From: William Brown Date: Thu, 26 Apr 2018 03:59:06 +0000 (+1000) Subject: python/samba/netcmd/group.py: add group show X-Git-Tag: ldb-1.4.0~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=289ae87c3bb81b2e1cd30a876a3b694b7264edc5;p=thirdparty%2Fsamba.git python/samba/netcmd/group.py: add group show The samba-tool user command can show the ldif of a user. This is useful for groups also, especially to determine the objectSID and objectGUID. Add support for group show to samba-tool. Signed-off-by: William Brown Reviewed-by: Andrew Bartlett Reviewed-by: Garming Sam --- diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index 72656d2d2a0..fd58b1b1941 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -610,6 +610,11 @@ Remove members from the specified AD group. + + group show <replaceable>groupname</replaceable> [options] + Show group object and it's attributes. + + ldapcmp <replaceable>URL1</replaceable> <replaceable>URL2</replaceable> <replaceable>domain|configuration|schema|dnsdomain|dnsforest</replaceable> [options] Compare two LDAP databases. diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index a4969cc6ba9..9e1e11071f4 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -26,6 +26,7 @@ from getpass import getpass from samba.auth import system_session from samba.samdb import SamDB from samba.dsdb import ( + ATYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP, GTYPE_SECURITY_GLOBAL_GROUP, @@ -500,6 +501,85 @@ class cmd_group_move(Command): self.outf.write('Moved group "%s" into "%s"\n' % (groupname, full_new_parent_dn)) +class cmd_group_show(Command): + """Display a group AD object. + +This command displays a group object and it's attributes in the Active +Directory domain. +The group name specified on the command is the sAMAccountName of the group. + +The command may be run from the root userid or another authorized userid. + +The -H or --URL= option can be used to execute the command against a remote +server. + +Example1: +samba-tool group show Group1 -H ldap://samba.samdom.example.com \ +-U administrator --password=passw1rd + +Example1 shows how to display a group's attributes in the domain against a remote +LDAP server. + +The -H parameter is used to specify the remote target server. + +Example2: +samba-tool group show Group2 + +Example2 shows how to display a group's attributes in the domain against a local +LDAP server. + +Example3: +samba-tool group show Group3 --attributes=member,objectGUID + +Example3 shows how to display a users objectGUID and member attributes. +""" + synopsis = "%prog [options]" + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", + type=str, metavar="URL", dest="H"), + Option("--attributes", + help=("Comma separated list of attributes, " + "which will be printed."), + type=str, dest="group_attrs"), + ] + + takes_args = ["groupname"] + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "credopts": options.CredentialsOptions, + "versionopts": options.VersionOptions, + } + + def run(self, groupname, credopts=None, sambaopts=None, versionopts=None, + H=None, group_attrs=None): + + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp, fallback_machine=True) + samdb = SamDB(url=H, session_info=system_session(), + credentials=creds, lp=lp) + + attrs = None + if group_attrs: + attrs = group_attrs.split(",") + + filter = ("(&(sAMAccountType=%d)(sAMAccountName=%s))" % + ( ATYPE_SECURITY_GLOBAL_GROUP, + ldb.binary_encode(groupname))) + + domaindn = samdb.domain_dn() + + try: + res = samdb.search(base=domaindn, expression=filter, + scope=ldb.SCOPE_SUBTREE, attrs=attrs) + user_dn = res[0].dn + except IndexError: + raise CommandError('Unable to find group "%s"' % (groupname)) + + for msg in res: + user_ldif = samdb.write_ldif(msg, ldb.CHANGETYPE_NONE) + self.outf.write(user_ldif) + class cmd_group(SuperCommand): """Group management.""" @@ -511,3 +591,4 @@ class cmd_group(SuperCommand): subcommands["list"] = cmd_group_list() subcommands["listmembers"] = cmd_group_list_members() subcommands["move"] = cmd_group_move() + subcommands["show"] = cmd_group_show() diff --git a/python/samba/tests/samba_tool/group.py b/python/samba/tests/samba_tool/group.py index 914b8175d15..06226717ab1 100644 --- a/python/samba/tests/samba_tool/group.py +++ b/python/samba/tests/samba_tool/group.py @@ -170,6 +170,16 @@ class GroupCmdTestCase(SambaToolCmdTest): self.assertCmdSuccess(result, out, err, "Failed to delete ou '%s'" % full_ou_dn) + def test_show(self): + """Assert that we can show a group correctly.""" + (result, out, err) = self.runsubcmd("group", "show", "Domain Users", + "-H", "ldap://%s" % os.environ["DC_SERVER"], + "-U%s%%%s" % (os.environ["DC_USERNAME"], + os.environ["DC_PASSWORD"])) + self.assertCmdSuccess(result, out, err) + self.assertEquals(err,"","Shouldn't be any error messages") + self.assertIn("dn: CN=Domain Users,CN=Users,DC=samba,DC=example,DC=com", out) + def _randomGroup(self, base={}): """create a group with random attribute values, you can specify base attributes""" group = {