Skip to content

Instantly share code, notes, and snippets.

@ebramanti

ebramanti/gist:ee67ad64d02de12ed372

Created August 7, 2014 18:57
Show Gist options
  • Save ebramanti/ee67ad64d02de12ed372 to your computer and use it in GitHub Desktop.
Save ebramanti/ee67ad64d02de12ed372 to your computer and use it in GitHub Desktop.
Download ZIP
LDAP Auth
Raw
gistfile1.py
# https://djangosnippets.org/snippets/893/
#!/usr/bin/env python
import ldap
from django.contrib.auth.models import User, Group
AUTH_LDAP_SERVER = 'ldap.server.com'
AUTH_LDAP_BASE_USER = "cn=Manager,dc=ldap,dc=server,dc=com"
AUTH_LDAP_BASE_PASS = "Manager Password"
AUTH_LDAP_BASE = "dc=ldap,dc=server,dc=com"
AUTH_LDAP_SCOPE = ldap.SCOPE_SUBTREE
def get_ldap_groups():
scope = AUTH_LDAP_SCOPE
filter = "(&(objectclass=posixGroup))"
values = ['cn', 'memberUid']
l = ldap.open(AUTH_LDAP_SERVER)
l.protocol_version = ldap.VERSION3
l.simple_bind_s(AUTH_LDAP_BASE_USER,AUTH_LDAP_BASE_PASS)
result_id = l.search('ou=Groups,'+AUTH_LDAP_BASE, scope, filter, values)
result_type, result_data = l.result(result_id, 1)
l.unbind()
return result_data
def sync_groups():
messages = []
ldap_groups = get_ldap_groups()
for ldap_group in ldap_groups:
try: group_name = ldap_group[1]['cn'][0]
except: pass
else:
try: group = Group.objects.get(name=group_name)
except Group.DoesNotExist:
group = Group(name=group_name)
group.save()
message = "Group '%s' created." % group_name
messages.append(message)
message = "Groups are synchronized."
messages.append(message)
return messages
def get_ldap_users():
scope = AUTH_LDAP_SCOPE
filter = "(&(objectclass=posixAccount)(employeeType=active))"
values = ['uid', 'mail', 'givenName', 'sn', ]
l = ldap.open(AUTH_LDAP_SERVER)
l.protocol_version = ldap.VERSION3
l.simple_bind_s(AUTH_LDAP_BASE_USER,AUTH_LDAP_BASE_PASS)
result_id = l.search('ou=Users,'+AUTH_LDAP_BASE, scope, filter, values )
result_type, result_data = l.result(result_id, 1)
l.unbind()
return result_data
def sync_users():
messages = sync_groups()
ldap_users = get_ldap_users()
ldap_groups = get_ldap_groups()
for ldap_user in ldap_users:
try: username = ldap_user[1]['uid'][0]
except: pass
else:
try: email = ldap_user[1]['mail'][0]
except: email = ''
try: first_name = ldap_user[1]['givenName'][0]
except: first_name = username
try: last_name = ldap_user[1]['sn'][0]
except: last_name = ''
try: user = User.objects.get(username=username)
except User.DoesNotExist:
user = User.objects.create_user(username, email, username)
user.first_name = first_name
user.last_name = last_name
message = "User '%s' created." % username
messages.append(message)
else:
if not user.email == email:
user.email = email
message = "User '%s' email updated." % username
messages.append(message)
if not user.first_name == first_name:
user.first_name = first_name
message = "User '%s' first name updated." % username
messages.append(message)
if not user.last_name == last_name:
user.last_name = last_name
message = "User '%s' last name updated." % username
messages.append(message)
user.save()
for ldap_group in ldap_groups:
group_name = ldap_group[1]['cn'][0]
group_members = ldap_group[1]['memberUid']
try:
group = Group.objects.get(name=group_name)
except:
pass
else:
if not user.username in group_members:
if group in user.groups.all():
user.groups.remove(group)
message = "User '%s' removed from group '%s'." % (user.username, group.name)
messages.append(message)
else:
if not group in user.groups.all():
user.groups.add(group)
message = "User '%s' added to group '%s'." % (user.username, group.name)
messages.append(message)
message = "Users are synchronized."
messages.append(message)
return messages
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment