
+- [X] change AD passwords
+- [ ] check if a user is disabled or locked
 
 ## Prerequisites
 
-python >= 3.9
+python >= 3.11
 
 For kerboros auth
 
   - krb5 lib and tools (like kinit, ...)
-  - a keytab file or 
+  - a keytab file or krb5.conf configured 
   
 ## Installation
 
@@ -46,7 +47,7 @@ For kerboros auth
 pipx install msad
 ```
 
-## COnfiguration
+## Configuration
 
 Create a configuration file in $HOME/.msad.toml as suggested by
 
@@ -54,7 +55,6 @@ Create a configuration file in $HOME/.msad.toml as suggested by
 msad get-sample-config
 ```
 
-
 ## Usage
 
 
@@ -65,19 +65,16 @@ python -m msad --help
 
 ```
 
-
 For kerberos authentication, first you need to login to AD / get a ticket kerberos with
 
 ```bash
-kinit youraduser
+kinit # or kinit myaduser 
 ```
 
-
-
 ```text
-msad search "(samaccountname=matteo)"  --out-format=json
+msad search "(samaccountname=matteo)"  --out-format=json # show all attributes
 
-msad search "(cn=redaelli*)" --attribute mail --attribute samaccountname --out-format=json
+msad search "(cn=redaelli*)" --attributes mail --attributes samaccountname --out-format=json
 
 msad group-members qlik_analyzer_users --nested
 
@@ -89,10 +86,6 @@ msad user-groups matteo --nested
 
 ```
 
-## Sample
-
-
-
 ## License
 
 Copyright © 2021 - 2025 Matteo Redaelli

{msad-0.4.0.dist-info → msad-0.4.1.dist-info}/RECORD

@@ -4,9 +4,9 @@ msad/ad.py,sha256=C3dknAgRY6Jnotk0RgPSye7uzNxUd-7B3oGloGR674E,5679
 msad/group.py,sha256=3HNpXfYK4yXxDNsXn72JOZSMEwjj0kMiDvVBca1oVuI,2510
 msad/main.py,sha256=5wBSPOZPkOnYfe-gow1YFt65FpawJooZ3eOKp_RFP0A,10573
 msad/search.py,sha256=j8PedOZVf7eFBG34ZfHoVEfEPbYE0nOtznKTLwu48Eg,3476
-msad/user.py,sha256=k9INOsuSekCB4w0EYYrcgPQChvOfawIzLYv7h37-DXM,4557
-msad-0.4.0.dist-info/METADATA,sha256=KL37POSU35W_FjShUlAU8Qf48EVUpGwPkCbWMUmQ5T0,2288
-msad-0.4.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-msad-0.4.0.dist-info/entry_points.txt,sha256=UKSjeppC0YX2dfybmBfxLXCqF_HMZFfPX1MRw88rtpI,39
-msad-0.4.0.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-msad-0.4.0.dist-info/RECORD,,
+msad/user.py,sha256=MWv-U8_FYP-dsuzQQjKP1T-IToP-kz4VBbX1W6QLliY,4241
+msad-0.4.1.dist-info/METADATA,sha256=jL7RkMs6fhK5DXxwDwp-SCUgKlsYFg3n7lbMkQLDoqQ,2321
+msad-0.4.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+msad-0.4.1.dist-info/entry_points.txt,sha256=UKSjeppC0YX2dfybmBfxLXCqF_HMZFfPX1MRw88rtpI,39
+msad-0.4.1.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+msad-0.4.1.dist-info/RECORD,,