LDAP manipulations using python
From Notes_Wiki
<yambe:breadcrumb self="LDAP manipulations using python">Python|Python</yambe:breadcrumb>
LDAP manipulations using python
01-anonymous_bind.py
This program connects to LDAP server listening on localhost using anonymous bind:
#!/usr/bin/env python import ldap try: l = ldap.open("127.0.0.1") l.protocol_version = ldap.VERSION3 username = "" password = "" l.simple_bind(username, password) except ldap.LDAPError, e: print e
02-simple_bind.py
This program connects to LDAP server listening on localhost using simple bind
#!/usr/bin/env python import ldap try: l = ldap.open("127.0.0.1") l.protocol_version = ldap.VERSION3 username = "uid=saurabhb,ou=people,dc=sbarjatiya,dc=com" password = "iiit123" l.simple_bind(username, password) except ldap.LDAPError, e: print e
03-add_entry.py
This program connects to LDAP server using rootdn and adds aposixUser
#!/usr/bin/env python # import needed modules import ldap import ldap.modlist as modlist # Open a connection l = ldap.initialize("ldap://localhost:389/") # Bind/authenticate with a user with apropriate rights to add objects l.simple_bind_s("cn=root,dc=sbarjatiya,dc=com","iiit123") # The dn of our new entry/object dn="uid=user1,ou=people,dc=sbarjatiya,dc=com" # A dict to help build the "body" of the object attrs = {} attrs['objectclass'] = ['top', 'account', 'posixAccount', 'shadowAccount'] attrs['cn'] = 'User One' attrs['uid'] = 'user1' attrs['uidNumber'] = '3001' attrs['gidNumber'] = '3000' attrs['homeDirectory'] = '/home/user1' attrs['loginShell'] = '/bin/bash' attrs['description'] = 'Proud first user' attrs['gecos'] = 'Via6, N#1010, 6th Avenue' attrs['userPassword'] = 'iiit123' attrs['shadowLastChange'] = '0' attrs['shadowMax'] = '99999' attrs['shadowWarning'] = '99999' # Convert our dict to nice syntax for the add-function using modlist-module ldif = modlist.addModlist(attrs) # Do the actual synchronous add-operation to the ldapserver l.add_s(dn,ldif) # Its nice to the server to disconnect and free resources when done l.unbind_s()
04-modify_entry.py
This program changes description of posixUser created with previous example:
#!/usr/bin/env python # import needed modules import ldap import ldap.modlist as modlist # Open a connection l = ldap.initialize("ldap://localhost:389/") # Bind/authenticate with a user with apropriate rights to add objects l.simple_bind_s("uid=user1,ou=people,dc=sbarjatiya,dc=com","iiit123") # The dn of our existing entry/object dn="uid=user1,ou=people,dc=sbarjatiya,dc=com" # Some place-holders for old and new values old = {'description':'Proud first user'} new = {'description':'I could easily forgive his pride, if he had not mortified mine.'} # Convert place-holders for modify-operation using modlist-module ldif = modlist.modifyModlist(old,new) # Do the actual modification l.modify_s(dn,ldif) # Its nice to the server to disconnect and free resources when done l.unbind_s()
05-search.py
This program searches for all entries which have uid attribute, that is all users:
#!/usr/bin/env python import ldap ## first you must open a connection to the server try: l = ldap.open("127.0.0.1") l.protocol_version = ldap.VERSION3 except ldap.LDAPError, e: print e baseDN = "dc=sbarjatiya,dc=com" searchScope = ldap.SCOPE_SUBTREE retrieveAttributes = None searchFilter = "uid=*" try: ldap_result_id = l.search(baseDN, searchScope, searchFilter, retrieveAttributes) while 1: result_type, result_data = l.result(ldap_result_id, 0) if (result_data == []): break else: ## here you don't have to append to a list ## you could do whatever you want with the individual entry ## The appending to list is just for illustration. if result_type == ldap.RES_SEARCH_ENTRY: print result_data except ldap.LDAPError, e: print e
06-delete_entry.py
This program deletes example user created in above examples:
#!/usr/bin/env python import ldap ## first you must bind so we're doing a simple bind first try: l = ldap.open("127.0.0.1") l.protocol_version = ldap.VERSION3 username = "cn=root,dc=sbarjatiya,dc=com" password = "iiit123" l.simple_bind(username, password) except ldap.LDAPError, e: print e # The next lines will also need to be changed to support your requirements and directory deleteDN = "uid=user1,ou=people,dc=sbarjatiya,dc=com" try: l.delete_s(deleteDN) except ldap.LDAPError, e: print e
Examples learned using http://www.grotan.com/ldap/python-ldap-samples.html <yambe:breadcrumb self="LDAP manipulations using python">Python|Python</yambe:breadcrumb>