Searching Your Corporate LDAP/AD with python

There are a ton of examples out there on how to utilize ldap in python. I recently worked on a simple project which required active directory authentication using ldap. The following is simple script I’ve used hundreds of times.


#!/usr/bin/env python
#binds to ldap, queries for a specific AD account

import ldap

def Search(server,port, auth_user, auth_pass, ldap_user,attrs):

#base_dn should reflect your domain
base_dn="dc=yourcompanydomain,dc=com"
found_results=""

l = ldap.initialize('ldap://%s:%s' % (server, port) )
l.simple_bind_s(auth_user, auth_pass)
try:
search_result= l.search(base_dn,ldap.SCOPE_SUBTREE,'sAMAccountName='+ldap_user,attrs)
result_set =[]
while 1:
result_type, result_data = l.result(search_result,0)
if (result_data ==[]):
break
else:
if result_type == ldap.RES_SEARCH_ENTRY:
result_set.append(result_data)

print len(result_set)
for line in result_set:
print line
except ldap.LDAPError, e:
print e

results = Search("192.168.5.10",3268,"akonkol@yourcompanydomain.com","mysecretpassword","akonkol",['givenName','sn','mail'])

This will return the attributes you supplied (givenName, sn, mail)

Continue reading » · Rating: · Written on: 11-18-09 · No Comments »

Useful Commands for Proxy Migration

Recently I took on a project to migrate “difficult” users from our proxy-based firewalls to use default route towards packet filters.  Since we do not force users to authenticate for dhcp / keep track of IP assignments to users, it was very difficult to contact the remaining users going through our proxies.  The first step to identify hosts going through our proxy firewalls is to get a list of IP addresses, which I did with the following command  on the proxy firewalls:

tcpdump -qni em1 not src host 192.168.5.2 | awk ‘{print $2}’ | awk -F. ‘{print $1″.”$2″.”$3″.”$4}’ >> ~/hosts-through-proxy.txt

Explanation:

tcpdump -qni tells tcpdump to operate in “quiet” mode which really strips off a lot of extraneous info for our purposes.   The n flag also tells tcpdump to not resolve hostnames.

em1 This is your inside (internal) interface

192.168.5.2 This is the IP address on your internal interface, and tells tcpdump to ignore traffic coming from this IP address.

awk ‘{print $2}’ This prints the source ip field

awk -F. ‘{print $1″.”$2″.”$3″.”$4}’ This breaks up the souce ip text by periods, then prints the all the octets minus the port that tcpdump adds on

>> ~/hosts-through-proxy.txt This obviously writes the output to a file

After letting this run for a decent amount of time (a few days) I was able to run the file through uniq and produce a list of hosts using the firewall.

I will continue to post commands/workflows I find useful in this project.

Continue reading » · Rating: · Written on: 11-10-09 · No Comments »