Comments (3)
Jnchi
commented on August 29, 2024
/etc/libnss-aad.conf
{
"client": {
"id": "1234abcd-1234-abcd-efgh-123456abcdef",
"secret": "<url-encoded secret>"
},
"tenant": "<company>.onmicrosoft.com"
}from pam_aad.
Jnchi
commented on August 29, 2024
/etc/aad-config.json
{
"tenant" : "<company>.onmicrosoft.com",
"clientId" : "1234abcd-1234-abcd-efgh-123456abcdef",
"clientSecret" : "secret="
}/usr/local/bin/provision_users.py
import json
import logging
import os
import sys
import adal
import subprocess
import requests
# The information inside such file can be obtained via app registration.
# See https://github.com/AzureAD/azure-activedirectory-library-for-python/wiki/Register-your-application-with-Azure-Active-Directory
#
# {
# "tenant" : "rrandallaad1.onmicrosoft.com",
# "authorityHostUrl" : "https://login.microsoftonline.com",
# "clientId" : "624ac9bd-4c1c-4687-aec8-b56a8991cfb3",
# "clientSecret" : "verySecret=""
# }
config_file = (sys.argv[1] if len(sys.argv) == 2 else
os.environ.get('AAD_CONFIG_FILE'))
if config_file:
with open(config_file, 'r') as f:
parameters = f.read()
config_opts = json.loads(parameters)
else:
raise ValueError('Please provide config file with account information.')
context = adal.AuthenticationContext('https://login.microsoftonline.com/'
+ config_opts['tenant'], validate_authority=None)
token = context.acquire_token_with_client_credentials('00000002-0000-0000-c000-000000000000',
config_opts['clientId'], config_opts['clientSecret'])
headers = {"Authorization": "Bearer " + token['accessToken']}
request = 'https://graph.windows.net/' + config_opts['tenant'] + '/users'
payload = {"api-version": '1.6'}
users = requests.get(request, headers=headers, params=payload).json()
users = users['value']
for user_name in users:
nickname = user_name['mailNickname']
if(subprocess.check_output(["id", nickname], shell=True)):
subprocess.run(["useradd", "-mG", "sudo", nickname])Modified from: https://github.com/AzureAD/azure-activedirectory-library-for-python
chmod +x /usr/local/bin/provision_users.py
(crontab -l 2>/dev/null; echo "0,30 * * * * /usr/local/bin/provision_users.py") | crontab -
Source: https://stackoverflow.com/questions/4880290/how-do-i-create-a-crontab-through-a-script
NOTE: Requires the Azure Active Directory Graph API permission Directory.Read.All, which requires Admin consent
from pam_aad.
Jnchi
commented on August 29, 2024
libnss module rewritten from scratch and split out into its own repository (See: https://github.com/CyberNinjas/libnss_aad).
from pam_aad.
Related Issues (20)
- Error parsing debug flag in config file HOT 1
- Python Implementation
- Branding guidelines for applications
- Check for Group membership before sending an email
- Docker script failing in Travis
- Hardened Build System
- Secure Vulnerability Disclosure
- CII Best Practices Badge Program HOT 1
- Microsoft Authenticator for authentication
- Support for macOS HOT 1
- Push images to docker registry
- Update maintainer email address for Debian packages HOT 1
- Add a check to block certain users HOT 1
- Normalize input before comparing
- pam_aad.c:4:21: fatal error: sds/sds.h: No such file or directory HOT 5
- First login failed HOT 2
- Bintray EOL
- login issue
- is this still under maintenance ? HOT 3
- sds/sds.h: No such file or directory HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pam_aad.