def paged_search_iter(self, filter, attrs=None):
# Test for version 2.3 API
try:
lc = SimplePagedResultsControl \
(ldap.LDAP_CONTROL_PAGE_OID, True, (self.page_size, ''))
api_version = 3
except AttributeError:
# New version 2.4 API
lc = SimplePagedResultsControl \
(True, size = self.page_size, cookie = '')
sc = \
{ SimplePagedResultsControl.controlType :
SimplePagedResultsControl
}
api_version = 4
res = self.ldcon.search_ext \
( self.cfg.LDAP_BASE_DN
, ldap.SCOPE_SUBTREE
, filter
, attrlist = attrs
, serverctrls = [lc]
)
while True:
params = (res, )
if api_version == 3:
rtype, rdata, rmsgid, serverctrls = self.ldcon.result3(res)
pctrls = \
[c for c in serverctrls
if c.controlType == ldap.LDAP_CONTROL_PAGE_OID
]
else:
rtype, rdata, rmsgid, serverctrls = self.ldcon.result3 \
(res, resp_ctrl_classes = sc)
pctrls = \
[c for c in serverctrls
if c.controlType == SimplePagedResultsControl.controlType
]
for r in rdata:
if not r[0]:
continue
r = LDAP_Search_Result(r)
yield r
if pctrls:
if api_version == 3:
x, cookie = pctrls[0].controlValue
lc.controlValue = (self.page_size, cookie)
else:
cookie = pctrls[0].cookie
lc.cookie = cookie
if not cookie:
break
res = self.ldcon.search_ext \
( self.cfg.LDAP_BASE_DN
, ldap.SCOPE_SUBTREE
, filter
, attrs
, serverctrls = [lc]
)
else:
break
def _PagedAsyncSearch(ldap_conn, sizelimit, base_dn, scope, filterstr="(objectClass=*)", attrlist=None):
""" Helper function that implements a paged LDAP search for
the Search method below.
Args:
ldap_conn: our OMLdapConnection object
sizelimit: max # of users to return.
filterstr: LDAP filter to apply to the search
attrlist: list of attributes to return. If null, all attributes
are returned
Returns:
A list of users as returned by the LDAP search
"""
# Time to autodetect our library's API, because python-ldap's API intoduced
# breaking changes between versions 2.3 and 2.4.
use_old_paging_api = False
if hasattr(ldap, "LDAP_CONTROL_PAGE_OID"):
use_old_paging_api = True
paged_results_control = SimplePagedResultsControl(
controlType=ldap.LDAP_CONTROL_PAGE_OID, criticality=True, controlValue=(_PAGE_SIZE, "")
)
page_ctrl_oid = ldap.LDAP_CONTROL_PAGE_OID
else:
paged_results_control = SimplePagedResultsControl(criticality=True, size=_PAGE_SIZE, cookie="")
page_ctrl_oid = ldap.controls.SimplePagedResultsControl.controlType
logging.debug("Paged search on %s for %s", base_dn, filterstr)
users = []
ix = 0
while True:
if _PAGE_SIZE == 0:
serverctrls = []
else:
serverctrls = [paged_results_control]
msgid = ldap_conn.conn.search_ext(base_dn, scope, filterstr, attrlist=attrlist, serverctrls=serverctrls)
res = ldap_conn.conn.result3(msgid=msgid)
unused_code, results, unused_msgid, serverctrls = res
for result in results:
ix += 1
users.append(result)
if sizelimit and ix >= sizelimit:
break
if sizelimit and ix >= sizelimit:
break
cookie = None
for serverctrl in serverctrls:
if serverctrl.controlType == page_ctrl_oid:
if use_old_paging_api:
unused_est, cookie = serverctrl.controlValue
if cookie:
paged_results_control.controlValue = (_PAGE_SIZE, cookie)
else:
cookie = paged_results_control.cookie = serverctrl.cookie
break
if not cookie:
break
return users
def ldap_search_paged(l, basedn, scope, filter, attributes, timeout, page_size):
# FIXME: untested
from ldap.controls import SimplePagedResultsControl
lc = SimplePagedResultsControl(
ldap.LDAP_CONTROL_PAGE_OID, True, (page_size,'')
)
# Send search request
result_id = l.search_ext(basedn, scope, filter, attributes, serverctrls=[lc])
pages = 0
while True:
pages += 1
log.debug('Getting page %d', pages)
result_type, result_data, result_msgid, serverctrls = l.result3(result_id)
log.debug('%d results', len(result_data))
if not result_data:
break
pctrls = [c for c in serverctrls if c.controlType == ldap.LDAP_CONTROL_PAGE_OID]
if pctrls:
est, cookie = pctrls[0].controlValue
if cookie:
lc.controlValue = (page_size, cookie)
result_id = l.search_ext(basedn, scope, filter, attributes, serverctrls=[lc])
else:
break
else:
log.warn('Server ignores RFC 2696 control.')
break
def create_ldif_from_master(lo, ldif_file, base, page_size):
"""
create ldif file from everything from lo
"""
logging.info('Fetching LDIF ...')
if ldif_file == '-':
output = sys.stdout
else:
if os.path.isfile(ldif_file):
os.unlink(ldif_file)
output = gzip.open(ldif_file, 'wb')
if hasattr(ldap, 'LDAP_CONTROL_PAGE_OID'): # python-ldap <= 2.3
logging.debug('Using old python-ldap 2.3 API')
api24 = False
lc = SimplePagedResultsControl(controlType=ldap.LDAP_CONTROL_PAGE_OID,
criticality=True,
controlValue=(page_size, ''))
page_ctrl_oid = ldap.LDAP_CONTROL_PAGE_OID
else: # python-ldap >= 2.4
logging.debug('Using new python-ldap 2.4 API')
api24 = True
lc = SimplePagedResultsControl(criticality=True,
size=page_size,
cookie='')
page_ctrl_oid = lc.controlType
while True:
msgid = lo.lo.search_ext(base,
ldap.SCOPE_SUBTREE,
'(objectclass=*)', ['+', '*'],
serverctrls=[lc])
rtype, rdata, rmsgid, serverctrls = lo.lo.result3(msgid)
for dn, data in rdata:
logging.debug('Processing %s ...', dn)
for attr in replication.EXCLUDE_ATTRIBUTES:
data.pop(attr, None)
output.write(ldif.CreateLDIF(dn, data, cols=10000))
pctrls = [c for c in serverctrls if c.controlType == page_ctrl_oid]
if pctrls:
if api24:
cookie = lc.cookie = pctrls[0].cookie
else:
_est, cookie = pctrls[0].controlValue
lc.controlValue = (page_size, cookie)
if not cookie:
break
else:
logging.warning(
"Server ignores RFC 2696 Simple Paged Results Control.")
break
output.close()
def paged_search_ext_s(self,
base,
scope,
filterstr='(objectClass=*)',
attrlist=None,
attrsonly=0,
serverctrls=None,
clientctrls=None,
timeout=30,
sizelimit=0):
use_old_paging_api = False
if hasattr(ldap, 'LDAP_CONTROL_PAGE_OID'):
use_old_paging_api = True
lc = SimplePagedResultsControl(ldap.LDAP_CONTROL_PAGE_OID, True,
(self.page_size, ''))
page_ctrl_oid = ldap.LDAP_CONTROL_PAGE_OID
else:
lc = ldap.controls.libldap.SimplePagedResultsControl(
size=self.page_size, cookie='')
page_ctrl_oid = ldap.controls.SimplePagedResultsControl.controlType
msgid = self.search_ext(base,
scope,
filterstr,
attrlist=attrlist,
serverctrls=[lc])
pages = 0
all_results = []
while True:
pages += 1
rtype, rdata, rmsgid, serverctrls = self.result3(msgid)
all_results.extend(rdata)
pctrls = [c for c in serverctrls if c.controlType == page_ctrl_oid]
if pctrls:
if use_old_paging_api:
est, cookie = pctrls[0].controlValue
lc.controlValue = (self.page_size, cookie)
else:
cookie = lc.cookie = pctrls[0].cookie
if cookie:
msgid = self.search_ext(base,
ldap.SCOPE_SUBTREE,
filterstr,
attrlist=attrlist,
serverctrls=[lc])
else:
break
else:
raise ldap.LDAPError
return all_results
def paged_search(self, base, sfilter, attrlist, scope='subtree', page_size=1000):
if scope == 'one':
_scope = ldap.SCOPE_ONELEVEL
else:
_scope = ldap.SCOPE_SUBTREE
lc = SimplePagedResultsControl(
ldap.LDAP_CONTROL_PAGE_OID,True,(page_size,'')
)
# Send search request
msgid = self.l.search_ext(
base,
_scope,
sfilter,
attrlist=attrlist,
serverctrls=[lc]
)
results = []
pages = 0
while True:
pages += 1
#print "Getting page %d" % (pages,)
rtype, rdata, rmsgid, serverctrls = self.l.result3(msgid)
#print '%d results' % len(rdata)
for dn,data in rdata:
_r = data
_r['dn'] = dn
results.append(_r)
#results += [i[0] for i in rdata]
#pprint.pprint(rdata[0])
pctrls = [
c
for c in serverctrls
if c.controlType == ldap.LDAP_CONTROL_PAGE_OID
]
if pctrls:
est, cookie = pctrls[0].controlValue
if cookie:
lc.controlValue = (page_size, cookie)
msgid = l.search_ext(
base,
_scope,
sfilter,
attrlist=attrlist,
serverctrls=[lc]
)
else:
break
else:
print "Warning: Server ignores RFC 2696 control."
break
return results
def _paged_search(self, base_dn, scope, search_filter, attrs):
conn = self.connect()
# Get paged results to prevent exceeding server size limit
page_size = 1000
if PYTHON_LDAP_24:
lc = SimplePagedResultsControl(size=page_size, cookie='')
else:
lc = SimplePagedResultsControl(LDAP_CONTROL_PAGED_RESULTS,
True,
(page_size, ''),)
is_last_page = False
results = []
while not is_last_page:
msgid = conn.search_ext(base_dn,
scope,
search_filter,
attrs,
serverctrls=[lc])
rtype, rdata, rmsgid, serverctrls = conn.result3(msgid)
pctrls = [c for c in serverctrls
if c.controlType == LDAP_CONTROL_PAGED_RESULTS]
results.extend(rdata)
if pctrls:
if PYTHON_LDAP_24:
cookie = pctrls[0].cookie
if cookie:
lc.cookie = cookie
else:
is_last_page = True
else:
cookie = pctrls[0].controlValue[1]
if cookie:
# lc.controlValue seems to have been mutable at some
# point, now it's a tuple.
cv = list(lc.controlValue)
cv[1] = cookie
lc.controlValue = tuple(cv)
else:
is_last_page = True
else:
is_last_page = True
if results:
# If the search returned an empty result, page controls
# aren't included - so don't produce a bogus warning
logger.warn(
"Server ignores paged results control (RFC 2696).")
return results
def paged_search(self, filterstr='(objectClass=*)', attrlist=None,
attrsonly=0, timeout=-1):
"""Searches Active Directory for a given search string.
Uses RFC 2696 paged results control to search AD. This comes into play when the search
yields more then ldap.SIZE_LIMIT results.
This search uses the LDAP_BASE value read from configuration. If there is need for
searching higher up in the AD tree then the configuration should be changed.
Args:
filterstr (str): The search term to look for in AD.
attrlist (list): List of attributes to get from AD. Defaults to all.
attrsonly (bool): Only gets attributes, not values.
timeout (int): Time the search waits for results before giving up.
Returns:
list: List with all results.
"""
#Simple paged results control to keep track of the search status
req_ctrl = SimplePagedResultsControl(ldap.LDAP_CONTROL_PAGE_OID, True,
(self.LDAP_PAGE_SIZE, ''))
#Send first search request
msgid = self.ldap.search_ext(self.LDAP_BASE, ldap.SCOPE_SUBTREE, filterstr=filterstr,
attrlist=attrlist, serverctrls=[req_ctrl], timeout=timeout)
all_results = []
while True:
rtype, rdata, rmsgid, rctrls = self.ldap.result3(msgid)
all_results.extend(rdata)
#Extract the simple paged results response control
pctrls = [c for c in rctrls if c.controlType == ldap.LDAP_CONTROL_PAGE_OID]
if pctrls:
est, cookie = pctrls[0].controlValue
if cookie:
#Copy cookie from response control to request control
req_ctrl.controlValue = (self.LDAP_PAGE_SIZE, cookie)
#Continue the search with updated request control
msgid = self.ldap.search_ext(self.LDAP_BASE, ldap.SCOPE_SUBTREE,
filterstr=filterstr, attrlist=attrlist, serverctrls=[req_ctrl],
timeout=timeout)
else:
break
else:
print("Warning: Server ignores RFC 2696 control.")
break
return all_results
def _PagedAsyncSearch(ldap_conn,
sizelimit,
base_dn,
scope,
filterstr='(objectClass=*)',
attrlist=None):
""" Helper function that implements a paged LDAP search for
the Search method below.
Args:
ldap_conn: our OMLdapConnection object
sizelimit: max # of users to return.
filterstr: LDAP filter to apply to the search
attrlist: list of attributes to return. If null, all attributes
are returned
Returns:
A list of users as returned by the LDAP search
"""
paged_results_control = SimplePagedResultsControl(
ldap.LDAP_CONTROL_PAGE_OID, True, (_PAGE_SIZE, ''))
logging.debug('Paged search on %s for %s', base_dn, filterstr)
users = []
ix = 0
while True:
if _PAGE_SIZE == 0:
serverctrls = []
else:
serverctrls = [paged_results_control]
msgid = ldap_conn.conn.search_ext(base_dn,
scope,
filterstr,
attrlist=attrlist,
serverctrls=serverctrls)
res = ldap_conn.conn.result3(msgid=msgid)
unused_code, results, unused_msgid, serverctrls = res
for result in results:
ix += 1
users.append(result)
if sizelimit and ix >= sizelimit:
break
if sizelimit and ix >= sizelimit:
break
cookie = None
for serverctrl in serverctrls:
if serverctrl.controlType == ldap.LDAP_CONTROL_PAGE_OID:
unused_est, cookie = serverctrl.controlValue
if cookie:
paged_results_control.controlValue = (_PAGE_SIZE, cookie)
break
if not cookie:
break
return users
def _PagedAsyncSearch(self, query, sizelimit, attrlist=None):
""" Helper function that implements a paged LDAP search for
the Search method below.
Args:
query: LDAP filter to apply to the search
sizelimit: max # of users to return.
attrlist: list of attributes to return. If null, all attributes
are returned
Returns:
A list of users as returned by the LDAP search
"""
if not self.IsUsingLdapLibThatSupportsPaging():
logging.error('Your version of python-ldap is too old to support '
'paged LDAP queries. Aborting search.')
return None
paged_results_control = SimplePagedResultsControl(
ldap.LDAP_CONTROL_PAGE_OID, True, (self.ldap_page_size, ''))
logging.debug('Paged search on %s for %s' % (self.ldap_base_dn, query))
users = []
ix = 0
while True:
if self.ldap_page_size == 0:
serverctrls = []
else:
serverctrls = [paged_results_control]
msgid = self.conn.search_ext(self.ldap_base_dn, ldap.SCOPE_SUBTREE,
query, attrlist=attrlist, serverctrls=serverctrls)
res = self.conn.result3(msgid=msgid, timeout=self.ldap_timeout)
unused_code, results, unused_msgid, serverctrls = res
for result in results:
ix += 1
users.append(result)
if sizelimit and ix >= sizelimit:
break
if sizelimit and ix >= sizelimit:
break
cookie = None
for serverctrl in serverctrls:
if serverctrl.controlType == ldap.LDAP_CONTROL_PAGE_OID:
unused_est, cookie = serverctrl.controlValue
if cookie:
paged_results_control.controlValue = (self.ldap_page_size, cookie)
break
if not cookie:
break
return users
def list_machines(self, name=None, attrs=None):
if attrs is None:
attrs = COMPUTER_ATTRS
oc_filter = '(objectclass=computer)'
desc = self.machine_description(name)
page_size = 64
lc = SimplePagedResultsControl(ldap.LDAP_CONTROL_PAGE_OID, True,
(page_size, ''))
conn = self.open()
msgid = conn.search_ext(desc,
ldap.SCOPE_SUBTREE,
oc_filter,
attrs,
serverctrls=[lc])
rval = {}
while True:
# (rtype, rdata, rmsgid, serverctrls)
_, rdata, _, serverctrls = conn.result3(msgid)
# Synthesize the machines into a simple form.
for machine in rdata:
if machine[0]:
for cn in machine[1]['cn']:
rval[cn.lower()] = machine[1]
# Read the next page of the result.
pctrls = [
c for c in serverctrls
if c.controlType == ldap.LDAP_CONTROL_PAGE_OID
]
if pctrls:
# (est, cookie)
_, cookie = pctrls[0].controlValue
if cookie:
lc.controlValue = (page_size, cookie)
msgid = conn.search_ext(desc,
ldap.SCOPE_SUBTREE,
oc_filter,
attrs,
serverctrls=[lc])
else:
break
return rval
def getEnabledAccountList (ldapHandle, fhandle): # define variables for query page_size = 1000 filter = "(&(sAMAccountName=*)(userAccountControl=" + str(ENA_NUM) + "))" attributeList = ['sAMAccountName', 'mail'] lc = SimplePagedResultsControl (ldap.LDAP_CONTROL_PAGE_OID, True, (page_size, "")) msgid = ldapHandle.search_ext ( BASE, SCOPE, filter, attributeList, serverctrls = [lc] ) pages = 0 while True: pages += 1 print "Getting page %d" % pages rtype, rdata, rmsgid, serverctrls = ldapHandle.result3 (msgid) print "%d results" % len (rdata) for pi in rdata: if (len (pi) == 2) and (type (pi[1]) is dict) and (len(pi[1]) == 2): #print pi #print pi[1] accName = pi[1]['sAMAccountName'][0] mail = pi[1]['mail'][0] if (accName + SUFFIX).lower() != mail.lower(): #fhandle.write (accName + "," + mail + "\n") print (accName + "," + mail + "\n") pctrls = [ c for c in serverctrls if c.controlType == ldap.LDAP_CONTROL_PAGE_OID ] if pctrls: est, cookie = pctrls[0].controlValue if cookie: lc.controlValue = (page_size, cookie) msgid = ldapHandle.search_ext (BASE, SCOPE, filter, attributeList, serverctrls=[lc]) else: break else: print "Warning" break
def _PagedAsyncSearch(ldap_conn, sizelimit, base_dn, scope, filterstr='(objectClass=*)', attrlist=None):
""" Helper function that implements a paged LDAP search for
the Search method below.
Args:
ldap_conn: our OMLdapConnection object
sizelimit: max # of users to return.
filterstr: LDAP filter to apply to the search
attrlist: list of attributes to return. If null, all attributes
are returned
Returns:
A list of users as returned by the LDAP search
"""
paged_results_control = SimplePagedResultsControl(
ldap.LDAP_CONTROL_PAGE_OID, True, (_PAGE_SIZE, ''))
logging.debug('Paged search on %s for %s', base_dn, filterstr)
users = []
ix = 0
while True:
if _PAGE_SIZE == 0:
serverctrls = []
else:
serverctrls = [paged_results_control]
msgid = ldap_conn.conn.search_ext(base_dn, scope,
filterstr, attrlist=attrlist, serverctrls=serverctrls)
res = ldap_conn.conn.result3(msgid=msgid)
unused_code, results, unused_msgid, serverctrls = res
for result in results:
ix += 1
users.append(result)
if sizelimit and ix >= sizelimit:
break
if sizelimit and ix >= sizelimit:
break
cookie = None
for serverctrl in serverctrls:
if serverctrl.controlType == ldap.LDAP_CONTROL_PAGE_OID:
unused_est, cookie = serverctrl.controlValue
if cookie:
paged_results_control.controlValue = (_PAGE_SIZE, cookie)
break
if not cookie:
break
return users
def ldap_search_paged(l, basedn, scope, filter, attributes, timeout,
page_size):
# FIXME: untested
from ldap.controls import SimplePagedResultsControl
lc = SimplePagedResultsControl(ldap.LDAP_CONTROL_PAGE_OID, True,
(page_size, ''))
# Send search request
result_id = l.search_ext(basedn,
scope,
filter,
attributes,
serverctrls=[lc])
pages = 0
while True:
pages += 1
log.debug('Getting page %d', pages)
result_type, result_data, result_msgid, serverctrls = l.result3(
result_id)
log.debug('%d results', len(result_data))
if not result_data:
break
pctrls = [
c for c in serverctrls
if c.controlType == ldap.LDAP_CONTROL_PAGE_OID
]
if pctrls:
est, cookie = pctrls[0].controlValue
if cookie:
lc.controlValue = (page_size, cookie)
result_id = l.search_ext(basedn,
scope,
filter,
attributes,
serverctrls=[lc])
else:
break
else:
log.warn('Server ignores RFC 2696 control.')
