Python je multiplatformní jazyk oblíbený pro svou jednoduchost a stručnost. Jeho hlavní předností je srozumitelná a čistá syntaxe. Díky své jednoduchosti bývá označován jako jeden z nejvhodnějších programovacích jazyků pro začátečníky.
Pokud se chceme připojovat na LDAP z Pythonu, instalujeme pro Python3 balíček pip3 install python-ldap. Pak se nám může hodit následující:
This program connects to LDAP server listening on localhost using anonymous bind:
#!/usr/bin/env python
import ldap
try:
l = ldap.open("127.0.0.1")
l.protocol_version = ldap.VERSION3
username = ""
password = ""
l.simple_bind(username, password)
except ldap.LDAPError, e:
print eThis program connects to LDAP server listening on localhost using simple bind
#!/usr/bin/env python
import ldap
try:
l = ldap.open("127.0.0.1")
l.protocol_version = ldap.VERSION3
username = "uid=saurabhb,ou=people,dc=sbarjatiya,dc=com"
password = "iiit123"
l.simple_bind(username, password)
except ldap.LDAPError, e:
print eThis program connects to LDAP server using rootdn and adds aposixUser
#!/usr/bin/env python
# import needed modules
import ldap
import ldap.modlist as modlist
# Open a connection
l = ldap.initialize("ldap://localhost:389/")
# Bind/authenticate with a user with apropriate rights to add objects
l.simple_bind_s("cn=root,dc=sbarjatiya,dc=com","iiit123")
# The dn of our new entry/object
dn="uid=user1,ou=people,dc=sbarjatiya,dc=com"
# A dict to help build the "body" of the object
attrs = {}
attrs['objectclass'] = ['top', 'account', 'posixAccount', 'shadowAccount']
attrs['cn'] = 'User One'
attrs['uid'] = 'user1'
attrs['uidNumber'] = '3001'
attrs['gidNumber'] = '3000'
attrs['homeDirectory'] = '/home/user1'
attrs['loginShell'] = '/bin/bash'
attrs['description'] = 'Proud first user'
attrs['gecos'] = 'Via6, N#1010, 6th Avenue'
attrs['userPassword'] = 'iiit123'
attrs['shadowLastChange'] = '0'
attrs['shadowMax'] = '99999'
attrs['shadowWarning'] = '99999'
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.addModlist(attrs)
# Do the actual synchronous add-operation to the ldapserver
l.add_s(dn,ldif)
# Its nice to the server to disconnect and free resources when done
l.unbind_s()This program changes description of posixUser created with previous example:
#!/usr/bin/env python
# import needed modules
import ldap
import ldap.modlist as modlist
# Open a connection
l = ldap.initialize("ldap://localhost:389/")
# Bind/authenticate with a user with apropriate rights to add objects
l.simple_bind_s("uid=user1,ou=people,dc=sbarjatiya,dc=com","iiit123")
# The dn of our existing entry/object
dn="uid=user1,ou=people,dc=sbarjatiya,dc=com"
# Some place-holders for old and new values
old = {'description':'Proud first user'}
new = {'description':'I could easily forgive his pride, if he had not mortified mine.'}
# Convert place-holders for modify-operation using modlist-module
ldif = modlist.modifyModlist(old,new)
# Do the actual modification
l.modify_s(dn,ldif)
# Its nice to the server to disconnect and free resources when done
l.unbind_s()This program searches for all entries which have uid attribute, that is all users:
#!/usr/bin/env python
import ldap
## first you must open a connection to the server
try:
l = ldap.open("127.0.0.1")
l.protocol_version = ldap.VERSION3
except ldap.LDAPError, e:
print e
baseDN = "dc=sbarjatiya,dc=com"
searchScope = ldap.SCOPE_SUBTREE
retrieveAttributes = None
searchFilter = "uid=*"
try:
ldap_result_id = l.search(baseDN, searchScope, searchFilter, retrieveAttributes)
while 1:
result_type, result_data = l.result(ldap_result_id, 0)
if (result_data == []):
break
else:
