Hi,
I have a MS Windows AD domain, and have one OU with more tan 1000 users
objects. When I try to read it, I hit the 1000 limit of AD while returning
objects, so I'm asking for advice as to how to read them.
Here is my actual code, it is not the cleanest as I am learning python.
Suggestions are welcomed :)
Runnig this script on RedHat 5.x with "python zimbra2.py" returns:
{'info': '', 'desc': 'Size limit exceeded'}
The script:
#!/usr/bin/python
#---------------------------------------------------------------------------
-----------------------
# Variables can be changed here:
import ldap, string, os, time, sys
base = 'ou=usuarios con papel tapiz,dc=organo judicial,dc=gob ,dc=pa'
scope = ldap.SCOPE_SUBT REE
ZimbraEmail = "CN=ZimbraEmail ,CN=Users,DC=or ganojudicial,DC =gob,DC=pa"
domain = "organojudicial .gob.pa" # "example.co m"
ldapserver="anc on"
port="389"
emaildomain="or ganojudicial.go b.pa"
ldapbinddomain= "organojudicial "
ldapbind="zimbr async"
ldappassword="x xxxxxxx"
pathtozmprov="/opt/zimbra/bin/zmprov"
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
#output the list of all accounts from zmprov gaa (get all accounts)
# this is related to the Zimbra Mail System
f = os.popen(pathto zmprov +' gaa')
zmprovgaa= []
zmprovgaa = f.readlines()
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
# Let's connect to the Windows AD Domain
l=ldap.initiali ze("ldap://"+ldapserver+". "+domain+":"+po rt)
try:
l.simple_bind_s (ldapbinddomain +"\\"+ldapbind, ldappassword)
except ldap.INVALID_CR EDENTIALS:
print "Your username or password to bind to AD is incorrect."
sys.exit()
except ldap.LDAPError, e:
if type(e.message) == dict and e.message.has_k ey('desc'):
print e.message['desc']
else:
print e
sys.exit()
# end of connection procedure to AD
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
# If connection to AD is ok
# Lets find only enabled users in a specific OU controlled by the variable
named base
# and get the login username the first name, the last name and what groups
this
# user belongs to as well as the email field.
#userAccountCon trol 512 = normal , 514 = disabled account. We only want
enabled accounts
try:
res = l.search_s(base ,scope, "(&(ObjectCateg ory=user)
(userAccountCon trol=512))", ['sAMAccountName ','givenName',' sn','memberOf',
'mail'])
for (dn, vals) in res:
samaccount = vals['sAMAccountName '][0].lower()
accountname = vals['sAMAccountName '][0].lower()
try:
alias1 = vals['mail'][0].lower()
except:
alias1 = 'none'
try:
sirname = vals['sn'][0]
except:
sirname = vals['sAMAccountName '][0]
try:
givenname = vals['givenName'][0]
except:
givenname = vals['sAMAccountName '][0]
try:
groups = vals['memberOf']
except:
groups = 'none'
# this code is not working. Python chokes.
#initial = givenname[:1].upper()
#sirname = sirname.replace (' ', )
#sirname = sirname.replace ('\\', )
#sirname = sirname.replace ('-', )
#sirname = sirname.capital ize()
name = givenname + " " + sirname
accountname = accountname + "@" + emaildomain
password = " \'\' "
sys.stdout.flus h()
# If the Active Directory user is a member of the AD group called
ZimbraMail, we begin processing this user.
if ZimbraEmail in groups:
print "SAM ACCOUNT: " + samaccount
print "accountnam e: " + accountname
print "name: " + name
print "Alias de zimbra " + alias1
if accountname +"\n" not in zmprovgaa:
print accountname," exists in active directory but not in
zimbra, the account is being created\n"
time.sleep(1)
os.system(patht ozmprov +' ca %s %s displayName "%s"' %
(accountname,pa ssword,name))
print "Creando Alias"
os.system(patht ozmprov +' aaa %s %s' % (accountname,al ias1))
time.sleep(1)
else:
print accountname, alias1, " user is not a member of the ZimbraMail
AD Group. Will not be processed\n"
#---------------------------------------------------------------------------
-----------------------
except ldap.LDAPError, error_message:
print error_message
l.unbind_s()
thanks all for your comments.
Erick.
