diff options
Diffstat (limited to 'session_ldap.py')
-rw-r--r-- | session_ldap.py | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/session_ldap.py b/session_ldap.py index 1b2dc12..b60bc8b 100644 --- a/session_ldap.py +++ b/session_ldap.py @@ -8,13 +8,22 @@ import ldap3 from ldap3.core.exceptions import LDAPBindError, LDAPPasswordIsMandatoryError -def list_matching_users(server_uri, bind_dn, bind_pw,user_base, username, user_match_attrib): - search_filter=f"({user_match_attrib}={username})" +def get_ldap_connection(server_uri, bind_dn, bind_pw): server = ldap3.Server(server_uri) conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw) + return conn + +def list_matching_users(server_uri= "", bind_dn = "", bind_pw = "", connection = None, user_base = "", username = "", user_match_attrib = ""): + search_filter=f"({user_match_attrib}={username})" + if connection and isinstance(connection, ldap3.core.connection.Connection): + conn = connection + else: + conn = get_ldap_connection(server_uri, bind_dn, bind_pw) conn.search( search_base=user_base, - search_filter=search_filter) + search_filter=search_filter, + search_scope="SUBTREE" + ) print(f"DEBUG: search_base {user_base}") print(f"DEBUG: search_filter {search_filter}") result = [] @@ -27,8 +36,7 @@ def authenticated_user(server_uri, user_dn, password): print(f"server_uri: {server_uri}") print(f"user_dn: {user_dn}") try: - server = ldap3.Server(server_uri) - conn = ldap3.Connection(server, auto_bind=True, user=user_dn, password=password) + conn = get_ldap_connection(server_uri, user_dn, password) return conn except LDAPBindError as e: if 'invalidCredentials' in str(e): @@ -61,9 +69,12 @@ def list_ldap_servers_for_domain(domain): namelist.append(domain) return namelist -def get_ldap_user_groups(server_uri, bind_dn, bind_pw,user_dn,user_attrib_memberof,group_name_attrib,group_base): - server = ldap3.Server(server_uri) - conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw) +def get_ldap_user_groups(server_uri = "", bind_dn = "", bind_pw = "", connection = None, user_dn = "", user_attrib_memberof = "memberof", group_name_attrib = "uid", group_base = ""): + if connection and isinstance(connection, ldap3.core.connection.Connection): + conn = connection + else: + conn = get_ldap_connection(server_uri, bind_dn, bind_pw) + # so now we have a connection conn.search( search_base=user_dn, search_filter="(cn=*)", # this has the potential to not work in a directory where CN is not a part of any dn? @@ -97,8 +108,7 @@ def get_ldap_attrib_from_krbPrincipalName(server_uri = None, bind_dn = "", bind_ if connection and isinstance(connection, ldap3.core.connection.Connection): conn = connection else: - server = ldap3.Server(server_uri) - conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw) + conn = get_ldap_connection(server_uri, bind_dn, bind_pw) conn.search( search_base=search_base, search_scope="SUBTREE", @@ -111,15 +121,15 @@ def get_ldap_attrib_from_krbPrincipalName(server_uri = None, bind_dn = "", bind_ else: return entry.entry_attributes_as_dict[entry.entry_attributes[0]][0] -def get_ldap_username_attrib_from_dn(server_uri = None, bind_dn = "", bind_pw = "", authenticated_user = None, user_match_attrib = "dn", user_dn = None): +def get_ldap_username_attrib_from_dn(server_uri = None, bind_dn = "", bind_pw = "", authenticated_user = None, user_match_attrib = "dn", user_dn = ""): # Needs (server_uri, bind_dn, bind_pw, user_dn) or (authenticated_user) if authenticated_user and isinstance(authenticated_user, ldap3.core.connection.Connection): conn = authenticated_user search_base=authenticated_user.extend.standard.who_am_i().replace("dn: ","") else: # then we have to use a new connection - server = ldap3.Server(server_uri) - conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw) + conn = get_ldap_connection(server_uri, bind_dn, bind_pw) + if user_dn: search_base=user_dn, # so now conn is the connection regardless of how we got there, and search_base #print(f"DEBUG: search_base {search_base} attributes {user_match_attrib}") |