break
def ldap_paged_async_search(base, scope, filt, columns):
ldap_log(' PAGED ASYNC SEARCH')
page_size = config.ldap_connection.get('page_size', 100)
if ldap_compat:
lc = SimplePagedResultsControl(size = page_size, cookie = '')
else:
lc = SimplePagedResultsControl(
LDAP_CONTROL_PAGED_RESULTS, True, (page_size, '')
)
results = []
while True:
# issue the ldap search command (async)
msgid = ldap_connection.search_ext(base, scope, filt, columns, serverctrls = [lc])
unused_code, response, unused_msgid, serverctrls = ldap_connection.result3(
msgid = msgid, timeout = config.ldap_connection.get('response_timeout', 5)
)
for result in response:
results.append(result)
# Mark current position in pagination control for next loop
cookie = None
for serverctrl in serverctrls:
if serverctrl.controlType == LDAP_CONTROL_PAGED_RESULTS:
if ldap_compat:
cookie = serverctrl.cookie
if cookie:
lc.cookie = cookie
else:
cookie = serverctrl.controlValue[1]
if cookie:
lc.controlValue = (page_size, cookie)
break
if not cookie:
break
return results
def list_machines(self, name=None, attrs=None):
if attrs is None:
attrs = COMPUTER_ATTRS
oc_filter = '(objectclass=computer)'
desc = self.machine_description(name)
page_size = 64
lc = SimplePagedResultsControl(
ldap.LDAP_CONTROL_PAGE_OID, True, (page_size,''))
conn = self.open()
msgid = conn.search_ext(
desc, ldap.SCOPE_SUBTREE, oc_filter, attrs, serverctrls=[lc])
rval = {}
while True:
# (rtype, rdata, rmsgid, serverctrls)
_, rdata, _, serverctrls = conn.result3(msgid)
# Synthesize the machines into a simple form.
for machine in rdata:
if machine[0]:
for cn in machine[1]['cn']:
rval[cn.lower()] = machine[1]
# Read the next page of the result.
pctrls = [ c for c in serverctrls if c.controlType == ldap.LDAP_CONTROL_PAGE_OID ]
if pctrls:
# (est, cookie)
_, cookie = pctrls[0].controlValue
if cookie:
lc.controlValue = (page_size, cookie)
msgid = conn.search_ext(
desc, ldap.SCOPE_SUBTREE, oc_filter, attrs, serverctrls=[lc])
else:
break
return rval
def paged_search_ext_s(self, base, scope, filterstr='(objectClass=*)', attrlist=None, attrsonly=0, serverctrls=None, clientctrls=None, timeout=30, sizelimit=0): use_old_paging_api = False if hasattr(ldap, 'LDAP_CONTROL_PAGE_OID'): use_old_paging_api = True lc = SimplePagedResultsControl( ldap.LDAP_CONTROL_PAGE_OID,True,(self.page_size,'') ) page_ctrl_oid = ldap.LDAP_CONTROL_PAGE_OID else: lc = ldap.controls.libldap.SimplePagedResultsControl(size=self.page_size,cookie='') page_ctrl_oid = ldap.controls.SimplePagedResultsControl.controlType msgid = self.search_ext(base, scope, filterstr, attrlist=attrlist, serverctrls=[lc]) pages = 0 all_results = [] while True: pages += 1 rtype, rdata, rmsgid, serverctrls = self.result3(msgid) all_results.extend(rdata) pctrls = [ c for c in serverctrls if c.controlType == page_ctrl_oid ] if pctrls: if use_old_paging_api: est, cookie = pctrls[0].controlValue lc.controlValue = (self.page_size, cookie) else: cookie = lc.cookie = pctrls[0].cookie if cookie: msgid = self.search_ext(base, ldap.SCOPE_SUBTREE, filterstr, attrlist=attrlist, serverctrls=[lc]) else: break else: raise ldap.LDAPError return all_results
ldap.SCOPE_SUBTREE,
search_flt,
attrlist=searchreq_attrlist,
serverctrls=[lc])
pages = 0
while True:
pages += 1
print "Getting page %d" % (pages, )
rtype, rdata, rmsgid, serverctrls = l.result3(msgid)
print '%d results' % len(rdata)
pprint.pprint(rdata)
pctrls = [
c for c in serverctrls if c.controlType == ldap.LDAP_CONTROL_PAGE_OID
]
if pctrls:
pprint.pprint(pctrls)
est, cookie = pctrls[0].controlValue
if cookie:
lc.controlValue = (page_size, cookie)
msgid = l.search_ext(base,
ldap.SCOPE_SUBTREE,
search_flt,
attrlist=searchreq_attrlist,
serverctrls=[lc])
else:
break
else:
print "Warning: Server ignores RFC 2696 control."
