TechQA.

How to add the AD group pemission to access file(shared path access) using ldap3 or any other python library?

31 views Asked by At

I want to share the example of manual efforts here.

I have already created a users and ad groups by having ldap connection binding using ldap3. I can see ldap3 supports automation for use cases like managing users and groups. But I want something different here.

Can we share file/directory by assigning permissions(Read/Write/Delete) to user/group using ldap3? If yes than How we can achieve that?

Right now I manually create the file and sharing with ad group by changing security settings manually but wanted to have pythonic way to do complete automation.

Any support in the same regards will be appriciated.

I trid to find relavent document but nothing helped really. https://ldap3.readthedocs.io/en/latest/

python active-directory ldap-query ldap3 activedirectorymembership
Original Q&A
1

There are 1 answers

0
Cow On

Here's an example using ldap3 and connection to AD using SSL over TLS. There are build in methods in ldap3 to accomplish exactly what you want to do:

from ssl import CERT_REQUIRED
from ldap3 import Server, Connection, ALL, Tls
from ldap3.extend.microsoft.addMembersToGroups import ad_add_members_to_groups
from ldap3.extend.microsoft.removeMembersFromGroups import ad_remove_members_from_groups


users_dn: list[str] = ["CN=Jack Jackson,OU=FOLDER_PATH,OU=IN_YOUR_AD,DC=AD_NAME,DC=AD_EXTENSION"] # CNs of users to add AD security groups to
groups_dn: list[str] = ["CN=Security_group_name,OU=FOLDER_PATH,OU=IN_YOUR_AD,DC=AD_NAME,DC=AD_EXTENSION"] # CNs of AD security groups to add to users in users_dn list
username: str = "ad username"
password: str = "ad password"
server_uri: str = "ldaps://server.name" # ldaps = LDAP Secure
tls_config = Tls(validate=CERT_REQUIRED) # if needed
server = Server(server_uri, port=636, use_ssl=True, tls=tls_config, get_info=ALL) # this example features SSL over TLS
with Connection(server, username, password, auto_bind=True) as conn: # Create connection
    conn.start_tls() # Start TLS auth
    # Add groups to users
    ad_add_members_to_groups(connection=conn,members_dn=users_dn,groups_dn=groups_dn,fix=True) # fix: checks for group existence and already assigned members
    # Remove groups from users
    ad_remove_members_from_groups(connection=conn,members_dn=users_dn,groups_dn=groups_dn,fix=True)

That's basically it. If you want to raise an error in the case that the adding/removing groups failed, you can set the raise_error to True in ad_add and ad_remove. The description says: raise_error: If the operation fails it raises an error instead of returning False

Related Questions in PYTHON

Related Questions in ACTIVE-DIRECTORY

Related Questions in LDAP-QUERY

Related Questions in LDAP3

Related Questions in ACTIVEDIRECTORYMEMBERSHIP

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions