Python ldap3.SUBTREE Examples
The following are 30
code examples of ldap3.SUBTREE().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
ldap3
, or try the search function
.
.
Example #1
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 6 votes |
|
def test_10_simple_not_simple_greater_condition(self):
dn = "cn=manager,ou=example,o=test"
s = "(!(oid>=2))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
dn = "cn=mini,ou=example,o=test"
s = "(!(accountExpires>=1))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
Example #2
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 6 votes |
|
def test_25_add_user(self):
dn = "cn=John Smith,ou=example,o=test"
data = { "sn" : "Smith",
"cn" : "John Smith",
"userPassword": "S3cr3t",
}
classes = ["top", "inetOrgPerson"]
s = "(&(cn=John Smith)(objectClass=top))"
r = self.c.add(dn, classes, data)
self.assertTrue(r)
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
Example #3
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 6 votes |
|
def test_17_multi_or(self):
dn = "cn=bob,ou=example,o=test"
dn1 = "cn=mini,ou=example,o=test"
s = "(|(oid>=3)(accountExpires=0))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 2)
self.assertTrue(self.c.response[0].get("dn") == dn)
self.assertTrue(self.c.response[1].get("dn") == dn1)
dn = "cn=bob,ou=example,o=test"
dn1 = "cn=manager,ou=example,o=test"
dn2 = "cn=mini,ou=example,o=test"
s = "(|(cn~=bob)(sn=ke*le)(accountExpires<=0))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 3)
self.assertTrue(self.c.response[0].get("dn") == dn)
self.assertTrue(self.c.response[1].get("dn") == dn1)
self.assertTrue(self.c.response[2].get("dn") == dn2)
Example #4
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 6 votes |
|
def test_16_simple_or_simple_less_condition(self):
dn = "cn=manager,ou=example,o=test"
s = "(|(oid<=1))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
dn = "cn=mini,ou=example,o=test"
s = "(|(accountExpires<=100))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
Example #5
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 6 votes |
|
def test_12_multi_not(self):
dn = "cn=alice,ou=example,o=test"
dn1 = "cn=bob,ou=example,o=test"
dn2 = "cn=manager,ou=example,o=test"
s = "(!(&(sn~=Cooper)(cn=mini)))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 3)
self.assertTrue(self.c.response[0].get("dn") == dn)
self.assertTrue(self.c.response[1].get("dn") == dn1)
self.assertTrue(self.c.response[2].get("dn") == dn2)
dn = "cn=mini,ou=example,o=test"
s = "(!(|(cn~=bob)(sn=*le*)(accountExpires>=100)))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
Example #6
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 6 votes |
|
def test_11_simple_not_simple_less_condition(self):
dn = "cn=bob,ou=example,o=test"
s = "(!(oid<=2))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
dn = "cn=manager,ou=example,o=test"
s = "(!(accountExpires<=9223372036854775807))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
Example #7
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 6 votes |
|
def test_07_multi_and(self):
dn = "cn=bob,ou=example,o=test"
s = "(&(oid>=2)(sn=Marley))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
dn = "cn=bob,ou=example,o=test"
s = "(&(cn~=bob)(sn=*e*)(accountExpires>=100))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
Example #8
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 6 votes |
|
def test_06_simple_and_simple_less_condition(self):
dn = "cn=manager,ou=example,o=test"
s = "(&(oid<=1))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
dn = "cn=alice,ou=example,o=test"
dn1 = "cn=mini,ou=example,o=test"
s = "(&(accountExpires<=9223372036854775805))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 2)
self.assertTrue(self.c.response[0].get("dn") == dn)
self.assertTrue(self.c.response[1].get("dn") == dn1)
Example #9
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 6 votes |
|
def test_00_wrong_basedn(self):
s = "(&(cn=*))"
base = "o=invalid"
