Difference between revisions of "Cool Solution - Logon scripts via python"

Version 4.1

In this article we will explain you, how to write a logon script via python. For an example, we will generate an user.prf file for an outlook profile, so every LDAP attribute in the following can be replaced with any other Univention LDAP attribute of your choice.

Preperation

The following programs and extensions should be installed on your Windows 7 system:

• Python 2.7
• py2exe (Python Extension to execute python scripts)
• python editor of your choive (e.g PyCharm)
• python-ldap for python 2.7

Configuration file

Open an editor of your choice and add the following lines:

#!/usr/bin/env python
import os, sys, ldap

The first line is called "shebang" and is the absolute path to the python interpreter. This script execute using the interpreter specified on a first line. The second line import some python module. They are important for the following script.

The next line declares a variable "username". The username of the current logged in user will be stored in the variable "username".

username = os.getenv("USER")

LDAP initialization

The next three lines are important to grant access for the ldap search. The first line is for initialization of the ldap. For the second line it's necessary, that the user have enough credentials to search in the ldap. The third line execute an ldapsearch command with a uid filter and saved the output in a seperat variable.

con = ldap.initialize('ldap://<ip of your server>:389')
s = con.simple_bind_s("uid=<LDAP bind DN>,cn=users,dc=example,dc=com", "yourpassword")
r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username)

LDAP search filter

This line filters only for the mailPrimaryAddress.

mail_address = r[0][1]['mailPrimaryAddress'][0]

Generate an output file

The first line returns the file "template.prf" and can be only read. The second line determines where the output file user.prf should be saved. In this example, we save the file in the home directory below Documents. Make sure the template file is in the same directory as the script.

template_file = open("template.prf", "r")
final_file = open(os.environ['HOMEPATH']+"/Documents/user.prf","w")

These are the last lines for the script. This loop check every line in the template.prf file and replace all entrys called "PT_UNICODE,0x000C" with the value of the variable mail_address. Every line will be written in the "user.prf" file.

for i in template_file.readlines():
        a = i.replace("PT_UNICODE,0x000C", mail_address)
        final_file.write(a)

Result

At the end your script should be look like this:

import os, sys, ldap

username = os.getenv("USERNAME")

con = ldap.initialize('ldap://<ip of your server>:7389')
s = con.simple_bind_s("uid=<LDAP bind DN>,cn=users,dc=example,dc=com", "univention")
r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username)

mail_address = r[0][1]['mailPrimaryAddress'][0]

template_file = open("template.prf", "r")
final_file = open(os.environ['HOMEPATH']+"/Documents/user.prf","w")

for i in template_file.readlines():
        a = i.replace("PT_UNICODE,0x000C", mail_address)
        final_file.write(a)

Configure a python script as logon script

Windows 7 provides a group policy tool, named Local Group Policy Editor, which allows computer an user configuration.

Local group policy

Open that tool, expand User Configuration -> Windows Settings and open Scripts (Logon/Logoff). Open the Logon Properties and click on Show files.... Copy your script and your template.prf file in the directory. At this point every User, who logs in, get an user.prf file in their home directory beneath Documents.

Known Issues

Windows 7 64bit

It's currently not possible to install the python-ldap module on a Windows 7 64bit system, therefore the LDAP connection can not be established.

Further information

• Assign User Logon Scripts - https://technet.microsoft.com/en-us/library/cc770908.aspx
• Create a LDAP search user - http://wiki.univention.de/index.php?title=Cool_Solution_-_LDAP_search_user