adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

import_ldap_group_users : fallback UPN/sam@sanef.com si mail absent, inclut comptes admin sans mail

Browse Source
This commit is contained in:
Pierre & Lumière 2026-04-17 12:26:12 +00:00
parent 2a4c785535
commit 7ec7c49c34
1 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
tools/import_ldap_group_users.py
View File

@ -53,26 +53,43 @@ def fetch_group_members(cfg, group_dn):
conn = Connection(server, user=cfg["bind_dn"], password=cfg["bind_pwd"], conn = Connection(server, user=cfg["bind_dn"], password=cfg["bind_pwd"],
auto_bind=True) auto_bind=True)
# Filter LDAP : user actif, membre direct du groupe # Filter LDAP : membre direct du groupe (inclut comptes admin, meme sans mail)
search_filter = ( search_filter = (
f"(&(objectClass=user)(objectCategory=person)" f"(&(objectClass=user)(objectCategory=person)"
f"(!(userAccountControl:1.2.840.113556.1.4.803:=2))"
f"(memberOf={group_dn}))" f"(memberOf={group_dn}))"
) )
conn.search(cfg["base_dn"], search_filter, search_scope=SUBTREE, conn.search(cfg["base_dn"], search_filter, search_scope=SUBTREE,
attributes=["sAMAccountName", "displayName", "mail", attributes=["sAMAccountName", "displayName", "mail",
"distinguishedName", "userAccountControl"]) "userPrincipalName", "distinguishedName",
"userAccountControl"])
members = [] members = []
for entry in conn.entries: for entry in conn.entries:
email = str(entry.mail) if entry.mail else None sam = str(entry.sAMAccountName) if entry.sAMAccountName else None
if not email: if not sam:
print(f" [SKIP] Entry sans sAMAccountName : {entry.entry_dn}")
continue continue
# Priorite email : mail > userPrincipalName > fallback sam@sanef.com
email = None
if entry.mail and str(entry.mail).strip():
email = str(entry.mail).strip().lower()
elif entry.userPrincipalName and str(entry.userPrincipalName).strip():
email = str(entry.userPrincipalName).strip().lower()
else:
email = f"{sam.lower()}@sanef.com"
print(f" [INFO] {sam} sans mail AD, fallback : {email}")
# Verifier si compte desactive (pour info seulement)
uac = entry.userAccountControl.value if entry.userAccountControl else 0
if isinstance(uac, int) and uac & 0x2:
print(f" [WARN] {sam} compte AD DESACTIVE (UAC={uac}) — importe quand meme")
members.append({ members.append({
"username": str(entry.sAMAccountName).lower(), "username": sam.lower(),
"display_name": str(entry.displayName) if entry.displayName else str(entry.sAMAccountName), "display_name": str(entry.displayName) if entry.displayName else sam,
"email": email.lower(), "email": email,
"dn": str(entry.distinguishedName), "dn": str(entry.entry_dn),
}) })
conn.unbind() conn.unbind()
return members return members