self.c.search(search_base=base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 0)
s = "(!(cn=*))"
base = "o=invalid"
self.c.search(search_base=base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 0)
s = "(|(cn=*)(sn=*))"
base = "o=invalid"
self.c.search(search_base=base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 0)
Example #10
| Source File: client_ldap3.py From code with MIT License | 6 votes |
|
def search(self, base, filter=None, scope=None, attrs=None):
filter = filter or "(objectClass=*)"
scope = {
"base": ldap3.BASE,
"subtree": ldap3.SUBTREE,
"sub": ldap3.SUBTREE,
"onelevel": ldap3.LEVEL,
"one": ldap3.LEVEL,
# not natively supported by ldap3
#"subordinate": ldap3.SUBORDINATE,
#"child": ldap3.SUBORDINATE,
}[scope or "subtree"]
attrs = [*attrs] if attrs else ["*"]
ok = self.conn.search(base, filter,
search_scope=scope,
attributes=attrs)
entries = self.conn.entries
entries = [(entry.entry_dn, entry.entry_raw_attributes) for entry in entries]
return entries
Example #11
| Source File: _ldap.py From treadmill with Apache License 2.0 | 5 votes |
|
def search(self, search_base=None, search_filter=None,
search_scope=ldap3.SUBTREE, attributes=None, dirty=False):
"""Call ldap search and return a generator of dn, entry tuples.
"""
if search_base is None:
search_base = self.root_ou
if search_filter is None:
search_filter = '(objectClass=*)'
if attributes is None:
attributes = ['*', '+']
# If entries in the potential search results were written or modified
# recently, we use the connection to the write server to avoid problems
# with replication delays between provider and consumer
ldap = self.write_ldap if dirty else self.ldap
ldap.result = None
ldap.search(
search_base=search_base,
search_filter=search_filter,
search_scope=search_scope,
attributes=attributes,
dereference_aliases=ldap3.DEREF_NEVER
)
self._test_raise_exceptions(ldap)
return iter(ldap.response)
Example #12
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 5 votes |
|
def test_22_two_levels_of_filter(self):
dn = "cn=alice,ou=example,o=test"
dn1 = "cn=bob,ou=example,o=test"
dn2 = "cn=manager,ou=example,o=test"
s = "(|(accountExpires>=9223372036854775807)(!(accountExpires=0)))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 3)
self.assertTrue(self.c.response[0].get("dn") == dn)
self.assertTrue(self.c.response[1].get("dn") == dn1)
self.assertTrue(self.c.response[2].get("dn") == dn2)
dn = "cn=alice,ou=example,o=test"
s = "(&(accountExpires<=9223372036854775806)(!(accountExpires=0)))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
dn = "cn=bob,ou=example,o=test"
s = "(&(cn=*)(objectGUID~=%s))" % trim_objectGUID(objectGUIDs[2])
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
Example #13
| Source File: _ldap.py From treadmill with Apache License 2.0 | 5 votes |
|
def paged_search(self, search_base=None, search_filter=None,
search_scope=ldap3.SUBTREE, attributes=None, dirty=False):
"""Call ldap paged search and return a generator of dn, entry tuples.
:returns:
``generator`` - Search result generator
"""
if search_base is None:
search_base = self.root_ou
if search_filter is None:
search_filter = '(objectClass=*)'
if attributes is None:
attributes = ['*', '+']
# If entries in the potential search results were written or modified
# recently, we use the connection to the write server to avoid problems
# with replication delays between provider and consumer
ldap = self.write_ldap if dirty else self.ldap
ldap.result = None
res_gen = ldap.extend.standard.paged_search(
search_base=search_base,
search_filter=search_filter,
search_scope=search_scope,
attributes=attributes,
dereference_aliases=ldap3.DEREF_NEVER,
paged_size=50,
paged_criticality=True,
generator=True
)
self._test_raise_exceptions(ldap)
return res_gen
Example #14
| Source File: _ldap.py From treadmill with Apache License 2.0 | 5 votes |
|
def list(self, attrs, generator=False, dirty=False,
get_operational_attrs=False):
"""List records, given attribute filter."""