break
# Send search request
msgid = l.search_ext(
base,
ldap.SCOPE_SUBTREE,
search_flt,
serverctrls=[lc]
)
pages = 0
while True:
pages += 1
print("Getting page %d" % (pages,))
rtype, rdata, rmsgid, serverctrls = l.result3(msgid)
print('%d results' % len(rdata))
pctrls = [
c
for c in serverctrls
if c.controlType == ldap.LDAP_CONTROL_PAGE_OID
]
if pctrls:
est, cookie = pctrls[0].controlValue
if cookie:
lc.controlValue = (page_size, cookie)
msgid = l.search_ext(base, ldap.SCOPE_SUBTREE, search_flt,
serverctrls=[lc])
else:
break
else:
print("Warning: Server ignores RFC 2696 control.")
break
resultCode, results, unusedMessageId, serverControls = ldapConnection.result3(messageId)
except ldap.LDAPError, err:
sys.stderr.write('Error getting user paged search results: ' + str(err) + '\n' )
return returnValue
for result in results:
pageCounter = pageCounter + 1
returnValue.append(result)
cookie = None
for serverCtrl in serverControls:
if serverCtrl.controlType == ldap.LDAP_CONTROL_PAGE_OID:
unusedValue, cookie = serverCtrl.controlValue
if cookie:
pagedResultsControl.controlValue = (pageSize, cookie)
break
if not cookie:
break
try:
ldapConnection.unbind_s()
except ldap.LDAPError, err:
sys.stderr.write('Error while disconnecting from server ' + ldapServer + '... Reason ' + str(err) + '\n')
return returnValue
return returnValue
def getMembersInAGroup(groupName):
returnValue = []
def run_paged_search(self, search_base, search_filter, attrs=None, **kwargs):
host = self.host
who = self.who
cred = self.cred
page_size = self.page_size
scope = ldap.SCOPE_SUBTREE
if kwargs.has_key("host"):
host = kwargs['host']
if kwargs.has_key("who"):
who = kwargs['who']
if kwargs.has_key('cred'):
cred = kwargs['cred']
if kwargs.has_key('scope'):
scope = kwargs['scope']
if kwargs.has_key("page_size"):
page_size = int(kwargs['page_size'])
scope_str = "ldap.SCOPE_SUBTREE"
if scope == ldap.SCOPE_BASE:
scope_str = 'ldap.SCOPE_BASE'
elif scope == ldap.SCOPE_ONELEVEL:
scope_str = 'ldap.SCOPE_ONELEVEL'
if host is not self.get_ldap_host() and host is not self.get_directory_host():
raise Exception("Invalid host, must use either ldap host or directory host")
log.debug("running paged search")
log.debug("host: "+host)
log.debug("who: "+who)
log.debug("base: "+search_base)
log.debug("filter: "+search_filter)
log.debug("attrs: "+str(attrs))
log.debug('scope: '+scope_str)
log.debug("page size: "+str(page_size))
try:
conn = ldap.initialize(host)
ldap.set_option( ldap.OPT_X_TLS_DEMAND, True )
#ldap.set_option( ldap.OPT_DEBUG_LEVEL, 255 )
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_NEVER)
lc = SimplePagedResultsControl( ldap.LDAP_CONTROL_PAGE_OID, True, (page_size,''))
if host is self.get_ldap_host():
result = conn.simple_bind_s(who,cred)
else:
result = conn.simple_bind_s()
result = []
msgid = conn.search_ext(search_base, scope, search_filter, attrs, serverctrls=[lc])
pages = 0
while True:
pages = pages + 1
log.debug("getting page "+str(pages))
rtype, rdata, rmsgid, serverctrls = conn.result3(msgid)
log.debug("result count: "+str(len(rdata)))
result.extend(rdata)
pctrls = [c for c in serverctrls if c.controlType == ldap.LDAP_CONTROL_PAGE_OID ]
if pctrls:
est, cookie = pctrls[0].controlValue
if cookie:
lc.controlValue = (page_size, cookie)
msgid = conn.search_ext(search_base, scope, search_filter, attrs, serverctrls=[lc])
else:
break
else:
log.warning("Warning: Server ignores RFC 2696 control.")
