Difference between revisions of "Cool Solution - Logon scripts via python"

From Univention Wiki

Jump to: navigation, search
Line 3: Line 3:
 
{{Review-Status}}
 
{{Review-Status}}
  
In this article we will explain you, how to write a logon script via python, for an outlook profile (.prf in short).
+
In this article we will explain you, how to write a logon script via python.
 +
For an example, we will generate an user.prf file for an outlook profile, so every LDAP attribute in the following can be replaced with any other Univention LDAP attribute of your choice.
  
 
{{TOC}}
 
{{TOC}}
 +
 +
== Preperation ==
 +
 +
The following programs and extensions should be installed on your Windows 7 system:
 +
 +
* Python 2.7
 +
* py2exe (Python Extension to execute python scripts)
 +
* python editor of your choive (e.g PyCharm)
 +
* python-ldap for python 2.7
  
 
== Configuration file ==
 
== Configuration file ==
Line 20: Line 30:
 
username = os.getenv("USER")
 
username = os.getenv("USER")
 
</pre>
 
</pre>
 
+
== LDAP initialization ==
 
The next three lines are important to grant access for the ldap search. The first line is for initialization of the ldap. For the second line it's necessary, that the user have enough credentials to search in the ldap.
 
The next three lines are important to grant access for the ldap search. The first line is for initialization of the ldap. For the second line it's necessary, that the user have enough credentials to search in the ldap.
 
The third line execute an ldapsearch command with a uid filter and saved the output in a seperat variable.
 
The third line execute an ldapsearch command with a uid filter and saved the output in a seperat variable.
 
<pre>
 
<pre>
 
con = ldap.initialize('ldap://<ip of your server>:389')
 
con = ldap.initialize('ldap://<ip of your server>:389')
s = con.simple_bind_s("uid=Administrator,cn=users,dc=example,dc=com", "yourpassword")
+
s = con.simple_bind_s("uid=<LDAP bind DN>,cn=users,dc=example,dc=com", "yourpassword")
 
r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username)
 
r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username)
 
</pre>
 
</pre>
  
 +
== LDAP search filter ==
 
This line filters only for the mailPrimaryAddress.
 
This line filters only for the mailPrimaryAddress.
 
<pre>
 
<pre>
Line 34: Line 45:
 
</pre>
 
</pre>
  
The first line returns the file "template.prf" and can be only read. The second line returns the file "users.prf" for only writing (this file will be automatically create if not exist).
+
== Generate an output file ==
 +
The first line returns the file "template.prf" and can be only read.  
 +
The second line determines where the output file user.prf should be saved.
 +
In this example, we save the file in the home directory below Documents.
 +
Make sure the template file is in the same directory as the script.
 
<pre>
 
<pre>
 
template_file = open("template.prf", "r")
 
template_file = open("template.prf", "r")
final_file = open("user.prf","w")
+
final_file = open(os.environ['HOMEPATH']+"/Documents/user.prf","w")
 
</pre>
 
</pre>
 +
  
 
These are the last lines for the script. This loop check every line in the template.prf file and replace all entrys called "PT_UNICODE,0x000C" with the value of the variable mail_address. Every line will be written in the "user.prf" file.
 
These are the last lines for the script. This loop check every line in the template.prf file and replace all entrys called "PT_UNICODE,0x000C" with the value of the variable mail_address. Every line will be written in the "user.prf" file.
Line 46: Line 62:
 
         final_file.write(a)
 
         final_file.write(a)
 
</pre>
 
</pre>
 +
 +
== Result ==
  
 
At the end your script should be look like this:
 
At the end your script should be look like this:
 
<pre>
 
<pre>
#!/usr/bin/env python
 
 
import os, sys, ldap
 
import os, sys, ldap
  
username = os.getenv("USER")
+
username = os.getenv("USERNAME")
  
con = ldap.initialize('ldap://<ip of your server>:389')
+
con = ldap.initialize('ldap://<ip of your server>:7389')
s = con.simple_bind_s("uid=Administrator,cn=users,dc=example,dc=com", "yourpassword")
+
s = con.simple_bind_s("uid=<LDAP bind DN>,cn=users,dc=example,dc=com", "univention")
 
r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username)
 
r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username)
 +
 
mail_address = r[0][1]['mailPrimaryAddress'][0]
 
mail_address = r[0][1]['mailPrimaryAddress'][0]
 +
 
template_file = open("template.prf", "r")
 
template_file = open("template.prf", "r")
final_file = open("user.prf","w")
+
final_file = open(os.environ['HOMEPATH']+"/Documents/user.prf","w")
  
 
for i in template_file.readlines():
 
for i in template_file.readlines():
Line 65: Line 84:
 
         final_file.write(a)
 
         final_file.write(a)
 