query = self._query()
for ldap_field, obj_field, _field_type in self.schema():
if obj_field not in attrs:
continue
if attrs[obj_field] is None:
continue
arg = ldap_field
if isinstance(attrs[obj_field], list):
for value in attrs[obj_field]:
query(arg, value)
else:
query(arg, attrs[obj_field])
_LOGGER.debug('Query: %s', query.to_str())
attributes = self.attrs()
if get_operational_attrs:
attributes += self._operational_attrs
result = self.admin.paged_search(search_base=self.dn(),
search_filter=query.to_str(),
search_scope=ldap3.SUBTREE,
attributes=attributes,
dirty=dirty)
if generator:
return (
self.from_entry(entry['attributes'], entry['dn'])
for entry in result
)
else:
return [
self.from_entry(entry['attributes'], entry['dn'])
for entry in result
]
Example #15
| Source File: models.py From realms-wiki with GNU General Public License v2.0 | 5 votes |
|
def bind_search(self):
logger = logging.getLogger("realms.auth.ldap")
bind_dn = self.config.get('BIND_DN') or None
base_dn = self.config['USER_SEARCH']['base']
filtr = self.config['USER_SEARCH']['filter'] % {'username': self.userid}
scope = self.config['USER_SEARCH'].get('scope', 'subtree').lower().strip()
if scope == "level":
scope = ldap3.LEVEL
elif scope == "base":
scope = ldap3.BASE
else:
scope = ldap3.SUBTREE
self.conn = ldap3.Connection(
self.server,
user=bind_dn,
password=self.config.get('BIND_AUTH') or None,
version=self.version
)
if not self.start_tls():
return None
if not self.conn.bind():
logger.error("Can't bind to the LDAP server with provided credentials ({})'".format(bind_dn))
return None
logger.debug("Successfull BIND for '{}'".format(bind_dn))
try:
if not self.conn.search(base_dn, filtr, attributes=ldap3.ALL_ATTRIBUTES, search_scope=scope):
logger.info("User was not found in LDAP: '{}'".format(self.userid))
return None
user_dn = self.conn.response[0]['dn']
attrs = self._get_attributes(self.conn.response)
# the user was found in LDAP, now let's try a BIND to check the password
return attrs if self.conn.rebind(user=user_dn, password=self.password) else None
finally:
self.close()
Example #16
| Source File: app.py From ldap-passwd-webui with MIT License | 5 votes |
|
def find_user_dn(conf, conn, uid):
search_filter = conf['search_filter'].replace('{uid}', uid)
conn.search(conf['base'], "(%s)" % search_filter, SUBTREE)
return conn.response[0]['dn'] if conn.response else None
Example #17
| Source File: post-setup-add-components.py From community-edition-setup with MIT License | 5 votes |
|
def get_oxTrustConfiguration_ldap():
ldap_conn.search(
search_base='o=gluu',
search_scope=ldap3.SUBTREE,
search_filter='(objectClass=oxTrustConfiguration)',
attributes=['oxTrustConfApplication']
)
dn = ldap_conn.response[0]['dn']
oxTrustConfApplication = json.loads(ldap_conn.response[0]['attributes']['oxTrustConfApplication'][0])
return dn, oxTrustConfApplication
Example #18
| Source File: post-setup-add-components.py From community-edition-setup with MIT License | 5 votes |
|
def get_oxAuthConfiguration_ldap():
ldap_conn.search(
search_base='o=gluu',
search_scope=ldap3.SUBTREE,
search_filter='(objectClass=oxAuthConfiguration)',
attributes=["oxAuthConfDynamic"]
)
dn = ldap_conn.response[0]['dn']
