Reputation: 62
How to add the AD group pemission to access file(shared path access) using ldap3 or any other python library?
I want to share the example of manual efforts here.
I have already created a users and ad groups by having ldap connection binding using ldap3. I can see ldap3 supports automation for use cases like managing users and groups. But I want something different here.
Can we share file/directory by assigning permissions(Read/Write/Delete) to user/group using ldap3? If yes than How we can achieve that?
Right now I manually create the file and sharing with ad group by changing security settings manually but wanted to have pythonic way to do complete automation.
Any support in the same regards will be appriciated.
I trid to find relavent document but nothing helped really. https://ldap3.readthedocs.io/en/latest/
Upvotes: 2
Views: 91
Answers (1)
Reputation: 3040
Here's an example using ldap3 and connection to AD using SSL over TLS. There are build in methods in ldap3 to accomplish exactly what you want to do:
from ssl import CERT_REQUIRED
from ldap3 import Server, Connection, ALL, Tls
from ldap3.extend.microsoft.addMembersToGroups import ad_add_members_to_groups
from ldap3.extend.microsoft.removeMembersFromGroups import ad_remove_members_from_groups
users_dn: list[str] = ["CN=Jack Jackson,OU=FOLDER_PATH,OU=IN_YOUR_AD,DC=AD_NAME,DC=AD_EXTENSION"] # CNs of users to add AD security groups to
groups_dn: list[str] = ["CN=Security_group_name,OU=FOLDER_PATH,OU=IN_YOUR_AD,DC=AD_NAME,DC=AD_EXTENSION"] # CNs of AD security groups to add to users in users_dn list
username: str = "ad username"
password: str = "ad password"
server_uri: str = "ldaps://server.name" # ldaps = LDAP Secure
tls_config = Tls(validate=CERT_REQUIRED) # if needed
server = Server(server_uri, port=636, use_ssl=True, tls=tls_config, get_info=ALL) # this example features SSL over TLS
with Connection(server, username, password, auto_bind=True) as conn: # Create connection
conn.start_tls() # Start TLS auth
# Add groups to users
ad_add_members_to_groups(connection=conn,members_dn=users_dn,groups_dn=groups_dn,fix=True) # fix: checks for group existence and already assigned members
# Remove groups from users
ad_remove_members_from_groups(connection=conn,members_dn=users_dn,groups_dn=groups_dn,fix=True)
That's basically it. If you want to raise an error in the case that the adding/removing groups failed, you can set the raise_error to True in ad_add and ad_remove. The description says: raise_error: If the operation fails it raises an error instead of returning False
Upvotes: 0
Related Questions
- How can I install packages using pip according to the requirements.txt file from a local directory?
- How do I get the path and name of the python file that is currently executing?
- How to rename a file using Python
- How do I get the filename without the extension from a path in Python?
- How to get an absolute file path in Python
- How do I calculate the date six months from the current date using the datetime Python module?
- How to find out the number of CPUs using python
- How to get the line count of a large file cheaply in Python