Recently made a single sign-on system that uses OPENLDAP to store user and group information. Encapsulates an operation class for LDAP. LDAP This thing is still quite complicated, used to forget it. If you don't know what LDAP is, move your mouse to the upper-right corner of your browser, move your Mac system to the upper-left corner, and tap the fork. Oh......
#-*- coding: utf-8 -*-import sys,ldapimport ldapldap_host = ' 10.10.10.10 ' user = ' cn=admin,dc=gccmx,dc=cn ' password = ' yourpass ' base_dn = ' DC=GCCMX,DC=CN ' Class ldaptool: def __init__ (self,ldap_host= None,base_dn=none,user=none,password=none): if not Ldap_host: ldap_host = ldap_ host if not base_dn: self.base_dn = BASE_DN if not user: user = USER if not password: password = password try: self.ldapconn = Ldap.open (ldap_host) Self.ldapconn.simple_bind (User,password) except ldap. ldaperror,e: print e # The DN of the user is retrieved based on the user name submitted by the form, and a DN is equivalent to a record in the database. #在ldap里类似cn =USERNAME,OU=USERS,DC=GCCMX,DC=CN, verify the user password, you must first retrieve the DN    DEF LDAP_SEARCH_DN ( Self,uid=none): obj = self.ldapconn obj.protocal_version = ldap. Version3 searchscope = ldap. scope_subtree retrieveattributes = none searchfilter = "cn=" + uid try: ldap_result_id = obj.search ( Self.base_dn, searchscope, searchfilter, retrieveattributes) result_type, result_data = obj.result (ldap_result_id, 0) #返回数据格式 # (' CN=DJANGO,OU=USERS,DC=GCCMX,DC=CN ',# { ' objectClass ': [' InetOrgPerson ', ' top '],# ' userpassword ': [' { md5}luesgjzetyyspundwjmbeg== '],# ' cn ': [' Django '], ' SN ': [' Django '] } ) # if result_type&nbsP;== ldap. res_search_entry: #dn = result[0][0] return result_data[0][0] else: return none except ldap. ldaperror, e: print e #查询用户记录, return the information you need def ldap_get_user (Self,uid=none): obj = Self.ldapconn obj.protocal_version = ldap. version3 &Nbsp;searchscope = ldap. scope_subtree retrieveattributes = none searchFilter = "cn=" + uid try: ldap_ Result_id = obj.search (Self.base_dn, searchscope, searchfilter, retrieveattributes) result_type, result_data = obj.result (ldap_result_id, 0) if result_type == ldap. res_search_entry: username = result_data[0][1][' CN '][0] email = result_data[0][1][' Mail '][0] nick = result_data[0][1][' SN '][0] result = {' username ': username, ' email ': email, ' Nick ': Nick} return result else: return None except ldap. ldaperror, e: print e #用户验证, searches for LDAP based on the user name and password passed in, returns a Boolean value Def ldap_get_vaild (self,uid=none,passwd=none): obj = self.ldapconn target_cn = SELF.LDAP_SEARCH_DN (UID) try: if obj.simple_bind_s (TARGET_CN,PASSWD): return true else: return False except ldap. ldaperror,e: print e# Modify User Password def ldap_update_pass (Self,uid=none,oldpass=none,newpass=none): modify_entry = [(LDAP. Mod_replace, ' UserPassword ', Newpass)] obj = self.ldapconn   TARGET_CN = SELF.LDAP_SEARCH_DN (UID) try: obj.simple_bind_s (Target_cn,oldpass) obj.passwd_s (Target_cn,oldpass,newpass) return true except ldap. Ldaperror,e: return false
This article is from the "Candle Shadow Red" blog, be sure to keep this source http://gccmx.blog.51cto.com/479381/1612524
Python operation LDAP Implementation user unified authentication Password modification function
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
