Created
October 14, 2011 20:04
-
-
Save ibeex/1288159 to your computer and use it in GitHub Desktop.
Python LDAP (ActiveDirectory) authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ldap | |
| def check_credentials(username, password): | |
| """Verifies credentials for username and password. | |
| Returns None on success or a string describing the error on failure | |
| # Adapt to your needs | |
| """ | |
| LDAP_SERVER = 'ldap://xxx' | |
| # fully qualified AD user name | |
| LDAP_USERNAME = '%[email protected]' % username | |
| # your password | |
| LDAP_PASSWORD = password | |
| base_dn = 'DC=xxx,DC=xxx' | |
| ldap_filter = 'userPrincipalName=%[email protected]' % username | |
| attrs = ['memberOf'] | |
| try: | |
| # build a client | |
| ldap_client = ldap.initialize(LDAP_SERVER) | |
| # perform a synchronous bind | |
| ldap_client.set_option(ldap.OPT_REFERRALS,0) | |
| ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD) | |
| except ldap.INVALID_CREDENTIALS: | |
| ldap_client.unbind() | |
| return 'Wrong username ili password' | |
| except ldap.SERVER_DOWN: | |
| return 'AD server not awailable' | |
| # all is well | |
| # get all user groups and store it in cerrypy session for future use | |
| cherrypy.session[username] = str(ldap_client.search_s(base_dn, | |
| ldap.SCOPE_SUBTREE, ldap_filter, attrs)[0][1]['memberOf']) | |
| ldap_client.unbind() | |
| return None |
@cemdrk it is from 2011 so I don't remember exactly which module it was. Probably it will work with little modifications with any ldap module.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
which python module did you use for ldap