ag-michael · July 16, 2019 19:58
diff --git a/ldapquery.py b/ldapquery.py
 import ldap
 import json
 import datetime
 import traceback

 conf={
 	'adurl':'ldaps://<ldapurl>',
 	'domain':"corp.local",
 	'computer_basedn':"",
 	'person_basedn':"",
 	'service_account':"svcacct",
 	'service_account_password':"password"
 }

 class ADEnrich:
 	def __init__(self,conf):
 		self.adurl=conf['adurl']
 		self.domain=conf['domain']
 		self.computer_basedn=conf['computer_basedn']
 		self.person_basedn=conf['person_basedn']
 		self.service_account=conf['service_account']
 		self.service_account_password = conf['service_account_password']


 	def getFiletime(self,dt):
 	    microseconds = dt / 10
 	    seconds, microseconds = divmod(microseconds, 1000000)
 	    days, seconds = divmod(seconds, 86400)
 	    return datetime.datetime(1601, 1, 1) + datetime.timedelta(days, seconds, microseconds)
 	
 	def parse(self,key,val):
 		bl=["mS-DS-ConsistencyGuid","protocolSettings","msExchMailboxSecurityDescriptor","msExchPoliciesIncluded","userCertificate","objectSid","msExchMailboxGuid","msDS-ExternalDirectoryObjectIdprotoco	lSettings","mS-DS-ConsistencyGuid ","objectGUID"]
 		wl={"lastLogon":"time","badPasswordTime":"time","lastLogonTimestamp":"time","pwdLastSet":"time","	ms-Mcs-AdmPwdExpirationTime":"time"}
 		if key in bl:
 			return None
 		if type(val) is str:
 			val=unicode(val)
 		if not key in wl:
 			if type(val) is list and len(val) == 1:
 				return (key,val[0])
 			elif type(val) is list:
 				return (key,','.join(val).strip(","))
 		else:
 			if wl[key] is "time":
 				return (key,format(self.getFiletime(int(val[0])), '%a, %d %B %Y %H:%M:%S %Z'))
 		return (key,val)
 	
 	def adlookup(self,subject,otype):
 		ldap_obj = ldap.initialize(self.adurl)
 		ldap_obj.protocol_version = ldap.VERSION3
 		ldap_obj.set_option(ldap.OPT_REFERRALS, 0)
 		result=ldap_obj.simple_bind_s(self.service_account+"@"+self.domain, self.service_account_password)
 		basedns=None
 		if otype=="computer":
 			basedns=self.computer_basedn.split(";")
 		elif otype=="person" or otype=="mail":
 			basedns=self.person_basedn.split(";")
 		else:
 			return

 		if result[0]== 97 and result[2]==1:
 		        #ldap bind worked
 		        results={}
 			for basedn in basedns:
 #				print ">>"+basedn
 				try:
 					m=None
 					if otype=="person":
 						m=ldap_obj.search_ext_s(basedn.strip(","),ldap.SCOPE_SUBTREE,"(SamAccountName="+subject+")")[0][1]
 					elif otype=="mail":
 						m=ldap_obj.search_ext_s(basedn.strip(","),ldap.SCOPE_SUBTREE,"(mail="+subject+")")[0][1]
 					elif otype=="computer":
 						m=ldap_obj.search_ext_s(basedn.strip(","),ldap.SCOPE_SUBTREE,"(Name="+subject+")")[0][1]
 					for i in m:
 						parsed=self.parse(i,m[i])
 						if parsed:
 							results[parsed[0]]=parsed[1]
 					break
 				except Exception as e:
 					#print(str(e))
 					#traceback.print_exc()
 					continue
 					return None
 			return results
 		return None
 import sys

 ae=ADEnrich(conf)
 print ae.adlookup(sys.argv[1],sys.argv[2])
 lines=[]
	import ldap
	import json
	import datetime
	import traceback

	conf={
	'adurl':'ldaps://<ldapurl>',
	'domain':"corp.local",
	'computer_basedn':"",
	'person_basedn':"",
	'service_account':"svcacct",
	'service_account_password':"password"
	}

	class ADEnrich:
	def __init__(self,conf):
	self.adurl=conf['adurl']
	self.domain=conf['domain']
	self.computer_basedn=conf['computer_basedn']
	self.person_basedn=conf['person_basedn']
	self.service_account=conf['service_account']
	self.service_account_password = conf['service_account_password']


	def getFiletime(self,dt):
	microseconds = dt / 10
	seconds, microseconds = divmod(microseconds, 1000000)
	days, seconds = divmod(seconds, 86400)
	return datetime.datetime(1601, 1, 1) + datetime.timedelta(days, seconds, microseconds)

	def parse(self,key,val):
	bl=["mS-DS-ConsistencyGuid","protocolSettings","msExchMailboxSecurityDescriptor","msExchPoliciesIncluded","userCertificate","objectSid","msExchMailboxGuid","msDS-ExternalDirectoryObjectIdprotoco lSettings","mS-DS-ConsistencyGuid ","objectGUID"]
	wl={"lastLogon":"time","badPasswordTime":"time","lastLogonTimestamp":"time","pwdLastSet":"time"," ms-Mcs-AdmPwdExpirationTime":"time"}
	if key in bl:
	return None
	if type(val) is str:
	val=unicode(val)
	if not key in wl:
	if type(val) is list and len(val) == 1:
	return (key,val[0])
	elif type(val) is list:
	return (key,','.join(val).strip(","))
	else:
	if wl[key] is "time":
	return (key,format(self.getFiletime(int(val[0])), '%a, %d %B %Y %H:%M:%S %Z'))
	return (key,val)

	def adlookup(self,subject,otype):
	ldap_obj = ldap.initialize(self.adurl)
	ldap_obj.protocol_version = ldap.VERSION3
	ldap_obj.set_option(ldap.OPT_REFERRALS, 0)
	result=ldap_obj.simple_bind_s(self.service_account+"@"+self.domain, self.service_account_password)
	basedns=None
	if otype=="computer":
	basedns=self.computer_basedn.split(";")
	elif otype=="person" or otype=="mail":
	basedns=self.person_basedn.split(";")
	else:
	return

	if result[0]== 97 and result[2]==1:
	#ldap bind worked
	results={}
	for basedn in basedns:
	# print ">>"+basedn
	try:
	m=None
	if otype=="person":
	m=ldap_obj.search_ext_s(basedn.strip(","),ldap.SCOPE_SUBTREE,"(SamAccountName="+subject+")")[0][1]
	elif otype=="mail":
	m=ldap_obj.search_ext_s(basedn.strip(","),ldap.SCOPE_SUBTREE,"(mail="+subject+")")[0][1]
	elif otype=="computer":
	m=ldap_obj.search_ext_s(basedn.strip(","),ldap.SCOPE_SUBTREE,"(Name="+subject+")")[0][1]
	for i in m:
	parsed=self.parse(i,m[i])
	if parsed:
	results[parsed[0]]=parsed[1]
	break
	except Exception as e:
	#print(str(e))
	#traceback.print_exc()
	continue
	return None
	return results
	return None
	import sys

	ae=ADEnrich(conf)
	print ae.adlookup(sys.argv[1],sys.argv[2])
	lines=[]