How can I verify user and password using Python ldap3 via OpenLdap?

Question

For a django project, I designed a different login page. The users here will log in via openldap.

I can access users' full information with their uid id, but I could not find how to verify the password.

Do I need to hash the user's password and compare it with the password on ldap? Isn't there any other method? Thank you

from ldap3 import Server, Connection, ALL, SUBTREE
from ldap3.core.exceptions import LDAPException, LDAPBindError, LDAPSocketOpenError
from ldap3.utils.conv import escape_filter_chars

ldap_server_uri=f"ldap://xxx:389"
ldap_base = 'dc=xx,dc=xx,dc=xx'

def ldap(uid,password):
    try:     
        ldap_server = Server(ldap_server_uri, get_info=ALL)
        ldap_connection = Connection(ldap_server, user = 'uid=admin,ou=xx,dc=xx,dc=xx',password='adminpassword')
        if ldap_connection.bind() == True:
            if ldap_connection.search(search_base=ldap_base, search_filter=f'(uid={uid})',search_scope = SUBTREE, attributes=['uid']) == True:
                ent = ldap_connection.entries[0]
                entry = {'uid': ent['uid']}
                ldap_connection.unbind()
                return entry
            else:
                return None
    except LDAPSocketOpenError:
        print('Unabled to connect to the LDAP server!')
        return None

Answer 1

Both of the answers are inaccurate.
You have to bind the connection to catch the exception or read the result.

>>> conn = ldap3.Connection(server, 'real_username', 'real_password', auto_bind=ldap3.AUTO_BIND_TLS_BEFORE_BIND)
>>> conn.result
{'result': 0, 'description': 'success', 'dn': '', 'message': '', 'referrals': None, 'saslCreds': None, 'type': 'bindResponse'}

instead of

>>> conn = ldap3.Connection(server, 'real_username', 'real_password')
>>> conn.result
>>> 

Fixed version of the Milovan Tomašević answer:

import ldap3
from ldap3.core.exceptions import LDAPBindError


def _ldap_login(username, password):
    try:
        with ldap3.Connection('enter_server', user=username, password=password, auto_bind=ldap3.AUTO_BIND_TLS_BEFORE_BIND) as conn:
            print(conn.result["description"]) # "success" if bind is ok
            return True
    except LDAPBindError:
        print('Unable to connect to LDAP server')
        return False

_ldap_login("enter_username", "enter_password")

Answer 2

You have to authenticate the user with the complete path uid={username},dc=xx,dc=xx,dc=xx.

from ldap3 import ALL, Connection, Server
from ldap3.core.exceptions import LDAPException

username = "bob"
password = "secret"
ldap_base = "dc=xx,dc=xx,dc=xx"

server = Server(
    host="ldaps://xxx",
    port=636,
    use_ssl=True,
    get_info=ALL,
)

try:
    with Connection(
        server=server,
        authentication="SIMPLE",
        user=f"uid={username},{ldap_base}",
        password=password,
        read_only=True,
        ) as connection:
            print(connection.result)  # "success" if bind is ok

except LDAPException as e:
    print(server.info)

Answer 3

Just to check the username and password I use:

import ldap3
from ldap3.core.exceptions import LDAPException


def _ldap_login(username, password):
    try:
        with ldap3.Connection('enter_server', user=username, password=password) as conn:
            print(conn.result["description"]) # "success" if bind is ok
            return True
    except LDAPException:
        print('Unable to connect to LDAP server')
        return False

_ldap_login("enter_username", "enter_password")

The following are 30 code examples for showing how to use ldap3 and Tutorial: Introduction to ldap3.