-
-
Save mortymacs/6f757fa4d8f77bf7052555a5d84f3d6a to your computer and use it in GitHub Desktop.
Python-LDAP: find the groups a user is a member of.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LDAP_SERVER = "ldaps://my-ldap-server.com/" | |
| LDAP_BASE = "dc=my-ldap-server,dc=com" | |
| def users_ldap_groups(uid): | |
| """ Returns a list of the groups that the uid is a member of. | |
| Returns False if it can't find the uid or throws an exception. | |
| It's up to the caller to ensure that the UID they're using exists! | |
| """ | |
| logger.debug("uid: ", uid) | |
| # ignore certificate errors | |
| ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) | |
| l = ldap.initialize(LDAP_SERVER) | |
| # this search for all objectClasses that user is in. | |
| # change this to suit your LDAP schema | |
| search_filter='(|(&(objectClass=*)(member=uid=%s,cn=users,cn=accounts,dc=my-ldap-server,dc=com)))' % uid | |
| try: | |
| # this returns the groups! | |
| results = l.search_s(LDAP_BASE, ldap.SCOPE_SUBTREE, search_filter, ['cn',]) | |
| logger.debug('%s groups: %s' % (uid, results) ) | |
| return results | |
| except ldap.NO_SUCH_OBJECT as e: | |
| logger.error("{}:{}unable to lookup uid {} on LDAP server {}: {}".format(__file__, sys._getframe().f_code.co_name, uid, LDAP_SERVER, e)) | |
| return False | |
| except Exception as e: # some other error occured | |
| logger.error("{}:{}: other error occurred looking up {} in LDAP: {}".format(__file__, sys._getframe().f_code.co_name,uid,e)) | |
| return False | |
| # shouldn't get here, but if we do, we don't have any results! | |
| return False |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
http://mattfahrner.com/2014/03/09/using-paged-controls-with-python-and-ldap/