Difference between revisions of "Cool Solution - Logon scripts via python"
From Univention Wiki
Line 97: | Line 97: | ||
== Further information == | == Further information == | ||
− | Assign User Logon Scripts - https://technet.microsoft.com/en-us/library/cc770908.aspx | + | * Assign User Logon Scripts - https://technet.microsoft.com/en-us/library/cc770908.aspx |
− | Create a LDAP search user - http://wiki.univention.de/index.php?title=Cool_Solution_-_LDAP_search_user | + | * Create a LDAP search user - http://wiki.univention.de/index.php?title=Cool_Solution_-_LDAP_search_user |
[[Category:EN]][[Category:Howtos]] | [[Category:EN]][[Category:Howtos]] |
Revision as of 12:03, 4 January 2017
Note: Cool Solutions are articles documenting additional functionality based on Univention products.
Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.
In this article we will explain you, how to write a logon script via python.
For an example, we will generate an user.prf file for an outlook profile, so every LDAP attribute in the following can be replaced with any other Univention LDAP attribute of your choice.
Preperation
The following programs and extensions should be installed on your Windows 7 system:
- Python 2.7
- py2exe (Python Extension to execute python scripts)
- python editor of your choive (e.g PyCharm)
- python-ldap for python 2.7
Configuration file
Open an editor of your choice and add the following lines:
#!/usr/bin/env python import os, sys, ldap
The first line is called "shebang" and is the absolute path to the python interpreter. This script execute using the interpreter specified on a first line. The second line import some python module. They are important for the following script.
The next line declares a variable "username". The username of the current logged in user will be stored in the variable "username".
username = os.getenv("USER")
LDAP initialization
The next three lines are important to grant access for the ldap search. The first line is for initialization of the ldap. For the second line it's necessary, that the user have enough credentials to search in the ldap. The third line execute an ldapsearch command with a uid filter and saved the output in a seperat variable.
con = ldap.initialize('ldap://<ip of your server>:389') s = con.simple_bind_s("uid=<LDAP bind DN>,cn=users,dc=example,dc=com", "yourpassword") r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username)
LDAP search filter
This line filters only for the mailPrimaryAddress.
mail_address = r[0][1]['mailPrimaryAddress'][0]
Generate an output file
The first line returns the file "template.prf" and can be only read. The second line determines where the output file user.prf should be saved. In this example, we save the file in the home directory below Documents. Make sure the template file is in the same directory as the script.
template_file = open("template.prf", "r") final_file = open(os.environ['HOMEPATH']+"/Documents/user.prf","w")
These are the last lines for the script. This loop check every line in the template.prf file and replace all entrys called "PT_UNICODE,0x000C" with the value of the variable mail_address. Every line will be written in the "user.prf" file.
for i in template_file.readlines(): a = i.replace("PT_UNICODE,0x000C", mail_address) final_file.write(a)
Result
At the end your script should be look like this:
import os, sys, ldap username = os.getenv("USERNAME") con = ldap.initialize('ldap://<ip of your server>:7389') s = con.simple_bind_s("uid=<LDAP bind DN>,cn=users,dc=example,dc=com", "univention") r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username) mail_address = r[0][1]['mailPrimaryAddress'][0] template_file = open("template.prf", "r") final_file = open(os.environ['HOMEPATH']+"/Documents/user.prf","w") for i in template_file.readlines(): a = i.replace("PT_UNICODE,0x000C", mail_address) final_file.write(a)
Configure a python script as logon script
Windows 7 provides a group policy tool, named Local Group Policy Editor, which allows computer an user configuration.
Open that tool, expand User Configuration -> Windows Settings and open Scripts (Logon/Logoff). Open the Logon Properties and click on Show files.... Copy your script and your template.prf file in the directory. At this point every User, who logs in, get an user.prf file in their home directory beneath Documents.
Known Issues
Windows 7 64bit
It's currently not possible to install the python-ldap module on a Windows 7 64bit system, therefore the LDAP connection can not be established.
Further information
- Assign User Logon Scripts - https://technet.microsoft.com/en-us/library/cc770908.aspx
- Create a LDAP search user - http://wiki.univention.de/index.php?title=Cool_Solution_-_LDAP_search_user