</pre>
 
</pre>
 +
 +
== Configure a python script as logon script ==
 +
 +
Windows 7 provides a group policy tool, named Local Group Policy Editor, which allows computer an user configuration. [[File:Local group policy.png|250px|thumb|right| Local group policy]]
 +
Open that tool, expand '''User Configuration''' -> '''Windows Settings''' and open '''Scripts (Logon/Logoff)'''. Open the '''Logon Properties''' and click on '''Show files...'''. Copy your script and your template.prf file in the directory. At this point every User, who logs in, get an user.prf file in their home directory beneath Documents.
 +
 +
 +
== Known Issues ==
 +
=== Windows 7 64bit ===
 +
It's currently not possible to install the python-ldap module on a Windows 7 64bit system, therefore the LDAP connection can not be established.
 +
 +
== Further information ==
 +
 +
Assign User Logon Scripts - https://technet.microsoft.com/en-us/library/cc770908.aspx
 +
Create a LDAP search user - http://wiki.univention.de/index.php?title=Cool_Solution_-_LDAP_search_user
 +
 +
 +
[[Category:EN]][[Category:Howtos]]

Revision as of 12:02, 4 January 2017

Produktlogo UCS Version 4.1

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.
Note: This article is not yet reviewed.


In this article we will explain you, how to write a logon script via python. For an example, we will generate an user.prf file for an outlook profile, so every LDAP attribute in the following can be replaced with any other Univention LDAP attribute of your choice.

Preperation

The following programs and extensions should be installed on your Windows 7 system:

  • Python 2.7
  • py2exe (Python Extension to execute python scripts)
  • python editor of your choive (e.g PyCharm)
  • python-ldap for python 2.7

Configuration file

Open an editor of your choice and add the following lines:

#!/usr/bin/env python
import os, sys, ldap

The first line is called "shebang" and is the absolute path to the python interpreter. This script execute using the interpreter specified on a first line. The second line import some python module. They are important for the following script.

The next line declares a variable "username". The username of the current logged in user will be stored in the variable "username".

username = os.getenv("USER")

LDAP initialization

The next three lines are important to grant access for the ldap search. The first line is for initialization of the ldap. For the second line it's necessary, that the user have enough credentials to search in the ldap. The third line execute an ldapsearch command with a uid filter and saved the output in a seperat variable.

con = ldap.initialize('ldap://<ip of your server>:389')
s = con.simple_bind_s("uid=<LDAP bind DN>,cn=users,dc=example,dc=com", "yourpassword")
r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username)

LDAP search filter

This line filters only for the mailPrimaryAddress.

mail_address = r[0][1]['mailPrimaryAddress'][0]

Generate an output file

The first line returns the file "template.prf" and can be only read. The second line determines where the output file user.prf should be saved. In this example, we save the file in the home directory below Documents. Make sure the template file is in the same directory as the script.

template_file = open("template.prf", "r")
final_file = open(os.environ['HOMEPATH']+"/Documents/user.prf","w")


These are the last lines for the script. This loop check every line in the template.prf file and replace all entrys called "PT_UNICODE,0x000C" with the value of the variable mail_address. Every line will be written in the "user.prf" file.

for i in template_file.readlines():
        a = i.replace("PT_UNICODE,0x000C", mail_address)
        final_file.write(a)

Result

At the end your script should be look like this:

import os, sys, ldap

username = os.getenv("USERNAME")

con = ldap.initialize('ldap://<ip of your server>:7389')
s = con.simple_bind_s("uid=<LDAP bind DN>,cn=users,dc=example,dc=com", "univention")
r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username)

mail_address = r[0][1]['mailPrimaryAddress'][0]

template_file = open("template.prf", "r")
final_file = open(os.environ['HOMEPATH']+"/Documents/user.prf","w")

for i in template_file.readlines():
        a = i.replace("PT_UNICODE,0x000C", mail_address)
        final_file.write(a)

Configure a python script as logon script

Windows 7 provides a group policy tool, named Local Group Policy Editor, which allows computer an user configuration.

Local group policy

Open that tool, expand User Configuration -> Windows Settings and open Scripts (Logon/Logoff). Open the Logon Properties and click on Show files.... Copy your script and your template.prf file in the directory. At this point every User, who logs in, get an user.prf file in their home directory beneath Documents.


Known Issues

Windows 7 64bit

It's currently not possible to install the python-ldap module on a Windows 7 64bit system, therefore the LDAP connection can not be established.

Further information

Assign User Logon Scripts - https://technet.microsoft.com/en-us/library/cc770908.aspx Create a LDAP search user - http://wiki.univention.de/index.php?title=Cool_Solution_-_LDAP_search_user

Personal tools