libadclient - simple C++/COM/Python Active Directory manipulation class.
Version : trunk 2009-06-02
Author: Oleg Palij (mailto,xmpp:o.palij@gmail.com)
Requirements: openldap or SunLDAP (*nix), winldap32 (windows)
DESCRIPTION:
This simple C++/Python classes can be used to manipulate Active Directory from c++ or Python programs.
COM object can be used to manipulate Active Directory from other languages, we used it in Lotus script.
This module reuses some code from adtool by Mike Dawson.
This module is under slow development still.
It implements following functions:
login(uri, binddn, bindpw, search_base) - It binds to Active Directory uri (e.g. "ldap://example.org") as binddn (e.g. "administrator@example.org") identified by bindpw (e.g. "password"). Search Base for every ldap search would be search_base (e.g. "dc=example,dc=org")
groupAddUser(group, user) - It adds "user" to Active Directory "group"
groupRemoveUser(group, user) - It removes "user" from Active Directory "group"
ifDialinUser(user) - It returns True if msNPAllowDialin user attribute set to TRUE, False - otherwise
ifUserDisabled(user) - It returns True if UserAccountControl flag contain ACCOUNTDISABLE property, False - otherwise
getUserDN(user) - It returns user DN by short name
getUserDisplayName(user) - It returns string with user DisplayName property
getUsersInGroup(user) - It returns vector (list) with members of Active Directory "group"
getUserGroups(user) - It returns vector (list) with "user" group
getDialinUsers() - It returns vector (list) of all users with msNPAllowDialin = TRUE
getAllOUs() - It returns vector (list) of all organizationalUnits in search_base
getUsersInOU(OU) - It returns vector (list) of all users in OU
getOUsInOU(OU) - It returns vector (list) of all OUs in OU
getObjectAttribute(object, attribute) - It returns string with attribute of object
getObjectAttributes(object) - It returns vector of pair's (list of tuples): attribute - vector of values, with all object attributes.
getGroups() - It returns vector of strings (list of string) with all groups in Active Directory
getUsers() - It returns vector of strings (list of string) with all users in Active Directory
CreateUser(cn, container, user_short) - It creates an empty, locked "cn" user account (ACCOUNTDISABLE|NORMAL_ACCOUNT|DONT_EXPIRE_PASSWORD) in "container". If "container" does not exists it will be created.
UnLockUser(user) - It unlocks the given user (note: this can be done only on user with a password, i.e. you can not apply this function to just created with CreateUser() user. You must do setUserPassword() first).
setUserDescription(user) - It sets the description for the given user
setUserPassword(user) - It sets the password for the given user (note: it does not support non-ascii symbols in password and requiries secured LDAP connection)
setUserPhone(user, phone) - It sets the "telephoneNumber" for the given user
setUserDialinAllowed(user) - It sets the "msNPAllowDialin" for the given user to TRUE (note: "msNPAllowDialin" attribute works only in Active Directory 2000 Native Mode and above)
setUserDialinDisabled(user) - It sets the "msNPAllowDialin" for the given user to FALSE (note: "msNPAllowDialin" attribute works only in Active Directory 2000 Native Mode and above)
setUserSN(user, sn) - It sets the "sn" for the given user
setUserInitials(user, initials) - It sets the "initials" for the given user
setUserGivenName(user, givenName) - It sets the "givenName" for the given user
setUserDisplayName(user, displayName) - It sets the "displayName" for the given user
setUserRoomNumber(user, roomNum) - It sets the "physicalDeliveryOfficeName" for the given user
setUserAddress(user, streetAddress) - It sets the "streetAddress" for the given user
setUserInfo(user, info) - It sets the "info" for the given user
setUserTitle(user, title) - It sets the "title" for the given user
setUserDepartment(user, department) - It sets the "department" for the given user
setUserCompany(user, company) - It sets the "company" for the given user
CreateOU(ou) - recursively creates ou
and so on.....
Changelog:
trunk - 2009-06-02
* added SUNLDAP support (thanks to Sergey Kotov)
* added c++ function getBinaryObjectAttribute (thanks to Sergey Kotov)
* reworked python wrapper to work on amd64
* fixed bug then referrals was not disabled (with win2003 AD)
trunk - 2007-09-19
* fixed getUsers and getUsersInOU to remove computers (added &(objectCategory=person) to ldap query)
trunk - 2007-02-12
* updated python lib (added setUser*)
* added code to build libadclient as dll on WIN32 with native winldap32
* added CreateOU
* reworked CreateUser
* bugfixes
trunk - 2006-11-25
* added setUserPhone, setUserDialinAllowed, setUserDialinDisabled, setUserSN, setUserInitials, setUserGivenName, setUserDisplayName, setUserRoomNumber, setUserAddress, setUserInfo, setUserTitle, setUserDepartment, setUserCompany
* added check/support for old ldap releases
* lot of fixes/optimizations
trunk - 2006-11-19
* Added CreateUser, UnLockUser, setUserDescription, setUserPassword, getObjectAttributes, getUsers, getGroups;
* all python wrappers functions returns now real lists, tuples, etc...
trunk - 2006-10-03
* Initial version
INSTALL (*nix):
note: you must have scons installed
1. Download this tarball
2. Untar: $ tar jxvf libadclient.tar.bz2
3. $ cd libadclient
4. $ scons install (to build/install c++ library)
5. $ python setup.py install (to build/install python library)
note: step 5 depends on step 4. So if your want to upgrade python module, you should upgrade c++ library first.
INSTALL (windows):
1. Download this zip
2. Unzip
3. Open winadclient.sln in Microsoft Visual Studio 2005.
4. Build all
After that, in release forder, you will have libadclient.dll, libadclient.lib (export library) and COMadclient.dll (COM wrapper around dll), useADClient.exe (simple example how to use dll), useComADClient.exe (simple example how to use COM)
OR download binaries here
WARNING! Windows version of adclient requires windows 2000 and later, and can be used only on a domain member computer.
USAGE:
See examples folder in tarball.
LINKS:
How to view and set LDAP policy in Active Directory by using Ntdsutil.exe