Tiny wrapper for Python ldap3 Package.
Project description
tinyLDAP3
Tiny wrapper for Python `ldap3` Package.
Table of Contents
About The Project
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam aliquam pretium mi quis laoreet.
Installation
Installation is as simple as:
pip install tinyLDAP3
Usage
Instance Create
Create a new instance of the tinyLDAP3Client
class and assigns this object to the local variable ldap
.
Optional Instance Attributes:
connect_timeout: int
- Default value 10 (sec.)
receive_timeout: int
- Default value 10 (sec.)
Don't store sensitive information in source code. For example use ".env" file.
from tinyLDAP3 import tinyLDAP3Client
from typing import Iterable
LDAP_USER_DN: str = "CN=Your-LDAP-Account,OU=_SpecialUsers,DC=example,DC=com"
LDAP_USER_PASSWORD: str = "You%wILL#&neVeR!gUEss"
LDAP_SEARCH_BASE: str = "DC=example,DC=com"
LDAP_HOSTS: Iterable = ["10.10.10.2", "10.10.20.2", "10.10.30.2"]
if __name__ == "__main__":
ldap = tinyLDAP3Client(
user_dn=LDAP_USER_DN,
user_pass=LDAP_USER_PASSWORD,
search_base=LDAP_SEARCH_BASE,
hosts=LDAP_HOSTS
)
Object Detail
object_category
- Three categories are expected: Computer
, Group
or Person
.
Predefined list of returned attributes
-
Category: Computer
cn
description
distinguishedName
lastLogon
logonCount
name
objectGUID
operatingSystem
operatingSystemVersion
sAMAccountName
sAMAccountType
servicePrincipalName
whenChanged
whenCreated
-
Category: Group
cn
description
distinguishedName
mail
member
memberOf
name
objectGUID
sAMAccountName
sAMAccountType
whenChanged
whenCreated
-
Category: Person
accountExpires
badPasswordTime
badPwdCount
cn
company
department
displayName
employeeID
employeeNumber
extensionAttribute12
extensionAttribute5
extensionAttribute6
extensionAttribute9
ipPhone
l
lastLogoff
lastLogon
lockoutTime
logonCount
mail
manager
memberOf
mobile
msDS-UserPasswordExpiryTimeComputed
msExchExtensionAttribute22
msExchExtensionAttribute23
msExchExtensionCustomAttribute1
msExchExtensionCustomAttribute2
objectGUID
pwdLastSet
sAMAccountName
sAMAccountType
servicePrincipalName
streetAddress
telephoneNumber
thumbnailPhoto
title
userAccountControl
userPrincipalName
whenChanged
whenCreated
Optional arguments:
is_active: bool = False
- Define the search scope: Active or All Users.returned_attrs_collection: Iterable[str] = None
- Override the collection of predefined returned attributes.
Computer
ldap = ...
print("Result:", ldap.object_detail(
object_category="computer",
attr_name="sAMAccountName",
attr_value="value",
returned_attrs_collection=["description", "sAMAccountName", "mail", "distinguishedName"]
))
# Result: {
# 'operatingSystem': None,
# 'sAMAccountName': 'value',
# 'whenCreated': datetime.datetime(...),
# 'lastLogon': None,
# 'cn': '...'
# }
Group
ldap = ...
print("Result:", ldap.object_detail(
object_category="group",
attr_name="sAMAccountName",
attr_value="value",
returned_attrs_collection=["description", "sAMAccountName", "mail", "distinguishedName"]
))
# Result: {'mail': None, 'sAMAccountName': 'value', 'description': '...', 'distinguishedName': '...', 'cn': '...'}
Person
ldap = ...
# Unique value
print("Result:", ldap.object_detail(
object_category="person",
attr_name="sAMAccountName",
attr_value="unique_value",
returned_attrs_collection=["sAMAccountName", "mail", "employeeNumber"]
))
# Result: {'mail': '...', 'sAMAccountName': 'unique_value', 'employeeNumber': '...'}
print("Result", ldap.object_detail(
object_category="person",
attr_name="sn",
attr_value="value",
returned_attrs_collection=["sAMAccountName", "mail", "employeeNumber"]
))
# WARNING:root:@ LDAP Object Detail @ - 'ObjectCategory: `person`, AttrName: `sn`, Value: `value`' \
# - More than one LDAP Object were found. Use attributes with unique values.
# Result: (
# {'mail': '...', 'employeeNumber': '...', 'sAMAccountName': '...', 'sn': 'value'},
# {'mail': '...', 'employeeNumber': '...', 'sAMAccountName': '...', 'sn': 'value'}
# )
Object Read
Reading object attributes by category and distinguishedName
attribute value.
returned_attrs_collection: Iterable[str] = None
- Override the collection of returned attributes (Default: All attributes).
ldap = ...
print("Result:", ldap.object_read(
object_category=["top", "person", "user"],
dn="CN=Any-LDAP-Account,OU=_Users,DC=example,DC=com",
returned_attrs_collection=[
"objectClass", "description", "sAMAccountName", "name", "objectGUID"
]
))
# Result: {
# 'objectClass': ['top', 'person', 'organizationalPerson', 'user'],
# 'description': None,
# 'name': '...',
# 'objectGUID': '{...-...-...-...-...}',
# 'sAMAccountName': '...'
# }
Objects Search
object_category
- Three categories are expected: Computer
, Group
or Person
.
