Skip to main content

Tiny wrapper for Python ldap3 Package.

Project description


tinyLDAP3

Tiny wrapper for Python `ldap3` Package.


Table of Contents
  1. About The Project
  2. Installation
  3. Usage
  4. Customization
  5. License
  6. Contact

About The Project

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam aliquam pretium mi quis laoreet.

(back to top)

Installation

Installation is as simple as:

pip install tinyLDAP3

(back to top)

Usage

Instance Create

Create a new instance of the tinyLDAP3Client class and assigns this object to the local variable ldap.

Optional Instance Attributes:
connect_timeout: int - Default value 10 (sec.)
receive_timeout: int - Default value 10 (sec.)

Don't store sensitive information in source code. For example use ".env" file.

from tinyLDAP3 import tinyLDAP3Client
from typing import Iterable

LDAP_USER_DN: str = "CN=Your-LDAP-Account,OU=_SpecialUsers,DC=example,DC=com"
LDAP_USER_PASSWORD: str  = "You%wILL#&neVeR!gUEss"
LDAP_SEARCH_BASE: str = "DC=example,DC=com"
LDAP_HOSTS: Iterable = ["10.10.10.2", "10.10.20.2", "10.10.30.2"]

if __name__ == "__main__":
    ldap = tinyLDAP3Client(
        user_dn=LDAP_USER_DN,
        user_pass=LDAP_USER_PASSWORD,
        search_base=LDAP_SEARCH_BASE,
        hosts=LDAP_HOSTS
    )

(back to top)

Object Detail

object_category - Three categories are expected: Computer, Group or Person.

Predefined list of returned attributes
  • Category: Computer

    • cn

    • description

    • distinguishedName

    • lastLogon

    • logonCount

    • name

    • objectGUID

    • operatingSystem

    • operatingSystemVersion

    • sAMAccountName

    • sAMAccountType

    • servicePrincipalName

    • whenChanged

    • whenCreated

  • Category: Group

    • cn

    • description

    • distinguishedName

    • mail

    • member

    • memberOf

    • name

    • objectGUID

    • sAMAccountName

    • sAMAccountType

    • whenChanged

    • whenCreated

  • Category: Person

    • accountExpires

    • badPasswordTime

    • badPwdCount

    • cn

    • company

    • department

    • displayName

    • employeeID

    • employeeNumber

    • extensionAttribute12

    • extensionAttribute5

    • extensionAttribute6

    • extensionAttribute9

    • ipPhone

    • l

    • lastLogoff

    • lastLogon

    • lockoutTime

    • logonCount

    • mail

    • manager

    • memberOf

    • mobile

    • msDS-UserPasswordExpiryTimeComputed

    • msExchExtensionAttribute22

    • msExchExtensionAttribute23

    • msExchExtensionCustomAttribute1

    • msExchExtensionCustomAttribute2

    • objectGUID

    • pwdLastSet

    • sAMAccountName

    • sAMAccountType

    • servicePrincipalName

    • streetAddress

    • telephoneNumber

    • thumbnailPhoto

    • title

    • userAccountControl

    • userPrincipalName

    • whenChanged

    • whenCreated

Optional arguments:

  • is_active: bool = False - Define the search scope: Active or All Users.
  • returned_attrs_collection: Iterable[str] = None - Override the collection of predefined returned attributes.
Computer
ldap = ...
print("Result:", ldap.object_detail(
    object_category="computer",
    attr_name="sAMAccountName", 
    attr_value="value",
    returned_attrs_collection=["description", "sAMAccountName", "mail", "distinguishedName"]
))
# Result: {
#     'operatingSystem': None, 
#     'sAMAccountName': 'value', 
#     'whenCreated': datetime.datetime(...), 
#     'lastLogon': None, 
#     'cn': '...'
# }
Group
ldap = ...
print("Result:", ldap.object_detail(
    object_category="group",
    attr_name="sAMAccountName", 
    attr_value="value",
    returned_attrs_collection=["description", "sAMAccountName", "mail", "distinguishedName"]
))
# Result: {'mail': None, 'sAMAccountName': 'value', 'description': '...', 'distinguishedName': '...', 'cn': '...'}
Person
ldap = ...
# Unique value
print("Result:", ldap.object_detail(
    object_category="person",
    attr_name="sAMAccountName", 
    attr_value="unique_value",
    returned_attrs_collection=["sAMAccountName", "mail", "employeeNumber"]
))
# Result: {'mail': '...', 'sAMAccountName': 'unique_value', 'employeeNumber': '...'}