## here you don't have to append to a list
## you could do whatever you want with the individual entry
## The appending to list is just for illustration.
if result_type == ldap.RES_SEARCH_ENTRY:
print result_data
except ldap.LDAPError, e:
print eThis program deletes example user created in above examples:
#!/usr/bin/env python
import ldap
## first you must bind so we're doing a simple bind first
try:
l = ldap.open("127.0.0.1")
l.protocol_version = ldap.VERSION3
username = "cn=root,dc=sbarjatiya,dc=com"
password = "iiit123"
l.simple_bind(username, password)
except ldap.LDAPError, e:
print e
# The next lines will also need to be changed to support your requirements and directory
deleteDN = "uid=user1,ou=people,dc=sbarjatiya,dc=com"
try:
l.delete_s(deleteDN)
except ldap.LDAPError, e:
print eimport ldap
def create_ldap_user(username, password, org_dn):
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s('Administrator', 'P@ssword')
user = {}
user['objectclass'] = ['top', 'person', 'inetOrgPerson']
user['cn'] = username
user['sn'] = user['cn']
user['password'] = password
user_dn = 'cn=%s,%s' % (username,org_dn)
ldif = modlist.addModlist(user)
ret, _ = l.add_s(user_dn, ldif)
print retimport ldap
def modify_user(username):
firstname = 'Abel'
lastname = 'Lee'
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s('Administrator', 'P@ssword')
cn = username
dn = 'cn=%s,ou=org1,dc=testad,dc=com' % cn
old = {'description': 'old description'}
new = {'description': 'new description'}
ldif = ldap.modifyModlist(old, new)
ret = l.modify_s(dn, ldif)
l.unbind_s()
print retimport ldap
def delete_users(user_dn):
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s('Administrator', 'P@ssword')
ret = l.delete_s(user_dn)
l.unbind_s()
print retimport ldap
def describe_ldap_users(org_dn='', usernames = []):
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s('Administrator', 'P@ssword')
USER_ATTRS = ['userAccountControl','displayName','description','homePhone','physicalDeliveryOfficeName','title','mail','telephoneNumber']
filterstr = '(&(objectclass=person)'
if len(usernames) > 0:
filterstr = filterstr + '(|'
for cn in usernames:
cn = '(cn=%s)' % cn
filterstr += cn
if len(usernames) > 0:
filterstr += '))'
else:
filterstr += ')'
if org_dn:
ret = l.search_s(org_dn, ldap.SCOPE_SUBTREE, filterstr,
attrlist=USER_ATTRS)
else:
ret = l.search_s(base_dn, ldap.SCOPE_SUBTREE, filterstr,
attrlist=USER_ATTRS)
print retimport ldap
def login_ldap(user_dn, password):
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s(user_dn, password)
cn = user_dn.split(',')[0].split('=')
base_dn = 'dc=testad,dc=com'
ret = l.search_s(base_dn, ldap.SCOPE_SUBTREE,"%s=%s" % (cn[0], cn[1]))
if ret is None or len(ret) == 0:
return False
return Trueimport ldap
def set_ldap_password(user_dn, password):
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s('Administrator', 'P@ssword')
l.passwd_s(user_dn, None, password)import ldap
def modify_ldap_password(user_dn, old_password, new_password):
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s('Administrator', 'P@ssword')
l.passwd_s(user_dn, old_password, new_password)import ldap
def create_ou(parent_dn, ou):
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s('Administrator', 'P@ssword')
attrs= {'ou': ou}
attrs['description'] = 'this is description'
attrs['objectClass'] = ['organizationalUnit','top']
dn = 'ou=%s,%s' % (attrs['ou'], parent_dn)
ldif = modlist.addModlist(attrs)
ret, _ = l.add_s(dn,ldif)
print retimport ldap
def modify_ou(attrs={'description': 'new_description'}):
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s('Administrator', 'P@ssword')
old_attrs = {'description': 'old_description'}
ldif = modlist.modifyModlist(old_attrs, attrs)
l.modify_s(dn,ldif)import ldap
def delete_ou(dn):
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s('Administrator', 'P@ssword')
l.delete_s(dn)import ldap
def describe_ou(parent_dn='', org_dns=[]):
ORGANIZATION_ATTRS = ['ou', 'description']
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s('Administrator', 'P@ssword')
filterstr = '(&(objectclass=organizationalUnit)'
for dn in org_dns:
objectGUID = '(ou=%s)' % dn
filterstr += objectGUID
filterstr += ')'
if parent_dn:
ret = l.search_s(parent_dn, ldap.SCOPE_SUBTREE, filterstr,
attrlist=ORGANIZATION_ATTRS)
else:
ret = l.search_s(base_dn, ldap.SCOPE_SUBTREE, filterstr,
attrlist=ORGANIZATION_ATTRS)
print retimport ldap
def change_user_in_ou(user_dn, new_org_dn):
l = ldap.initialize('ldap://172.16.1.163:389')
l.protocol_version = 3
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s('Administrator', 'P@ssword')
cn = user_dn.split(',')[0]
ret = l.rename_s(user_dn, cn, new_org_dn)
print ret