LDAP manipulations using python

From Notes_Wiki
Revision as of 09:08, 25 January 2019 by Saurabh (talk | contribs)

<yambe:breadcrumb self="LDAP manipulations using python">Python|Python</yambe:breadcrumb>

LDAP manipulations using python

01-anonymous_bind.py

This program connects to LDAP server listening on localhost using anonymous bind:

#!/usr/bin/env python
import ldap
try:
	l = ldap.open("127.0.0.1")
	l.protocol_version = ldap.VERSION3	
	username = ""
	password  = ""
	l.simple_bind(username, password)
except ldap.LDAPError, e:
	print e


02-simple_bind.py

This program connects to LDAP server listening on localhost using simple bind

#!/usr/bin/env python
import ldap
try:
	l = ldap.open("127.0.0.1")
	l.protocol_version = ldap.VERSION3	
	username = "uid=saurabhb,ou=people,dc=sbarjatiya,dc=com"
	password  = "iiit123"
	l.simple_bind(username, password)
except ldap.LDAPError, e:
	print e


03-add_entry.py

This program connects to LDAP server using rootdn and adds aposixUser

#!/usr/bin/env python

# import needed modules
import ldap
import ldap.modlist as modlist

# Open a connection
l = ldap.initialize("ldap://localhost:389/")

# Bind/authenticate with a user with apropriate rights to add objects
l.simple_bind_s("cn=root,dc=sbarjatiya,dc=com","iiit123")

# The dn of our new entry/object
dn="uid=user1,ou=people,dc=sbarjatiya,dc=com" 

# A dict to help build the "body" of the object
attrs = {}
attrs['objectclass'] = ['top', 'account', 'posixAccount', 'shadowAccount']
attrs['cn'] = 'User One'
attrs['uid'] = 'user1'
attrs['uidNumber'] = '3001'
attrs['gidNumber'] = '3000'
attrs['homeDirectory'] = '/home/user1'
attrs['loginShell'] = '/bin/bash'
attrs['description'] = 'Proud first user'
attrs['gecos'] = 'Via6, N#1010, 6th Avenue'
attrs['userPassword'] = 'iiit123'
attrs['shadowLastChange'] = '0'
attrs['shadowMax'] = '99999'
attrs['shadowWarning'] = '99999'

# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.addModlist(attrs)

# Do the actual synchronous add-operation to the ldapserver
l.add_s(dn,ldif)

# Its nice to the server to disconnect and free resources when done
l.unbind_s()


04-modify_entry.py

This program changes description of posixUser created with previous example:

#!/usr/bin/env python

# import needed modules
import ldap
import ldap.modlist as modlist

# Open a connection
l = ldap.initialize("ldap://localhost:389/")

# Bind/authenticate with a user with apropriate rights to add objects
l.simple_bind_s("uid=user1,ou=people,dc=sbarjatiya,dc=com","iiit123")

# The dn of our existing entry/object
dn="uid=user1,ou=people,dc=sbarjatiya,dc=com" 

# Some place-holders for old and new values
old = {'description':'Proud first user'}
new = {'description':'I could easily forgive his pride, if he had not mortified mine.'}

# Convert place-holders for modify-operation using modlist-module
ldif = modlist.modifyModlist(old,new)

# Do the actual modification 
l.modify_s(dn,ldif)

# Its nice to the server to disconnect and free resources when done
l.unbind_s()


05-search.py

This program searches for all entries which have uid attribute, that is all users:

#!/usr/bin/env python

import ldap

## first you must open a connection to the server
try:
	l = ldap.open("127.0.0.1")
	l.protocol_version = ldap.VERSION3	
except ldap.LDAPError, e:
	print e


baseDN = "dc=sbarjatiya,dc=com"
searchScope = ldap.SCOPE_SUBTREE
retrieveAttributes = None 
searchFilter = "uid=*"

try:
	ldap_result_id = l.search(baseDN, searchScope, searchFilter, retrieveAttributes)
	while 1:
		result_type, result_data = l.result(ldap_result_id, 0)
		if (result_data == []):
			break
		else:
			## here you don't have to append to a list
			## you could do whatever you want with the individual entry
			## The appending to list is just for illustration. 
			if result_type == ldap.RES_SEARCH_ENTRY:
				print result_data
except ldap.LDAPError, e:
	print e


06-delete_entry.py

This program deletes example user created in above examples:

#!/usr/bin/env python

import ldap

## first you must bind so we're doing a simple bind first
try:
	l = ldap.open("127.0.0.1")
	l.protocol_version = ldap.VERSION3	
	username = "cn=root,dc=sbarjatiya,dc=com"
	password  = "iiit123"
	l.simple_bind(username, password)
except ldap.LDAPError, e:
	print e

# The next lines will also need to be changed to support your requirements and directory
deleteDN = "uid=user1,ou=people,dc=sbarjatiya,dc=com"
try:
	l.delete_s(deleteDN)
except ldap.LDAPError, e:
	print e


Examples learned using http://www.grotan.com/ldap/python-ldap-samples.html <yambe:breadcrumb self="LDAP manipulations using python">Python|Python</yambe:breadcrumb>