print("Result", ldap.object_detail(
    object_category="person",
    attr_name="sn",
    attr_value="value",
    returned_attrs_collection=["sAMAccountName", "mail", "employeeNumber"]
))
# WARNING:root:@ LDAP Object Detail @ - 'ObjectCategory: `person`, AttrName: `sn`, Value: `value`' \
# - More than one LDAP Object were found. Use attributes with unique values.
# Result: (
#     {'mail': '...', 'employeeNumber': '...', 'sAMAccountName': '...', 'sn': 'value'}, 
#     {'mail': '...', 'employeeNumber': '...', 'sAMAccountName': '...', 'sn': 'value'}
# )

(back to top)

Object Read

Reading object attributes by category and distinguishedName attribute value.

  • returned_attrs_collection: Iterable[str] = None - Override the collection of returned attributes (Default: All attributes).
ldap = ...
print("Result:", ldap.object_read(
    object_category=["top", "person", "user"],
    dn="CN=Any-LDAP-Account,OU=_Users,DC=example,DC=com",
    returned_attrs_collection=[
        "objectClass", "description", "sAMAccountName", "name", "objectGUID"
    ]
))
# Result: {
#     'objectClass': ['top', 'person', 'organizationalPerson', 'user'], 
#     'description': None, 
#     'name': '...', 
#     'objectGUID': '{...-...-...-...-...}', 
#     'sAMAccountName': '...'
# }

(back to top)

Objects Search

object_category - Three categories are expected: Computer, Group or Person.

Predefined list of attributes for Person (User) search
  • Category: Person

    • cn

    • employeeNumber

    • ipPhone

    • mail

    • mobile

    • sAMAccountName

Predefined list of returned attributes
  • Category: Computer

    • cn

    • operatingSystem

    • operatingSystemVersion

    • whenChanged

    • whenCreated

  • Category: Group

    • distinguishedName

    • mail

    • sAMAccountName

    • whenChanged

    • whenCreated

  • Category: Person

    • department

    • displayName

    • employeeNumber

    • ipPhone

    • mail

    • mobile

    • sAMAccountName

    • title

    • userAccountControl

    • whenChanged

    • whenCreated

Category searching:

  • Computer - wildcard: *value*
  • Group - wildcard: *value*
  • Person - wildcard: value*

Optional method arguments:

  • order_by: str = "sAMAccountName" - Sorting by a specific attribute. Default value sAMAccountname. The attribute will be added automatically if it's missing from the collection of returned attributes.
  • search_by_attrs_collection: Iterable[str] = None - Override the predefined list for Person (User) search.
  • returned_attrs_collection: Iterable[str] = None - Override the predefined list of returned attributes.
Computer
ldap = ...
print("Result:", ldap.objects_search(
    object_category="computer",
    attr_value="value",
    returned_attrs_collection=["cn", "lastLogon", "operatingSystem"]
))
# Result: (
#     {'sAMAccountName': '...', 'cn': 'value', 'lastLogon': datetime.datetime(...), 'operatingSystem': '...'},
#     ...,
#     {'sAMAccountName': '...', 'cn': 'value', 'lastLogon': None, 'operatingSystem': '...'}, 
# )
Group
ldap = ...
print("Result:", ldap.objects_search(
    object_category="group",
    attr_value="value",
    returned_attrs_collection=["sAMAccountName", "distinguishedName"]
))
# Result: (
#     {'distinguishedName': 'CN=...', 'sAMAccountName': 'value'}, 
#     ...,
#     {'distinguishedName': 'CN=...', 'sAMAccountName': 'value'},
# )
Person
ldap = ...
print("Result", ldap.objects_search(
    object_category="person",
    attr_value="value",
    order_by="displayName",
    returned_attrs_collection=["mail"]
))
# Result: ({'mail': None, 'displayName': '...'}, ..., {'mail': '...', 'displayName': '...'}

