Python LDAP authentication to a Security Group in Active Directory

Question

the authentication to Active directory using python-ldap works well with the code below, now trying to find how can I verify if a user belongs to a Security Group to be successfully authentificate but cannot figure out how to do that. I have this code integrated in a flask website.

Here is my code:

import ldap
def authenticate():
    conn = ldap.initialize('ldap://ldap.example.com')
    conn.protocol_version = 3
    conn.set_option(ldap.OPT_REFERRALS, 0)
    try:
        username = 'user_id'
        password = 'motdepasse'
        user = "%s@domain" %username
        result = conn.simple_bind_s('user', 'password')
    except ldap.INVALID_CREDENTIALS:
        print "Invalid credentials"
        return "Invalid credentials"
    except ldap.SERVER_DOWN:
        print "Server down"
        return "Server down"
    except ldap.LDAPError, e:
        if type(e.message) == dict and e.message.has_key('desc'):
            return "Other LDAP error: " + e.message['desc']
        else:
            print "Other LDAP error: "
            return "Other LDAP error: " + e
    finally:
        conn.unbind_s()
        print "Succesfully"
    return "Succesfully authenticated"

authenticate()

Thanks for your help

Answer 1

To restrict the LDAP authentication to a specific AD group I used the "search_s function" which find if the authenticated user is part of a AD group.

conn.search_s("OU={AD Security Group},OU=group,OU=Groups,dc=twpn,dc=root,dc=domain,dc=com", ldap.SCOPE_SUBTREE, "(cn=userid)")