break
conn.unbind()
return result
except ldap.LDAPError, e:
import traceback
log.error("run_paged_search error:")
log.error(traceback.format_exc())
log.error(str(e))
try:
conn.unbind()
except:
pass
return []
while 1: rtype, rdata, rmsgid, rctrls = ad.result3(ldap_result_id) result_set.extend(rdata) result_pages += 1 #extract the simple paged results response control pctrls = [ c for c in rctrls if c.controlType == SimplePagedResultsControl.controlType ] if pctrls: est, cookie = pctrls[0].controlValue if cookie: # copy the cookie from the response control to the request control req_ctrl.controlValue = (pageSize, cookie) ldap_result_id = ad.search_ext(baseDN, searchScope, searchFilter, retrieveAttributes, serverctrls=(serverctrls or []) + [req_ctrl]) else: break x = 0 # print results with column headers print "sAMAccountName, displayName, description, employeeID, whenCreated, mail" for e in result_set: x += 1 info = e[1] msg = '' if 'sAMAccountName' in info: msg += info['sAMAccountName'][0] msg += ','
def ad_search(ad_object,
filter=ad_filter,
attrs=ad_attrs,
base=ad_base_dn,
scope=ad_scope):
'''Function to search AD
It will default to global variables for filter, attributes, base, and
scope
Returns a list of search results. Each entry itself is a list, where the
first item is the DN of the entry, and the second item is a dictionary of
attributes and values.
'''
search_results = []
ad_control = SimplePagedResultsControl(ldap.LDAP_CONTROL_PAGE_OID, True,
(ad_page_size, ''))
try:
ad_pages = 0
while True:
# Send search request
msgid = ad_object.search_ext(base,
scope,
filter,
attrs,
serverctrls=[ad_control])
ad_pages += 1
if debug:
print 'Getting page %d' % (ad_pages)
unused_code, results, unused_msgid, serverctrls = \
ad_object.result3(msgid)
if debug:
print '%d results' % len(results)
if results and len(results) > 0:
search_results.extend(results)
for serverctrl in serverctrls:
if serverctrl.controlType == ldap.LDAP_CONTROL_PAGE_OID:
unused_est, cookie = serverctrl.controlValue
if cookie:
ad_control.controlValue = (ad_page_size, cookie)
break
if not cookie:
break
return search_results
if debug:
sys.stderr.write('LDAP search results not found\n'
'base: %s\n'
'filter: %s\n'
'attributes: %s\n\n' % (base, filter, attrs))
return []
except ldap.LDAPError, error_message:
print 'search_results:'
try:
print search_results
except NameError: # if search_results hasn't been declared
print # print a blank line
sys.stderr.write('LDAPError: %s\n' % (error_message))
try:
unused_code, results, unused_msgid, serverctrls = \
ldap_connection.result3(msgid)
except ldap.LDAPError as e:
sys.stderr.write('Error getting user paged search results: ' +
str(e) + '\n')
sys.exit(1)
for result in results:
pages += 1
accounts.append(result)
cookie = None
for serverctrl in serverctrls:
if serverctrl.controlType == ldap.LDAP_CONTROL_PAGE_OID:
unused_est, cookie = serverctrl.controlValue
if cookie:
paged_results_control.controlValue = (PAGE_SIZE, cookie)
break
if not cookie:
break
# LDAP unbind
ldap_connection.unbind_s()
# Make dictionary with user data
user_map = {}
for entry in accounts:
if 'employeeID' in entry[1] and \
'sAMAccountName' in entry[1]:
user_map[entry[1]['employeeID'][0]] = entry[1]['sAMAccountName'][0]
'--- test_login.py\t(original)'
open('users.temp.xml', 'w').close()
open('maillists.temp.xml', 'w').close()
open('aliases.temp.xml', 'w').close()
while True:
pages += 1
print "Getting page %d" % (pages, )
rtype, rdata, rmsgid, serverctrls = conn.result3(msgid)
print '%d results' % len(rdata)
for dn, entry in rdata:
dump_ldap_entry_in_xml(entry)
pctrls = [
c for c in serverctrls if c.controlType == ldap.LDAP_CONTROL_PAGE_OID
]
if pctrls:
est, cookie = pctrls[0].controlValue
if cookie:
paged_controller.controlValue = (page_size, cookie)
msgid = conn.search_ext(
basedn,
ldap.SCOPE_SUBTREE,
filter,
serverctrls=[paged_controller],
)
else:
break
else:
print "Warning: Server ignores RFC 2696 control."
break