(back to top)

Person Auth

login - Expected value of the userPrincipalName attribute.

Predefined list of returned attributes:

  • "cn",
  • "employeeNumber",
  • "ipPhone",
  • "mail",
  • "mobile",
  • "userPrincipalName",
  • "sAMAccountName",

Optional method arguments:
returned_attrs_collection: Iterable[str] = None - Override the predefined list of returned attributes.

ldap = ...
print(ldap.person_auth(
    login="login@example.com", 
    password="***",
))
# Result Auth Pass:
# (
#     True,
#     {
#         'ipPhone': '...', 
#         'userPrincipalName': 'login@example.com', 
#         'mobile': '...', 
#         'employeeNumber': '...', 
#         'mail': '...', 
#         'cn': '...', 
#         'sAMAccountName': '...'
#     }
# )
# Result Auth Failed:
# (
#     False, 
#     {
#         'result': 49,
#         'description': 'invalidCredentials',
#         'dn': '',
#         'message': '80090308: LdapErr: DSID-0C09056B, comment: AcceptSecurityContext error, data 52e, v4f7c\x00',
#         'referrals': None,
#         'saslCreds': None,
#         'type': 'bindResponse'
#     }
# )

(back to top)

Customization

Overriding _search_limit instance attributes:

from tinyLDAP3 import tinyLDAP3Client

class tinyLDAP3Custom(tinyLDAP3Client):
    def __init__(self, **kwargs):
        super().__init__(**kwargs)

        self._search_limit = 1000

(back to top)

License

Distributed under the MIT License. See LICENSE for more information.

(back to top)

Contact

Luarvick - lu.luarvick@gmail.com

Project Link: https://github.com/luarvick/tinyLDAP3

(back to top)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tinyldap3-0.2.61.tar.gz (14.4 kB view details)

Uploaded Source

Built Distribution

tinyLDAP3-0.2.61-py3-none-any.whl (12.8 kB view details)

Uploaded Python 3

File details

Details for the file tinyldap3-0.2.61.tar.gz.

File metadata

  • Download URL: tinyldap3-0.2.61.tar.gz
  • Upload date:
  • Size: 14.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.7

File hashes

Hashes for tinyldap3-0.2.61.tar.gz
Algorithm Hash digest
SHA256 54b61fcd5a482a7e3651cf5d40a2feff8703de151c10bc8d3213f1ac0d70bb64
MD5 b25bf3234ec9d8d4be4c99b83a608261
BLAKE2b-256 94d6cc3c1b2a01da84aa33348acf17ba4e5d3edeacad228f89b05662484c2c30

See more details on using hashes here.

File details

Details for the file tinyLDAP3-0.2.61-py3-none-any.whl.

File metadata

  • Download URL: tinyLDAP3-0.2.61-py3-none-any.whl
  • Upload date:
  • Size: 12.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.7

File hashes

Hashes for tinyLDAP3-0.2.61-py3-none-any.whl
Algorithm Hash digest
SHA256 2ad3591306720d78916dd0cf16677c5ada679a20e78910294437029dea4cfae2
MD5 e0deaf3f8506d609e269454609749fd3
BLAKE2b-256 b66bdad1417a3a92a8fc1474fc3a1a07f0b72ec05456b36586415a49e093b8b8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page