samba - Nov 2015 - Using samba-python to query AD? Status of API?

On Thu, Nov 5, 2015 at 10:06 AM, Rowland Penny
<rowlandpenny241155 at gmail.com> wrote:
> On 05/11/15 14:59, pisymbol . wrote:
>>
>> On Wed, Nov 4, 2015 at 4:44 PM, Rowland Penny
>> <rowlandpenny241155 at gmail.com> wrote:
>>>
>>> Ah, you want to search AD with python, as in 'ldbsearch -H
>>> /usr/local/samba/private/sam.ldb' (this will dump the AD
database)
>>> You will find lots of 'examples' in the python
'samba' directory that an
>>> install of a samba DC creates, these are used by samba-tool, well
>>> actually,
>>> they are samba-tool :-)
>>
>> No, I don't want to dump the LDB, I want to query an actual Windows
DC
>> (same as 'net ads search' command).
>
> That was just an example, but why are you asking on a Samba mailing list
for
> information on howto query a windows DC??
>
> You can use ldbsearch or ldapsearch for this, or use windows tools from a
> windows machine.
Yes, I understand all that. But the 'net ads search' wrapper is a lot
nicer than the openldap clients.

But perhaps you're right, maybe OpenLDAP is indeed what I really want
and are a bit misguided by leveraging 'net ads search' stuff out of
the samba tools so heavily.

-aps

On 05/11/15 16:38, pisymbol . wrote:
> On Thu, Nov 5, 2015 at 10:06 AM, Rowland Penny
> <rowlandpenny241155 at gmail.com> wrote:
>> On 05/11/15 14:59, pisymbol . wrote:
>>> On Wed, Nov 4, 2015 at 4:44 PM, Rowland Penny
>>> <rowlandpenny241155 at gmail.com> wrote:
>>>> Ah, you want to search AD with python, as in 'ldbsearch -H
>>>> /usr/local/samba/private/sam.ldb' (this will dump the AD
database)
>>>> You will find lots of 'examples' in the python
'samba' directory that an
>>>> install of a samba DC creates, these are used by samba-tool,
well
>>>> actually,
>>>> they are samba-tool :-)
>>> No, I don't want to dump the LDB, I want to query an actual
Windows DC
>>> (same as 'net ads search' command).
>> That was just an example, but why are you asking on a Samba mailing
list for
>> information on howto query a windows DC??
>>
>> You can use ldbsearch or ldapsearch for this, or use windows tools from
a
>> windows machine.
> Yes, I understand all that. But the 'net ads search' wrapper is a
lot
> nicer than the openldap clients.
>
> But perhaps you're right, maybe OpenLDAP is indeed what I really want
> and are a bit misguided by leveraging 'net ads search' stuff out of
> the samba tools so heavily.
>
> -aps
It might help if you explained just what you are trying to achieve, you 
may be trying to re-invent the wheel.

Rowland

On Thu, Nov 5, 2015 at 11:41 AM, Rowland Penny
<rowlandpenny241155 at gmail.com> wrote:
> On 05/11/15 16:38, pisymbol . wrote:
>>
>> On Thu, Nov 5, 2015 at 10:06 AM, Rowland Penny
>> <rowlandpenny241155 at gmail.com> wrote:
>>>
>>> On 05/11/15 14:59, pisymbol . wrote:
>>>>
>>>> On Wed, Nov 4, 2015 at 4:44 PM, Rowland Penny
>>>> <rowlandpenny241155 at gmail.com> wrote:
>>>>>
>>>>> Ah, you want to search AD with python, as in 'ldbsearch
-H
>>>>> /usr/local/samba/private/sam.ldb' (this will dump the
AD database)
>>>>> You will find lots of 'examples' in the python
'samba' directory that
>>>>> an
>>>>> install of a samba DC creates, these are used by
samba-tool, well
>>>>> actually,
>>>>> they are samba-tool :-)
>>>>
>>>> No, I don't want to dump the LDB, I want to query an actual
Windows DC
>>>> (same as 'net ads search' command).
>>>
>>> That was just an example, but why are you asking on a Samba mailing
list
>>> for
>>> information on howto query a windows DC??
>>>
>>> You can use ldbsearch or ldapsearch for this, or use windows tools
from a
>>> windows machine.
>>
>> Yes, I understand all that. But the 'net ads search' wrapper is
a lot
>> nicer than the openldap clients.
>>
>> But perhaps you're right, maybe OpenLDAP is indeed what I really
want
>> and are a bit misguided by leveraging 'net ads search' stuff
out of
>> the samba tools so heavily.
>>
>> -aps
>
>
> It might help if you explained just what you are trying to achieve, you may
> be trying to re-invent the wheel.
Again, I am just trying to query an existing Windows DC. For example,
let's say I want to dump all person objects from the FOO domain. I can
setup smb.conf and kerberos on a Linux machine to act as a client (I
don't even have to join provided I have creds) so I can do something
like this:

net ads search -U Administrator at FOO objectClass=person

This of course can be accomplished using ldapsearch etc. But samba
supplies the net command which offers the same thing but includes
automatic DC detection, etc.

I thought because there was a Python netcmd class, it might include
similar functionality.

Anyway, thanks for the tips, I still have to get around and look at
the source mathias suggested previously. I may just stick with forking
it and parsing string output.

-aps