1. 技术文章
  2. Python ldap3 code to get username from SID

Python ldap3 code to get username from SID

谁说胖子不能爱 提交于 2021-01-28 04:54:41

问题


I have a SID string (e.g., "S-1-5-21-500000003-1000000000-1000000003-1001") of a user on a shared Windows server, and I need to get the related username.

I suppose that this may be achieved by: 1) Turning the SID string into byte array. 2) Using a suitable ldpa query to get the related username.

But I failed to find exact and reliable instructions of how to do it (this way or another).

I'll appreciate any useful guide, especially if it comes with demo Python (ldap3) code.

Thanks!


回答1:


You must have the SID in binary format, then try:

from ldap3 import Server, Connection, ALL
from ldap3.utils.conv import escape_bytes

s = Server('my_server', get_info=ALL)
c = Connection(s, 'my_user', 'my_password')
c.bind()

binary_sid = b'....'  # your sid must be in binary format

c.search('my_base', '(objectsid=' + escape_bytes(binary_sid) + ')', attributes=['objectsid', 'samaccountname'])
print(c.entries)

you should get the account name in c.entries[0].sAMAccountName




回答2:


def unsigned_number_to_slashed_byte_array_string(number, little_endian, digits_count):
        """
        Convert given unsigned number into a string that represents it as a sequence of bytes in given order (either little or big Endian).
        In case the total number of digits in the string is greater than given digits count, the string is left-padded with zeroes.
        Each such byte is represented by a substring that's composed of a preceding slash character followed by two (uppercase) hexadecimal digits (e.g., "\\0A").
        :param number: An unsigned non-negative integer.
        :param little_endian: A flag that says whether little Endian order is requested; otherwise, big Endian order is selected.
        :param digits_count: The total count of hexadecimal digits in the resulting possibly left-padded string, which is twice the number of bytes.
        :except ValueError: In case given number isn't a non-negative number, or given digits count isn't a positive even number.
        :return: A string that represents given number as a sequence of bytes in given order.
        """
        if number < 0: raise ValueError("{0}: Argument number must be a non-negative! ({1})".format(func_name(), number))
        if (digits_count <= 0) or ((digits_count % 2) != 0): raise ValueError("{0}: Argument digits_count must be an even positive! ({1})".format(func_name(), digits_count))

        zero_padded_hex_number_str = "{0:0{1}X}".format(number, digits_count) # Format: no leading "0x", zero-padded digits_count digits (or half digits_count bytes), uppercase hexadecimal letters.
        number_byte_array_str = ""
        byte_starter_digits_indices_list = range(len(zero_padded_hex_number_str))[::2]
        if little_endian: byte_starter_digits_indices_list = reversed(byte_starter_digits_indices_list)
        for byte_starter_digit_index in byte_starter_digits_indices_list:
            number_byte_array_str = "{0}\\{1}".format(number_byte_array_str, zero_padded_hex_number_str[byte_starter_digit_index:(byte_starter_digit_index + 2)])
        return number_byte_array_str


def sid_str_to_byte_array_str(sid_str):
    """
    :param sid_str: An active-directory SID string (e.g., "S-1-5-21-1241979920-1440912824-1533017923-1106").
    :return: A string that represents given SID string as a byte array string (e.g., "\\01\\05\\00\\00\\00\\00\\00\\05\\15\\00\\00\\00\\10\\1C\\07\\4A\\B8\\95\\E2\\55\\43\\FF\\5F\\5B").
    """
    dashes_count = sid_str.count("-")
    sid_numbers_str = sid_str[2:] # Removes the preceding "S-"
    sid_number_strings = sid_numbers_str.split("-")
    sid_numbers = [int(sid_number_string) for sid_number_string in sid_number_strings]
    sid_byte_array_str  = unsigned_number_to_slashed_byte_array_string(sid_numbers[0],       True,   2)
    sid_byte_array_str += unsigned_number_to_slashed_byte_array_string((dashes_count - 2),   True,   2)
    sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[1],       False, 12)
    sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[2],       True,   8)
    sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[3],       True,   8)
    sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[4],       True,   8)
    sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[5],       True,   8)
    return sid_byte_array_str


来源:https://stackoverflow.com/questions/34122215/python-ldap3-code-to-get-username-from-sid

标签
python
active-directory
ldap
username
sid
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!