31 lines
1 KiB
Python
31 lines
1 KiB
Python
|
#!/usr/bin/env python3
|
||
|
import ldap
|
||
|
import config
|
||
|
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, config.ldap_cafile)
|
||
|
l = ldap.initialize(config.ldap_server)
|
||
|
l.simple_bind_s(config.ldap_user, config.ldap_pass)
|
||
|
r = l.search_s("dc=leitstelle511,dc=net", ldap.SCOPE_SUBTREE, "(&(objectClass=posixaccount)(memberOf=cn=keymatic,ou=groups,dc=leitstelle511,dc=net))", ["sshKey", "memberOf", "mail"])
|
||
|
#r = l.search_s("dc=leitstelle511,dc=net", ldap.SCOPE_SUBTREE, config.ldap_filter, ["sshKey", "memberOf", "mail"])
|
||
|
|
||
|
def checkKey(bk):
|
||
|
try:
|
||
|
k = bk.decode()
|
||
|
kp = k.split(' ')
|
||
|
if "keymatic" in kp[-1].lower():
|
||
|
return True
|
||
|
|
||
|
except:
|
||
|
print("# Error while checking Key")
|
||
|
return False
|
||
|
|
||
|
for e in r:
|
||
|
if 'sshKey' in e[1]:
|
||
|
print("# User: {}".format(e[0]))
|
||
|
for k in e[1]['sshKey']:
|
||
|
if(checkKey(k)):
|
||
|
print(k.decode())
|
||
|
elif False:
|
||
|
print("# User: {} has no Key".format(e[0]))
|
||
|
if('mail' in e[1]):
|
||
|
print("# - MAIL: {}".format(e[1]['mail']))
|