def _search(cls, users, attr_idx):
"""Search LDAP directory for the indexed attr for users.
Attr index can be UID_IDX, CN_IDX or MAIL_IDX.
Return a list containing the results.
"""
conf = ResourceLocator.default().get_conf()
uri = conf.get_value(["rosa-ldap", "uri"])
binddn = conf.get_value(["rosa-ldap", "binddn"])
passwd = ""
passwd_file = conf.get_value(["rosa-ldap", "password-file"],
cls.PASSWD_FILE)
if passwd_file:
passwd = open(os.path.expanduser(passwd_file)).read().strip()
basedn = conf.get_value(["rosa-ldap", "basedn"], "")
filter_str = "(|(uid=" + ")(uid=".join(users) + "))"
filter_more_str = conf.get_value(["rosa-ldap", "filter-more"], "")
if filter_more_str:
filter_str = "(&" + filter_str + filter_more_str + ")"
user_attr_str = conf.get_value(["rosa-ldap", "attrs"], cls.USER_ATTRS)
attr = user_attr_str.split()[attr_idx]
tls_ca_file = conf.get_value(["rosa-ldap", "tls-ca-file"])
if tls_ca_file:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, tls_ca_file)
conn = ldap.initialize(uri)
conn.bind_s(binddn, passwd)
results = conn.search_s(basedn, ldap.SCOPE_SUBTREE, filter_str, [attr])
conn.unbind()
return [result[1][attr][0] for result in results]
def initialize(self): try: self.ld = ldap.initialize(self.ldapserver) self.ld.protocol_version = ldap.VERSION3 retcode = True except: retcode = False return retcode
def TestarCredenciais(self): # desconsiderar metodo, apenas testes
try:
# build a client
ldap_client = ldap.initialize(self.LDAP_SERVER)
# perform a synchronous bind
ldap_client.set_option(ldap.OPT_REFERRALS, 0)
ldap_client.simple_bind_s(self.LDAP_USERNAME, self.LDAP_PASSWORD)
ldap_client.unbind()
return 's'
except ldap.INVALID_CREDENTIALS:
ldap_client.unbind()
return 'i'
except ldap.SERVER_DOWN:
return 'n'
def __init__(self, srv, ldapsrv, return_to,
dn_pattern, mako_template, template_lookup):
"""
:param srv: The server instance
:param ldapsrv: Which LDAP server to us
:param return_to: Where to send the user after authentication
:return:
"""
UsernamePasswordMako.__init__(self, srv, mako_template, template_lookup,
None, return_to)
self.ldap = ldap.initialize(ldapsrv)
self.ldap.protocol_version = 3
self.ldap.set_option(ldap.OPT_REFERRALS, 0)
self.dn_pattern = dn_pattern
def __init__(self, host='localhost', port="389", base_dn="",
bind_dn_username="", bind_dn_password="",
require_group=None, ssl=False):
"""Contruct the connection.
Assumes plaintext LDAP.
Args:
host -- hostname or IP of the LDAP server
port -- Port to connect to for LDAP auth
base_dn -- The base DN to start searching for users
bind_dn_username -- username to user for binding to LDAP
bind_dn_password -- bind_dn_username's password
require_group -- User must be a member of this group to login
ssl -- connect using SSL or not
"""
self.error = ""
self.host = host
self.base_dn = base_dn
self.bind_dn = bind_dn_username
self.bind_pw = bind_dn_password
self.require_group = require_group
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, False)
ldap.set_option(ldap.OPT_REFERRALS, 0)
self.authenticated_user = None
self.authenticated_dn = None
self.authsource = "Active Directory on {}".format(base_dn)
self.ldap_url = ''.join([
(ssl and "ldaps://") or "ldap://",
self.host,
(port and ":{}".format(port)) or ''
])
# attempt to connect and bind to the server
try:
self.con = ldap.initialize(self.ldap_url)
if ssl:
self.con.start_tls_s()
self.con.simple_bind_s(self.bind_dn, self.bind_pw)
except ldap.INVALID_CREDENTIALS:
self.error = "Could not bind to server {}.".format(self.host)
if self.bind_dn is not None:
self.error += "as " + self.bind_dn
self.con = False
except ldap.SERVER_DOWN:
self.error = "Could not make connection to {}.".format(self.host)
def Login(self):
try:
l=ldap.initialize(self.LDAP_SERVER)
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s(self.LDAP_USERNAME, self.LDAP_PASSWORD)