oxAuthConfDynamic = json.loads(ldap_conn.response[0]['attributes']['oxAuthConfDynamic'][0])
return dn, oxAuthConfDynamic
Example #19
| Source File: Ldap.py From Open365 with GNU Affero General Public License v3.0 | 5 votes |
|
def findUser(self, user):
self.ldapClient.search(search_base=self.dn_base,
search_filter='(&(objectClass=inetOrgPerson)(cn=' + user + '))',
search_scope=SUBTREE,
attributes=['cn'])
usernames = []
for result in self.ldapClient.response:
cn = result['attributes']['cn'][0]
if cn:
usernames.append(cn)
return usernames
Example #20
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 5 votes |
|
def test_24_filter_containing_spaces(self):
dn = "cn=bob,ou=example,o=test"
s = "(&(description=Bobs Account))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
Example #21
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 5 votes |
|
def test_23_three_levels_of_filter(self):
dn = "cn=alice,ou=example,o=test"
s = "(&(cn=*)(&(accountExpires<=9223372036854775806)(!(accountExpires=0))))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 1)
self.assertTrue(self.c.response[0].get("dn") == dn)
Example #22
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 5 votes |
|
def test_20_simple_not_multi_value_attribute(self):
dn = "cn=bob,ou=example,o=test"
dn1 = "cn=manager,ou=example,o=test"
s = "(!(mobile=45678))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 2)
self.assertTrue(self.c.response[0].get("dn") == dn)
self.assertTrue(self.c.response[1].get("dn") == dn1)
Example #23
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 5 votes |
|
def test_19_simple_or_multi_value_attribute(self):
dn1 = "cn=alice,ou=example,o=test"
dn2 = "cn=mini,ou=example,o=test"
s = "(|(mobile=45678))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 2)
self.assertTrue(self.c.response[0].get("dn") == dn1)
self.assertTrue(self.c.response[1].get("dn") == dn2)
Example #24
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 5 votes |
|
def test_18_simple_and_multi_value_attribute(self):
dn1 = "cn=alice,ou=example,o=test"
dn2 = "cn=mini,ou=example,o=test"
s = "(&(mobile=45678))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 2)
self.assertTrue(self.c.response[0].get("dn") == dn1)
self.assertTrue(self.c.response[1].get("dn") == dn2)
Example #25
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 5 votes |
|
def test_02_invalid_search_string(self):
s = "(&cn=*))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 0)
s = "(&(cn=*)sn=*)"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 0)
Example #26
| Source File: test_mock_ldap3.py From privacyidea with GNU Affero General Public License v3.0 | 5 votes |
|
def test_01_invalid_attribute(self):
s = "(&(invalid=*))"
self.c.search(search_base=self.base, search_filter=s, search_scope=ldap3.SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES, paged_size = 5)
self.assertTrue(len(self.c.response) == 0)
Example #27
| Source File: LDAPIdResolver.py From privacyidea with GNU Affero General Public License v3.0 | 5 votes |
|
def __init__(self):
self.i_am_bound = False
self.uri = ""
self.basedn = ""
self.binddn = ""
self.bindpw = ""
self.object_classes = []
self.dn_template = ""
self.timeout = 5.0 # seconds!