Predefined list of attributes for Person (User) search
-
Category: Person
cn
employeeNumber
ipPhone
mail
mobile
sAMAccountName
Predefined list of returned attributes
-
Category: Computer
cn
operatingSystem
operatingSystemVersion
whenChanged
whenCreated
-
Category: Group
distinguishedName
mail
sAMAccountName
whenChanged
whenCreated
-
Category: Person
department
displayName
employeeNumber
ipPhone
mail
mobile
sAMAccountName
title
userAccountControl
whenChanged
whenCreated
Category searching:
Computer
- wildcard:*value*
Group
- wildcard:*value*
Person
- wildcard:value*
Optional method arguments:
order_by: str = "sAMAccountName"
- Sorting by a specific attribute. Default valuesAMAccountname
. The attribute will be added automatically if it's missing from the collection of returned attributes.search_by_attrs_collection: Iterable[str] = None
- Override the predefined list for Person (User) search.returned_attrs_collection: Iterable[str] = None
- Override the predefined list of returned attributes.
Computer
ldap = ...
print("Result:", ldap.objects_search(
object_category="computer",
attr_value="value",
returned_attrs_collection=["cn", "lastLogon", "operatingSystem"]
))
# Result: (
# {'sAMAccountName': '...', 'cn': 'value', 'lastLogon': datetime.datetime(...), 'operatingSystem': '...'},
# ...,
# {'sAMAccountName': '...', 'cn': 'value', 'lastLogon': None, 'operatingSystem': '...'},
# )
Group
ldap = ...
print("Result:", ldap.objects_search(
object_category="group",
attr_value="value",
returned_attrs_collection=["sAMAccountName", "distinguishedName"]
))
# Result: (
# {'distinguishedName': 'CN=...', 'sAMAccountName': 'value'},
# ...,
# {'distinguishedName': 'CN=...', 'sAMAccountName': 'value'},
# )
Person
ldap = ...
print("Result", ldap.objects_search(
object_category="person",
attr_value="value",
order_by="displayName",
returned_attrs_collection=["mail"]
))
# Result: ({'mail': None, 'displayName': '...'}, ..., {'mail': '...', 'displayName': '...'}
Person Auth
login
- Expected value of the userPrincipalName
attribute.
Predefined list of returned attributes:
"cn"
,"employeeNumber"
,"ipPhone"
,"mail"
,"mobile"
,"userPrincipalName"
,"sAMAccountName"
,
Optional method arguments:
returned_attrs_collection: Iterable[str] = None
- Override the predefined list of returned attributes.
ldap = ...
print(ldap.person_auth(
login="login@example.com",
password="***",
))
# Result Auth Pass:
# (
# True,
# {
# 'ipPhone': '...',
# 'userPrincipalName': 'login@example.com',
# 'mobile': '...',
# 'employeeNumber': '...',
# 'mail': '...',
# 'cn': '...',
# 'sAMAccountName': '...'
# }
# )
# Result Auth Failed:
# (
# False,
# {
# 'result': 49,
# 'description': 'invalidCredentials',
# 'dn': '',
# 'message': '80090308: LdapErr: DSID-0C09056B, comment: AcceptSecurityContext error, data 52e, v4f7c\x00',
# 'referrals': None,
# 'saslCreds': None,
# 'type': 'bindResponse'
# }
# )
Customization
Overriding _search_limit
instance attributes:
from tinyLDAP3 import tinyLDAP3Client
class tinyLDAP3Custom(tinyLDAP3Client):
def __init__(self, **kwargs):
super().__init__(**kwargs)
self._search_limit = 1000
License
Distributed under the MIT License. See LICENSE
for more information.
Contact
Luarvick - lu.luarvick@gmail.com
Project Link: https://github.com/luarvick/tinyLDAP3
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for tinyLDAP3-0.2.5-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 07d89e03a6d784c20cb88b2130d861f3dcb043401e1526865cec8a34822f966d |
|
MD5 | f8c3f6ff5774446f4972075501a9f139 |
|
BLAKE2b-256 | cacea0b0f8b44140577eee986d638a6e7ec1b225bb44408d19e3f2b04d54f4a8 |