user_filter = '(name=%s)' %self.username
base_dn = self.base
res = l.search_ext_s(base_dn, ldap.SCOPE_SUBTREE, user_filter, ['displayName', 'memberof'])
l.unbind()
try:
return res[0]
except:
return 'o' # Usuario fora do escopo permitido
except ldap.INVALID_CREDENTIALS:
l.unbind()
return 'i' # Credenciais Invalidas
except ldap.SERVER_DOWN:
return 'n' # Servidor não encotrado
def ListaAlunos(self):
try:
l = ldap.initialize(self.LDAP_SERVER)
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s(self.LDAP_USERNAME, self.LDAP_PASSWORD)
user_filter = '(memberof=CN=G_PARAISO_DO_TOCANTINS_ALUNOS_BOLSISTAS, CN=Users,DC=ifto,DC=local)'
#user_filter = '(groupMembership=cn=G_PARAISO_DO_TOCANTINS_ALUNOS_BOLSISTAS,ou=Groups,o=CUST)' #'(&(objectCategory=user)(objectClass=user)(memberOf=name=G_ADMINS_AD_IFTO))'
base_dn = self.base
res = l.search_ext_s(
base_dn, ldap.SCOPE_SUBTREE, user_filter,
['description', 'mail', 'sAMAccountName', 'displayName'])
l.unbind()
return res
except ldap.INVALID_CREDENTIALS:
l.unbind()
return 'i'
except ldap.SERVER_DOWN:
return 'n'
def __init__(self, host='localhost',
port="389", bind_dn="",
bind_pw="", require_group=None,
ssl=False):
"""Contruct an eDirectory connection object.
Assumes plaintext LDAP.
Args:
host -- The hostname or IP of the directory server
port -- The port number to connect to
bind_dn -- A DN (username) to bind to the directory as
bind_pw -- The bind_dn's password
require_group -- Require membership in this group for login
ssl -- Connect using SSL or not
"""
self.error = ""
self.host = host
self.bind_dn = bind_dn
self.bind_pw = bind_pw
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, False)
self.authenticated_user = None
self.authenticated_dn = None
self.authsource = "Novell eDirectory on " + host
self.require_group = require_group
self.ldap_url = ''.join([
(ssl and "ldaps://") or "ldap://",
self.host,
(port and ":{}".format(port)) or ''
])
# attempt to connect to the server
try:
self.con = ldap.initialize(self.ldap_url)
if ssl:
self.con.start_tls_s()
self.con.simple_bind_s(self.bind_dn, self.bind_pw)
except ldap.INVALID_CREDENTIALS:
self.error = "Could not bind to server {}.".format(self.host)
if self.bind_dn is not None:
self.error += "as %s" % self.bind_dn
self.con = False
except ldap.SERVER_DOWN:
self.error = "Could not make connection to {}.".format(self.host)
def PrimeiroLogin(self, Username, Password, Dominio, Endservidor):
# servidor ad
LDAP_SERVER = 'ldap://%s' % Endservidor
# nome completo do usuario no AD
LDAP_USERNAME = Username+ '@'+ Dominio
# sua senha
LDAP_PASSWORD = Password
try:
l=ldap.initialize(LDAP_SERVER)
l.set_option(ldap.OPT_REFERRALS, 0)
l.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
user_filter = '(name=%s)' %Username
res = l.search_ext_s(self.base, ldap.SCOPE_SUBTREE, user_filter, ['displayName', 'memberof'])
l.unbind()
return res[0]
except ldap.INVALID_CREDENTIALS:
l.unbind()
return 'i'
except ldap.SERVER_DOWN:
return 'n'
import ldap3
uri = "avworld"
user = "******"
password = "******"
ldapClient = ldap3.initialize(uri)
ldapClient.set_option(ldap3.OPT_REFERRALS, 0)
ldapClient.bind(user, password)
results = ldapClient.search_s("cn=My-Group-1,ou=Groups,o=CUST",
ldap3.SCOPE_BASE)
for result in results:
result_dn = result[0]
result_attrs = result[1]
if "member" in result_attrs:
for member in result_attrs["member"]:
print(member)
ldapClient.unbind_s()
import ldap3
uri = "avworld"
user = "******"
password = "******"
ldapClient = ldap3.initialize(uri)
ldapClient.set_option(ldap3.OPT_REFERRALS, 0)
ldapClient.bind(user, password)
results = ldapClient.search_s("cn=My-Group-1,ou=Groups,o=CUST", ldap3.SCOPE_BASE)
for result in results:
result_dn = result[0]
result_attrs = result[1]
if "member" in result_attrs:
for member in result_attrs["member"]:
print(member)
ldapClient.unbind_s()