GNU-ADMW is an Active Directory Management Web in a GNU GENERAL PUBLIC LICENSE
This project is a Web Interface for Active Directory made using Django (https://www.djangoproject.com/) and ms_active_directory (https://ms-active-directory.readthedocs.io/) focusing on ease of use and simplicity provide by Bootstrap (https://getbootstrap.com/)
It's using the connecting user's credentials to connect to the directory and allow a variety of operations.
The goal is to be able to do most common directory operations directly through this web interface rather than have to rely on command tools or Windows interfaces.
It's compatible with both Windows Active Directory and Samba4 domain controllers.
If you don't know how to install samba4 see https://wiki.tiozaodolinux.com/Guide-for-Linux/Active-Directory-With-Samba-4
This project started in december 2024 with objetive of simplify the management of Users, Groups, Lists, Organizatinal Units
In my job we have the RH area with demands to NOC area create new Users, reset password Users, etc
The main objetive is RH area make yours needs without NOC area dependencies
# Download clone project
git clone https://github.com/jarbelix/GNU-ADMW.git
cd GNU-ADMW
# Create virtualenvironment
python -m venv .venv
. .venv/bin/activate
# Install dependencies
pip install -r requirements.txt
# Or install each one
pip install django ms_active_directory python-decouple python-dotenv crispy-bootstrap5 django-crispy-forms user-agentsCopy the env.example file to .env
cp env.example .envUdpate the settings to match your environment
DOMAIN='seudominio.com.br'
# your domain name
SERVER='ldaps://dc01.${DOMAIN}'
# your server in format ldap:// (without secure) or ldaps:// (with secure)
ADMIN_USER='Administrator@${DOMAIN}'
# you can use the userPrincipalName instead of the DN of the empowered user to change your AD
ADMIN_PASSWORD='SuperSecretPassword@2024'
# your password
USER_ATTRS='cn,sn,title,description,physicalDeliveryOfficeName,telephoneNumber,givenName,displayName,department,company,name,sAMAccountName,userPrincipalName,mail,loginShell,objectGUID,objectSid'
# User Atributes
GROUP_ATTRS='cn,sn,description,name,sAMAccountName,member,objectGUID,objectSid'
# Group Attributes
SEARCH_BASE='DC=seudominio,DC=com,DC=br'
# your Search base
SEARCH_BASE_USER='CN=Users,${SEARCH_BASE}'
# your Search base user
SEARCH_BASE_GROUP='CN=Groups,${SEARCH_BASE}'
# your Search base group
GROUP_REQUIRED='CN=Turma da Monica,${SEARCH_BASE_USER}'
# your DN group with the user MUST be in to login
GROUP_DENIED='CN=Disabled,${SEARCH_BASE_GROUP}'
# your DN group with the user NOT may be in to login
python utils/test-active-directory.py# Retrieve the configuration parameters:
# Connect with DOMAIN - tiozaodolinux.com at SERVER - ldaps://dc01.tiozaodolinux.com with [email protected]
# Find user by name="tiozao"
# Display user info
================================================================================
OBJECT DN: CN=tiozao,CN=Users,DC=tiozaodolinux,DC=com
================================================================================
{
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"cn": "tiozao",
"sn": "do Linux",
"title": "Título do Cargo",
"description": [
"Descrição Opcional"
],
"physicalDeliveryOfficeName": "Endereço Completo",
"telephoneNumber": "+55 67 9 81183482",
"givenName": "Tiozão",
"displayName": "Tiozão do Linux",
"department": "Nome do Departamento",
"company": "Nome da Empresa",
"name": "tiozao",
"objectGUID": "{ec206896-e6e2-4edc-a4b0-6accc8e3e981}",
"objectSid": "S-1-5-21-253206946-2420641807-3433596073-1124",
"sAMAccountName": "tiozao",
"userPrincipalName": "[email protected]",
"loginShell": "/bin/bash",
"mail": "[email protected]"
}
--------------------------------------------------------------------------------
# Find group by name="Turma da Monica"
# Display group info
================================================================================
OBJECT DN: CN=Turma da Monica,CN=Users,DC=tiozaodolinux,DC=com
================================================================================
{
"objectClass": [
"top",
"group"
],
"cn": "Turma da Monica",
"description": [
"Grupo de Usuários da Turma da Mônica"
],
"name": "Turma da Monica",
"objectGUID": "{5eecc0e4-5091-4c2b-9ef8-c534feac9078}",
"objectSid": "S-1-5-21-253206946-2420641807-3433596073-1103",
"sAMAccountName": "Turma da Monica",
"member": [
"CN=rosinha,OU=Producao,DC=tiozaodolinux,DC=com",
"CN=monica,OU=RH,DC=tiozaodolinux,DC=com",
"CN=anjinho,OU=Financeiro,DC=tiozaodolinux,DC=com",
"CN=rolo,OU=RH,DC=tiozaodolinux,DC=com",
"CN=carminha.frufru,OU=Producao,DC=tiozaodolinux,DC=com",
"CN=magali,OU=Producao,DC=tiozaodolinux,DC=com",
"CN=marina,OU=TI,DC=tiozaodolinux,DC=com",
"CN=cebolinha,OU=Financeiro,DC=tiozaodolinux,DC=com",
"CN=capitao.feio,OU=Comercial,DC=tiozaodolinux,DC=com",
"CN=rita.najura,OU=Logistica,DC=tiozaodolinux,DC=com",
"CN=franjinha,OU=Logistica,DC=tiozaodolinux,DC=com",
"CN=horacio,OU=TI,DC=tiozaodolinux,DC=com",
"CN=piteco,OU=Comercial,DC=tiozaodolinux,DC=com",
"CN=ze.vampir,OU=Contabil,DC=tiozaodolinux,DC=com",
"CN=dudu,OU=RH,DC=tiozaodolinux,DC=com",
"CN=xaveco,OU=TI,DC=tiozaodolinux,DC=com",
"CN=seu.cebola,OU=Presidente,DC=tiozaodolinux,DC=com",
"CN=chico.bento,OU=Comercial,DC=tiozaodolinux,DC=com",
"CN=juca,OU=Logistica,DC=tiozaodolinux,DC=com",
"CN=cascao,OU=Contabil,DC=tiozaodolinux,DC=com"
]
}
--------------------------------------------------------------------------------
python manage.py makemigrations
python manage.py migrate
export DJANGO_SUPERUSER_PASSWORD=SuperSecretPassword@2024
python manage.py createsuperuser --username djangoadmin --email [email protected] --noinput
python manage.py runserver
Starting development server at http://127.0.0.1:8000/
Try logging in with your Active Directory User that belongs to the Required Group and not to the Denied Group
Check the logs in the console