I have a MS Windows AD domain, and have one OU with more tan 1000 users
objects. When I try to read it, I hit the 1000 limit of AD while returning
objects, so I'm asking for advice as to how to read them.
Here is my actual code, it is not the cleanest as I am learning python.
Suggestions are welcomed :)
Runnig this script on RedHat 5.x with "python zimbra2.py" returns:
{'info': '', 'desc': 'Size limit exceeded'}
The script:
#!/usr/bin/python
#---------------------------------------------------------------------------
-----------------------
# Variables can be changed here:
import ldap, string, os, time, sys
base = 'ou=usuarios con papel tapiz,dc=organo judicial,dc=gob ,dc=pa'
scope = ldap.SCOPE_SUBT REE
ZimbraEmail = "CN=ZimbraEmail ,CN=Users,DC=or ganojudicial,DC =gob,DC=pa"
domain = "organojudicial .gob.pa" # "example.co m"
ldapserver="anc on"
port="389"
emaildomain="or ganojudicial.go b.pa"
ldapbinddomain= "organojudicial "
ldapbind="zimbr async"
ldappassword="x xxxxxxx"
pathtozmprov="/opt/zimbra/bin/zmprov"
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
#output the list of all accounts from zmprov gaa (get all accounts)
# this is related to the Zimbra Mail System
f = os.popen(pathto zmprov +' gaa')
zmprovgaa= []
zmprovgaa = f.readlines()
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
# Let's connect to the Windows AD Domain
l=ldap.initiali ze("ldap://"+ldapserver+". "+domain+":"+po rt)
try:
l.simple_bind_s (ldapbinddomain +"\\"+ldapbind, ldappassword)
except ldap.INVALID_CR EDENTIALS:
print "Your username or password to bind to AD is incorrect."
sys.exit()
except ldap.LDAPError, e:
if type(e.message) == dict and e.message.has_k ey('desc'):
print e.message['desc']
else:
print e
sys.exit()
# end of connection procedure to AD
#---------------------------------------------------------------------------
-----------------------
#---------------------------------------------------------------------------
-----------------------
# If connection to AD is ok
# Lets find only enabled users in a specific OU controlled by the variable
named base
# and get the login username the first name, the last name and what groups
this
# user belongs to as well as the email field.
#userAccountCon trol 512 = normal , 514 = disabled account. We only want
enabled accounts
try:
res = l.search_s(base ,scope, "(&(ObjectCateg ory=user)
(userAccountCon trol=512))", ['sAMAccountName ','givenName',' sn','memberOf',
'mail'])
for (dn, vals) in res:
samaccount = vals['sAMAccountName '][0].lower()
accountname = vals['sAMAccountName '][0].lower()
try:
alias1 = vals['mail'][0].lower()
except:
alias1 = 'none'
try:
sirname = vals['sn'][0]
except:
sirname = vals['sAMAccountName '][0]
try:
givenname = vals['givenName'][0]
except:
givenname = vals['sAMAccountName '][0]
try:
groups = vals['memberOf']
except:
groups = 'none'
# this code is not working. Python chokes.
#initial = givenname[:1].upper()
#sirname = sirname.replace (' ', )
#sirname = sirname.replace ('\\', )
#sirname = sirname.replace ('-', )
#sirname = sirname.capital ize()
name = givenname + " " + sirname
accountname = accountname + "@" + emaildomain
password = " \'\' "
sys.stdout.flus h()
# If the Active Directory user is a member of the AD group called
ZimbraMail, we begin processing this user.
if ZimbraEmail in groups:
print "SAM ACCOUNT: " + samaccount
print "accountnam e: " + accountname
print "name: " + name
print "Alias de zimbra " + alias1
if accountname +"\n" not in zmprovgaa:
print accountname," exists in active directory but not in
zimbra, the account is being created\n"
time.sleep(1)
os.system(patht ozmprov +' ca %s %s displayName "%s"' %
(accountname,pa ssword,name))
print "Creando Alias"
os.system(patht ozmprov +' aaa %s %s' % (accountname,al ias1))
time.sleep(1)
else:
print accountname, alias1, " user is not a member of the ZimbraMail
AD Group. Will not be processed\n"
#---------------------------------------------------------------------------
-----------------------
except ldap.LDAPError, error_message:
print error_message
l.unbind_s()
thanks all for your comments.
Erick.
Comment