LDAP-Funktionen über gctools ldap

gctools.py

@@ -4,6 +4,7 @@ import backup
 import c7
 import c11
 import db
+import ldap
 import misc2
 import status
 import xls
@@ -26,6 +27,7 @@ app.add_typer(db.app, name="db")
 app.add_typer(misc2.app, name="misc")
 app.add_typer(xls.app, name="excel")
 app.add_typer(status.app, name="status")
+app.add_typer(ldap.app, name="ldap")
 
 
 if __name__ == "__main__":

ldap.py

@@ -0,0 +1,30 @@
+import typer
+
+import config
+from misc import apache_ldap
+
+app = typer.Typer()
+cfg = config.Config()
+
+
+@app.command()
+def backup():
+    cred = cfg.cognos11.credentials
+    apache_ldap.ldap_backup(cred.username, cred.password, f"{cfg.cognos11.config_dir}\\apacheds_backup.ldif")
+
+
+@app.command()
+def restore(backup_file: str):
+    cred = cfg.cognos11.credentials
+    apache_ldap.restore_ldap(cred.username, cred.password, backup_file)
+
+
+@app.command()
+def admin_password(old_password: str, new_password: str) -> bool:
+    return apache_ldap.ldap_change_admin_password(old_password, new_password)
+
+
+@app.command()
+def create_user(new_username: str, new_password: str) -> bool:
+    cred = cfg.cognos11.credentials
+    return apache_ldap.ldap_create_user(cred.username, cred.password, new_username, new_password, "")

misc/apache_ldap.py

@@ -71,6 +71,37 @@ def ldap_restore(username: str, password: str, backup_file: str):
     conn.unbind()
 
 
+def ldap_create_user(admin_username: str, admin_password: str, new_username: str, new_password: str, email: str):
+    conn = ldap_connect(admin_username, admin_password)
+    if not conn:
+        return False
+
+    user_dn = f"uid={new_username},{LDAP_BASE_DN}"
+    ssha_password = create_ssha_password(new_password)
+    attributes = {
+        "objectClass": ["top", "person", "organizationalPerson", "inetOrgPerson"],
+        "sn": new_username,
+        "cn": new_username,
+        "uid": new_username,
+        "userPassword": ssha_password,
+        "mail": email,
+    }
+
+    if conn.search(user_dn, "(objectClass=*)", search_scope=ldap3.BASE):
+        print(f"Benutzer {new_username} existiert bereits.")
+        conn.unbind()
+        return False
+
+    if not conn.add(user_dn, attributes=attributes):
+        print(f"Fehler beim Erstellen des Benutzers {new_username}: {conn.result}")
+        conn.unbind()
+        return False
+
+    print(f"Benutzer {new_username} erfolgreich erstellt.")
+    conn.unbind()
+    return True
+
+
 def ldap_change_admin_password(old_password: str, new_password: str):
     admin_user = "uid=admin,ou=system"
     conn = ldap_connect(admin_user, old_password)