1、指定组内,新增和删除指定用户,使用MODIFY_ADD,MODIFY_DELETE参数时候,不会报错,不管里面是否存在对应的都会执行一边。除非用户或者组不存在
from ldap3 import Server, Connection, ALL, NTLM, MODIFY_ADD, MODIFY_DELETE
# 输入域控地址,管理员账号密码
host_ip = '192.168.32.130'
admin_user = 'abcd\\administrator'
admin_password = '123.com'
# 创建server
server = Server(host=host_ip, get_info=ALL, use_ssl=True, port=636)
# 创建连接信息
conn = Connection(server, user=admin_user, password=admin_password, authentication=NTLM)
# 进行连接
conn.bind()
# 指定添加用户
user_dn = "CN=t2,OU=test,DC=abcd,DC=com"
# 指定组
group_dn = "CN=tt1,OU=test,DC=abcd,DC=com"
# 查询现有指定组内是否有用户
conn.search(group_dn, search_filter='(objectCategory=group)', attributes=['*'])
print("现有用户:", conn.entries[0].member)
# 指定用户添加到指定组内
conn.modify(group_dn, {"member": [(MODIFY_ADD, [user_dn])]})
conn.search(group_dn, search_filter='(objectCategory=group)', attributes=['*'])
print("是否成功新增用户:", conn.entries[0].member)
# 指定组内删除指定用户
conn.modify(group_dn, {"member": [(MODIFY_DELETE, [user_dn])]})
conn.search(group_dn, search_filter='(objectCategory=group)', attributes=['*'])
print("是否成功删除用户:", conn.entries[0].member)
conn.unbind()
2、人员移动组织,从test1移动到test2
from ldap3 import Server, Connection, ALL, NTLM
# 输入域控地址,管理员账号密码
host_ip = '192.168.32.130'
admin_user = 'abcd\\administrator'
admin_password = '123.com'
# 创建server
server = Server(host=host_ip, get_info=ALL, use_ssl=True, port=636)
# 创建连接信息
conn = Connection(server, user=admin_user, password=admin_password, authentication=NTLM)
# 进行连接
conn.bind()
# 设置查询范围
search_base = 'ou=test,dc=abcd,dc=com'
# 指定用户
user_dn = "CN=t1,OU=test1,OU=test,DC=abcd,DC=com"
# 指定组织单位
org_dn = "OU=test2,OU=test,DC=abcd,DC=com"
# 查看用户所在组织
conn.search(search_base, search_filter='(objectClass=user)', attributes=['*'])
print("变更前:",conn.entries[0].distinguishedName)
# 移动组织单位
conn.modify_dn(user_dn,'cn=t1',new_superior=org_dn)
# 再次查看用户所在组织
conn.search(search_base, search_filter='(objectClass=user)', attributes=['*'])
print("变更后:",conn.entries[0].distinguishedName)
# 关闭连接
conn.unbind()
3、查询部门,移动部门,前提需要 取消误删除勾选(里面有员工也是可以移动的,携带一起移动)
from ldap3 import Server, Connection, ALL, NTLM,MODIFY_REPLACE
# 输入域控地址,管理员账号密码
host_ip = '192.168.32.130'
admin_user = 'abcd\\administrator'
admin_password = '123.com'
# 创建server
server = Server(host=host_ip, get_info=ALL, use_ssl=True, port=636)
# 创建连接信息
conn = Connection(server, user=admin_user, password=admin_password, authentication=NTLM)
# 进行连接
conn.bind()
# 设置查询范围
search_base = 'ou=test,dc=abcd,dc=com'
# 指定部门
org_dn = "OU=test1,OU=test,DC=abcd,DC=com"
# 移动部门
move_org_dn = "OU=test2,OU=test,DC=abcd,DC=com"
# 查看部门所在位置
conn.search(search_base, search_filter='(objectClass=organizationalUnit)')
print("变更前:", conn.entries)
# 移动组织部门,把部门test2 移动到test1下面,前提需要取消AD域控里面的 误删除勾选
conn.modify_dn(move_org_dn,'OU=test2',new_superior=org_dn)
# 再次查看用户所在组织
conn.search(search_base, search_filter='(objectClass=organizationalUnit)')
print("变更前:", conn.entries)
# 关闭连接
conn.unbind()
4、查询组,移动组
from ldap3 import Server, Connection, ALL, NTLM,MODIFY_REPLACE
# 输入域控地址,管理员账号密码
host_ip = '192.168.32.130'
admin_user = 'abcd\\administrator'
admin_password = '123.com'
# 创建server
server = Server(host=host_ip, get_info=ALL, use_ssl=True, port=636)
# 创建连接信息
conn = Connection(server, user=admin_user, password=admin_password, authentication=NTLM)
# 进行连接
conn.bind()
# 设置查询范围
search_base = 'ou=test,dc=abcd,dc=com'
# 指定组
member_dn = "CN=tt1,OU=test,DC=abcd,DC=com"
# 移动其他部门
move_org_dn = "OU=test1,OU=test,DC=abcd,DC=com"
# 查看组所在位置
conn.search(search_base, search_filter='(objectClass=group)')
print("变更前:", conn.entries)
# 移动组到指定部门下
conn.modify_dn(member_dn,'CN=tt1',new_superior=move_org_dn)
# 再次看组所在位置
conn.search(search_base, search_filter='(objectClass=group)')
print("变更后:", conn.entries)
# 关闭连接
conn.unbind()
