Cool Solution - Logon scripts via python
From Univention Wiki
In this article we will explain you, how to write a logon script via python. For an example, we will generate an user.prf file for an outlook profile, so every LDAP attribute in the following can be replaced with any other Univention LDAP attribute of your choice.
The following programs and extensions should be installed on your Windows 7 system:
- Python 2.7
- py2exe (Python Extension to execute python scripts)
- python editor of your choive (e.g PyCharm)
- python-ldap for python 2.7
Open an editor of your choice and add the following lines:
#!/usr/bin/env python import os, sys, ldap
The first line is called "shebang" and is the absolute path to the python interpreter. This script execute using the interpreter specified on a first line. The second line import some python module. They are important for the following script.
The next line declares a variable "username". The username of the current logged in user will be stored in the variable "username".
username = os.getenv("USER")
The next three lines are important to grant access for the ldap search. The first line is for initialization of the ldap. For the second line it's necessary, that the user have enough credentials to search in the ldap. The third line execute an ldapsearch command with a uid filter and saved the output in a seperat variable.
con = ldap.initialize('ldap://<ip of your server>:389') s = con.simple_bind_s("uid=<LDAP bind DN>,cn=users,dc=example,dc=com", "yourpassword") r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username)
LDAP search filter
This line filters only for the mailPrimaryAddress.
mail_address = r['mailPrimaryAddress']
Generate an output file
The first line returns the file "template.prf" and can be only read. A template.prf file can be easily generate with the Microsoft Custom Installation Wizard. The second line determines where the output file user.prf should be saved. In this example, we save the file in the home directory below Documents. Make sure the template file is in the same directory as the script.
template_file = open("template.prf", "r") final_file = open(os.environ['HOMEPATH']+"/Documents/user.prf","w")
These are the last lines for the script. This loop check every line in the template.prf file and replace all entrys called "PT_UNICODE,0x000C" with the value of the variable mail_address. Every line will be written in the "user.prf" file.
for i in template_file.readlines(): a = i.replace("PT_UNICODE,0x000C", mail_address) final_file.write(a)
At the end your script should be look like this:
import os, sys, ldap username = os.getenv("USERNAME") con = ldap.initialize('ldap://<ip of your server>:7389') s = con.simple_bind_s("uid=<LDAP bind DN>,cn=users,dc=example,dc=com", "univention") r = con.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE, 'uid=' + username) mail_address = r['mailPrimaryAddress'] template_file = open("template.prf", "r") final_file = open(os.environ['HOMEPATH']+"/Documents/user.prf","w") for i in template_file.readlines(): a = i.replace("PT_UNICODE,0x000C", mail_address) final_file.write(a)
Configure a python script as logon scriptWindows 7 provides a group policy tool, named Local Group Policy Editor, which allows computer an user configuration.
Open that tool, expand User Configuration -> Windows Settings and open Scripts (Logon/Logoff). Open the Logon Properties and click on Show files.... Copy your script and your template.prf file in the directory. At this point every User, who logs in, get an user.prf file in their home directory beneath Documents.
Windows 7 64bit
It's currently not possible to install the python-ldap module on a Windows 7 64bit system, therefore the LDAP connection can not be established.
- Assign User Logon Scripts - https://technet.microsoft.com/en-us/library/cc770908.aspx
- Create a LDAP search user - http://wiki.univention.de/index.php?title=Cool_Solution_-_LDAP_search_user
- Microsoft Custom Installation Wizard - https://technet.microsoft.com/en-us/library/cc764476(v=office.12).aspx