Python operation LDAP Implementation user unified authentication Password modification function

Source: Internet
Author: User
Tags ldap

Recently made a single sign-on system that uses OPENLDAP to store user and group information. Encapsulates an operation class for LDAP. LDAP This thing is still quite complicated, used to forget it. If you don't know what LDAP is, move your mouse to the upper-right corner of your browser, move your Mac system to the upper-left corner, and tap the fork. Oh......

#-*- coding: utf-8 -*-import sys,ldapimport ldapldap_host =  ' 10.10.10.10 ' user =  ' cn=admin,dc=gccmx,dc=cn ' password =  ' yourpass ' base_dn =  ' DC=GCCMX,DC=CN ' Class ldaptool:         def __init__ (self,ldap_host= None,base_dn=none,user=none,password=none):        if not  Ldap_host:            ldap_host = ldap_ host        if not base_dn:             self.base_dn = BASE_DN         if not user:            user  = USER        if not password:             password = password         try:            self.ldapconn =  Ldap.open (ldap_host)              Self.ldapconn.simple_bind (User,password)         except ldap. ldaperror,e:            print e # The DN of the user is retrieved based on the user name submitted by the form, and a DN is equivalent to a record in the database. #在ldap里类似cn =USERNAME,OU=USERS,DC=GCCMX,DC=CN, verify the user password, you must first retrieve the DN    DEF LDAP_SEARCH_DN ( Self,uid=none):        obj = self.ldapconn         obj.protocal_version = ldap. Version3        searchscope = ldap. scope_subtree        retrieveattributes = none        searchfilter =  "cn="  + uid                 try:             ldap_result_id = obj.search ( Self.base_dn, searchscope, searchfilter, retrieveattributes)              result_type, result_data = obj.result (ldap_result_id,  0) #返回数据格式 # (' CN=DJANGO,OU=USERS,DC=GCCMX,DC=CN ',#    {   ' objectClass ':  [' InetOrgPerson ',  ' top '],#         ' userpassword ':  [' { md5}luesgjzetyyspundwjmbeg== '],#         ' cn ':  [' Django '],  ' SN ':  [' Django ']  }  ) #             if result_type&nbsP;== ldap. res_search_entry:                  #dn  = result[0][0]                 return result_data[0][0]             else:                 return none        except ldap. ldaperror, e:            print e              #查询用户记录, return the information you need     def  ldap_get_user (Self,uid=none):        obj =  Self.ldapconn        obj.protocal_version = ldap. version3       &Nbsp;searchscope = ldap. scope_subtree        retrieveattributes = none         searchFilter =  "cn="  + uid         try:            ldap_ Result_id = obj.search (Self.base_dn, searchscope, searchfilter, retrieveattributes)             result_type, result_data =  obj.result (ldap_result_id, 0)              if result_type == ldap. res_search_entry:                 username = result_data[0][1][' CN '][0]                 email = result_data[0][1][' Mail '][0]                 nick = result_data[0][1][' SN '][0]                 result = {' username ': username, ' email ': email, ' Nick ': Nick}                 return  result            else:                 return None         except ldap. ldaperror, e:            print e           #用户验证, searches for LDAP based on the user name and password passed in, returns a Boolean value      Def ldap_get_vaild (self,uid=none,passwd=none):         obj = self.ldapconn        target_cn =  SELF.LDAP_SEARCH_DN (UID)             try:             if obj.simple_bind_s (TARGET_CN,PASSWD):                 return  true            else:                 return False         except ldap. ldaperror,e:            print e# Modify User Password      def ldap_update_pass (Self,uid=none,oldpass=none,newpass=none):         modify_entry = [(LDAP. Mod_replace, ' UserPassword ', Newpass)]        obj = self.ldapconn         TARGET_CN = SELF.LDAP_SEARCH_DN (UID)                try:             obj.simple_bind_s (Target_cn,oldpass)              obj.passwd_s (Target_cn,oldpass,newpass)              return true        except ldap. Ldaperror,e:            return false


This article is from the "Candle Shadow Red" blog, be sure to keep this source http://gccmx.blog.51cto.com/479381/1612524

Python operation LDAP Implementation user unified authentication Password modification function

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.