CODEWITHSUNDEEP
pythonldapbind
Riccardo79
Riccardo79

Reputation: 1046

LDAP uid path not known

Here there my working python script:

#!/usr/bin/python

import ldap, sys

l = ldap.initialize('ldap://myldapserver:389')
username = "uid=%s,OU=folder1,OU=myCompany,O=MyCompanyGroup" % "myID"
password = "mypassword"
try:
  l.protocol_version = ldap.VERSION3
  l.simple_bind_s(username, password)
  valid = True
  print "OK"
  l.unbind()
except Exception, error:
  print error

Now I would like to bind the user, just only specifying "O=MyCompanyGroup", and searching for the uid on that subtree. For example I can filter based on "inetOrgPerson"

I tried 

 username = "(&(objectClass=inetOrgPerson )(uid=%s)(O=MyCompanyGroup))" % "myID"

but I get Invalid credentials.

Thanks! Riccardo

Upvotes: 0

Views: 231

Answers (2)

secavfr
secavfr

Reputation: 928

Good technique @Riccardo79

In my case, I was forced to login as the admin of the LDAP first to performe the user password check.

Here is my code :

import ldap

ldap_admin_dn = "cn=admin..."
ldap_admin_password = "..."
ldap_users_dn="ou=to,ou=my,ou=users..."

def connectLDAP(self, username, password) -> bool:
    search_filter = "(&(uid={})(objectClass=inetOrgPerson))".format(username)
    try:
        connection = ldap.initialize(self.ldap_endpoint)
        connection.protocol_version = ldap.VERSION3
        connection.simple_bind_s(ldap_admin_dn, ldap_admin_password)
        result = connection.search_s(ldap_users_dn, ldap.SCOPE_SUBTREE, search_filter)
        user_dn = result[0][0]
        connection.simple_bind_s(user_dn, password)
        connection.unbind()
    except ldap.LDAPError as e:
        print(e)
        return False
    return result

Upvotes: 0

Riccardo79
Riccardo79

Reputation: 1046

Found the solution

#!/usr/bin/python

import ldap, sys

l = ldap.initialize('ldap://myldapserver:389')
search_filter = "(&(uid=myID)(objectClass=inetOrgPerson))"
base_dn="O=MyCompanyGroup"
password = "mypassword"
try:
  l.protocol_version = ldap.VERSION3
  result = l.search_s(base_dn, ldap.SCOPE_SUBTREE, search_filter, None)
  user_dn = result[0][0]
  print user_dn
  l.simple_bind_s(user_dn, password)
  valid = True
  print "OK"
  l.unbind()
except Exception, error:
  print error

Upvotes: 1

Related Questions