封装了一个python的ldap常用操作类
首先pip装库
pip install python-ldap
然后开始代码部分
# -*- coding:utf-8 -*-
from __future__ import absolute_import
import binascii
import hashlib
from base64 import b64encode
import ldap
import ldap.modlist as modlist
from common.common import log
class MyLdap():
def __init__(self,ldap_host=None,base_dn=None,user=None,password=None):
self.base_dn = base_dn
self.ldap_host = ldap_host
self.user = user
self.password = password
try:
self.ldapconn = ldap.initialize(ldap_host)
self.ldapconn.simple_bind(user,password)
except ldap.LDAPError,e:
log().error(str(e))
print e
@property
def status(self):
'''
验证初始化ldap账号密码,以及ldap地址是否正确
'''
ldap_client = ldap.initialize(self.ldap_host)
try:
ldap_client.simple_bind_s(self.user, self.password)
ldap_client.unbind_s()
return {"status":True}
except Exception as e:
log().error(str(e))
return {"status":False, "msg":"ldap初始化管理员账号密码或ldap地址有误,详情:{0}".format(str(e))}
def _ldap_search_dn(self,uid=None):
obj = self.ldapconn
obj.protocal_version = ldap.VERSION3
searchScope = ldap.SCOPE_SUBTREE
retrieveAttributes = None
searchFilter = "cn=" + uid
try:
ldap_result_id = obj.search(self.base_dn, searchScope, searchFilter, retrieveAttributes)
result_type, result_data = obj.result(ldap_result_id, 0)
if result_type == ldap.RES_SEARCH_ENTRY:
return result_data[0][0]
else:
return None
except ldap.LDAPError, e:
log().error(str(e))
def ldap_get_user(self,uid=None):
'''
获取ldap用户详情,失败返None
'''
obj = self.ldapconn
obj.protocal_version = ldap.VERSION3
searchScope = ldap.SCOPE_SUBTREE
retrieveAttributes = None
searchFilter = "cn=" + uid
try:
ldap_result_id = obj.search(self.base_dn, searchScope, searchFilter, retrieveAttributes)
result_type, result_data = obj.result(ldap_result_id, 0)
if result_type == ldap.RES_SEARCH_ENTRY:
username = result_data[0][1]['cn'][0]
mail = result_data[0][1]['mail'][0]
displayName = result_data[0][1]['displayName'][0]
sn = result_data[0][1]['sn'][0]
result = {'username':username,'mail':mail,'displayName':displayName, 'sn':sn}
return result
else:
return None
except ldap.LDAPError, e:
log().error(str(e))
def ldap_get(self,uid=None,passwd=None):
'''
验证ldap账号密码,成功返True,失败返False
'''
target_cn = self._ldap_search_dn(uid)
if not target_cn:
return False
try:
client = ldap.initialize(self.ldap_host)
client.simple_bind_s(target_cn,passwd)
client.unbind_s()
return True
except ldap.LDAPError,e:
log().error(str(e))
return False
def cnupdatepass(self, cn, passwd):
'''
更改ldap密码,成功返True,失败返error
'''
dn='cn={0},{1}'.format(cn, self.base_dn)
try:
result=self.ldapconn.search_s(dn, ldap.SCOPE_SUBTREE, 'cn=%s' % cn)
oldpass=result[0][1]['userPassword']
oldwifipass=result[0][1]['sambaNTPassword']
newpass='{MD5}' + b64encode(hashlib.md5(passwd).digest())
wifipass=binascii.hexlify(hashlib.new('md4', passwd.encode('utf-16le')).digest())
old={'userPassword':oldpass,'sambaNTPassword': oldwifipass}
new={"sambaNTPassword": [wifipass],"userPassword":[newpass]}
mlist = modlist.modifyModlist(old, new)
self.ldapconn.modify_s(dn, mlist)
return {"status":True}
except ldap.LDAPError as e:
log().error(str(e))
return {"status":False, "msg":"ldap更改密码错误,详情: {0}".format(str(e))}
使用时
ldap_client = MyLdap(ldap_url, base_dn, admin, password)
代码注释已经写的很清楚了感觉,不再写详情了,本文做个备忘