[python-win32] Is this user a member of a given Active Directory group?
Vernon Cole
vernondcole at gmail.com
Thu Jul 31 20:22:38 CEST 2008
Dear group:
My company makes use of Active Directory to determine what rights a given
user has in an application system. If the user is a member of a certain
group, then (s)he has the right to perform some set of functions. For
example, if VCOLE is a member of WCPO-CREATE then I can create new purchase
orders.
The method I am using to determine a user's group membership consists of
looking at all the members of each target group, and finding whether my user
is on that list.
Something like the following code snippet:
v v v v v v
glist = ['A','List',"of","possible",'group','names']
_username = win32api.GetUserName().upper()
_LoginServer = win32net.NetGetAnyDCName()
if True: # begin snippet
groups = set()
for g in glist:
resume = 0
while True:
try:
entries, total, resume = \
win32net.NetGroupGetUsers(
_LoginServer,g, 0, resume)
except KeyboardInterrupt:
raise
except:
print 'Group Name "%s" could not be found' % g
break
for de in entries:
name = de['name'].upper()
if name == _username:
groups.add(g)
if resume == 0:
break
# end snippet
if 'possible' in groups:
print 'You can do it.'
^ ^ ^ ^ ^
My question is this:
There MUST be some better way. Is there no system call for "Is user U a
member of group G"?
--
Vernon Cole
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-win32/attachments/20080731/5a60e6fa/attachment.htm>
More information about the python-win32
mailing list