self.sizelimit = 500
self.loginname_attribute = [""]
self.searchfilter = u""
self.userinfo = {}
self.multivalueattributes = []
self.uidtype = ""
self.noreferrals = False
self._editable = False
self.resolverId = self.uri
self.scope = ldap3.SUBTREE
self.cache_timeout = 120
self.tls_context = None
self.start_tls = False
self.serverpool_persistent = False
self.serverpool_rounds = SERVERPOOL_ROUNDS
self.serverpool_skip = SERVERPOOL_SKIP
self.serverpool = None
Example #28
| Source File: ldap.py From teleport with Apache License 2.0 | 4 votes |
|
def get_all_attr(self, admin, password, search_filter):
conn = ldap3.Connection(
self._server, user=admin, password=password, check_names=True, lazy=False, raise_exceptions=False
)
try:
conn.open()
except Exception as e:
log.e(str(e))
return TPE_FAILED, None, '无法连接到LDAP服务器'
conn.bind()
if not (
('result' in conn.result and 0 == conn.result['result'])
and
('description' in conn.result and 'success' == conn.result['description'])
):
return TPE_FAILED, None, 'LDAP管理员认证失败'
ret = conn.search(
search_base=self._base_dn,
size_limit=1,
search_filter=search_filter, # (&(objectClass=person))
search_scope=ldap3.SUBTREE,
attributes=['*']
)
if not ret:
return TPE_FAILED, None, '未能找到任何用户'
if len(conn.response) == 0:
return TPE_FAILED, None, '未能找到任何用户'
result = json.loads(conn.entries[0].entry_to_json())
for attr_name in result:
attr_val = result[attr_name]
if isinstance(result[attr_name], list):
if len(attr_val) >= 1:
attr_val = attr_val[0]
else:
attr_val = ''
result[attr_name] = attr_val
return TPE_OK, result, ''
Example #29
| Source File: ldap.py From teleport with Apache License 2.0 | 4 votes |
|
def list_users(self, admin, password, search_filter, attr_username, attr_surname, attr_email, size_limit=0):
attrs_ldap, attrs_tp = self._parse_attr_map(attr_username, attr_surname, attr_email)
if attrs_ldap is None:
return TPE_PARAM, None, '属性映射错误'
user = admin
conn = ldap3.Connection(
self._server, user=user, password=password, check_names=True, lazy=False, raise_exceptions=False
)
try:
conn.open()
except Exception as e:
log.e(str(e))
return TPE_FAILED, None, '无法连接到LDAP服务器'
conn.bind()
if not (
('result' in conn.result and 0 == conn.result['result'])
and
('description' in conn.result and 'success' == conn.result['description'])
):
return TPE_FAILED, None, 'LDAP管理员认证失败'
try:
ret = conn.search(
search_base=self._base_dn,
size_limit=size_limit,
search_filter=search_filter, # (&(objectClass=person))
search_scope=ldap3.SUBTREE,
attributes=attrs_ldap
)
if not ret:
return TPE_FAILED, None, '未能搜索到LDAP用户,请检查用户基准DN和过滤器设置'
except ldap3.core.exceptions.LDAPAttributeError as e:
log.e('')
return TPE_FAILED, None, '请检查属性映射设置:{}'.format(e.__str__())
result = {}
for i in range(0, len(conn.entries)):
attrs = json.loads(conn.entries[i].entry_to_json())
user = {}
for m in range(0, len(attrs_ldap)):
ldap_name = attrs_ldap[m]
tp_name = attrs_tp[m]
attr_val = attrs['attributes'][ldap_name]
if isinstance(attr_val, list):
if len(attr_val) >= 1:
attr_val = attr_val[0]
else:
attr_val = ''
user[tp_name] = attr_val
result[attrs['dn']] = user
return TPE_OK, result, ''
Example #30
| Source File: __init__.py From ACE with Apache License 2.0 | 4 votes |
|
def ldap_query(self, query):
if not self.ldap_enabled:
return None
from ldap3 import Server, Connection, SIMPLE, SYNC, ASYNC, SUBTREE, ALL, ALL_ATTRIBUTES
import json
try:
logging.debug("connecting to ldap server {} on port {}".format(self.ldap_server, self.ldap_port))
with Connection(
Server(self.ldap_server, port = self.ldap_port, get_info = ALL),
auto_bind = True,
client_strategy = SYNC,
user=self.ldap_bind_user,
password=self.ldap_bind_password,
authentication=SIMPLE,
check_names=True) as c:
logging.debug("running ldap query for ({})".format(query))
c.search(self.ldap_base_dn, '({})'.format(query), SUBTREE, attributes = ALL_ATTRIBUTES)
# a little hack to move the result into json
response = json.loads(c.response_to_json())
result = c.result
if len(response['entries']) < 1:
return None
# XXX not sure about the 0 here, I guess only if we only looking for one thing at a time
return response['entries'][0]['attributes']
except Exception as e:
logging.warning("failed ldap query {}: {}".format(query, e))
return None
