Introduction to python-ldap

Python's python-ldap (https://www.python-ldap.org/en/latest/) third-party package provides the necessary functionality to interact with an LDAP server.

You can install this package with the pip command:

$ pip install python-ldap

It is also possible to install python-ldap distributions based on Debian or Ubuntu with the following commands:

sudo apt-get update
sudo apt-get install python-ldap

To begin, you will have to initialize the LDAP connection, where we can replace ldap_server with the IP address of the server and the port number:

import ldap
ldap_client = ldap.initialize("ldap://<ldap_server>:port_number/")

This method initializes a new connection object to access the given LDAP server, and return an LDAP object that's used to perform operations on that server. The next step is bind/authenticate with a user with appropriate rights:

ldap_client.simple_bind(user,password)

Then, you can perform an ldap search. It requires you to specify the necessary parameters, such as base DN, filter, and attributes. Here is an example of the syntax that is required to search for users on an LDAP server:

ldap_client.search_s( base_dn, ldap.SCOPE_SUBTREE, filter, attrs)

Here is a complete example to find user information using the LDAP protocol. It demonstrates how to open a connection to an LDAP server using the ldap module and invoke a synchronous subtree search.

You can find the following code in the  connect_python_ldap.py file:

#!/usr/bin/env python3
import ldap

LDAP_SERVER ="ldap://52.57.162.88:389"
LDAP_BASE_DN = 'ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org'
LDAP_FILTER = '(objectclass=person)'
LDAP_ATTRS = ["cn", "dn", "sn", "givenName"]
 
def main():
    try:
        # Open a connection
        ldap_client = ldap.initialize(LDAP_SERVER)
        # Set LDAPv3 option
        ldap_client.set_option(ldap.OPT_PROTOCOL_VERSION,3)
        # Bind/authenticate with a user with appropriate rights
        ldap_client.simple_bind("admin",'Secret123')
        # Get user attributes defined in LDAP_ATTRS
        result = ldap_client.search_s(LDAP_BASE_DN,ldap.SCOPE_SUBTREE,LDAP_FILTER, LDAP_ATTRS)
        print(result)
    except ldap.INVALID_CREDENTIALS as exception:
        ldap_client.unbind()
        print('Wrong username or password. '+exception)
    except ldap.SERVER_DOWN as exception:
        print('LDAP server not available. '+exception)

if __name__ == '__main__':
    main ()

The previous script verifies credentials for the username and password against a LDAP server. It returns some of the user attributes on success, or a string that describes the error on failure. The script will search the LDAP directory subtree with the ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org base DN. The search is limited to person objects.

We need to define some global variables so that we can establish the URL of the LDAP server, that is, the base DN to search for users within the LDAP directory and the user attributes that you want to recover.

First, we need to initialize an instance of the ldap class and define the options that are required for the connection. Then, try to connect to the server using the simple_bind function. In case of success, the user's attributes are retrieved using the search_s function.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset