ldap

# -*- coding: UTF-8 -*-
import ldap, ConfigParser, os
from ldap import modlist

LDAP_HOST = "mydomain.com"
USER = "cn=admin,dc=mydomain,dc=com"
PASSWORD = password
BASE_DN = dc=mydomain,dc=com
class LdapOpt(object):
def __init__(self, server_port=389): self.server_uri = LDAP_HOST self.server_port = server_port self.ldap_obj = None self.bind_name = USER self.bind_passwd = PASSWORD self.ldap_connect() def ldap_connect(self): """ :param bind_name: :param bind_passwd: :return: """ url = self.server_uri conn = ldap.open(url) try: rest = conn.simple_bind_s(self.bind_name, self.bind_passwd) except ldap.SERVER_DOWN: print(u"无法连接到LDAP") except ldap.INVALID_CREDENTIALS: print (u"LDAP账号错误") except Exception, ex: print (type(ex)) if rest[0] != 97: # 97 表示success print (rest[1]) self.ldap_obj = conn def add_user(self, base_dn, password): """ base_dn: uid=test, ou=magicstack,dc=test,dc=com NOT NONE """ if not base_dn: print (u"DN不能为空") dn_list = base_dn.split(',') user_info = dict() for item in dn_list: attr, value = item.split('=') user_info[attr] = value attrs = {} attrs['objectclass'] = ['person', 'inetOrgPerson', 'posixAccount', 'organizationalPerson'] attrs['cn'] = str(user_info['uid']) attrs['homeDirectory'] = '/ftp_data/%s' % str(user_info['uid']) attrs['loginShell'] = '/bin/bash' attrs['sn'] = str(user_info['uid']) attrs['uid'] = str(user_info['uid']) attrs['uidNumber'] = str(self.__get_max_uidNumber() or "10001") attrs['gidNumber'] = "10001" attrs['userPassword'] = str(password) ldif = modlist.addModlist(attrs) try: result = self.ldap_obj.add_s(base_dn, ldif) except ldap.LDAPError, error_message: print (error_message) return False, error_message else: if result[0] == 105: return True, [] else: return False, result[1] def delete_user(self, dn): """ dn: cn=test, ou=magicstack,dc=test, dc=com """ try: result = self.ldap_obj.delete_s(dn) except ldap.LDAPError, error_message: print (error_message) return False, error_message else: if result[0] == 107: return True, [] else: return False, result[1] def __get_max_uidNumber(self): """ 查询 当前最大的uid,这个是在添加用户时,用于自增uid :param: None :return: max uidNumber """ obj = self.ldap_obj obj.protocal_version = ldap.VERSION3 searchScope = ldap.SCOPE_SUBTREE retrieveAttributes = ['uidNumber'] searchFilter = "uid=*" try: ldap_result = obj.search_s( base=BASE_DN, scope=searchScope, filterstr=searchFilter, attrlist=retrieveAttributes ) result_set = [] for data in ldap_result: if data[1]: result_set.append(int(data[1]["uidNumber"][0])) if not result_set: return False return max(result_set) + 1 except ldap.LDAPError, error_message: print (error_message) return False def ldap_get_user(self, uid=None): ''' 查询用户返回用户密码 :param uid: :return: userpassword ''' obj = self.ldap_obj obj.protocal_version = ldap.VERSION3 searchScope = ldap.SCOPE_SUBTREE retrieveAttributes = ["userPassword"] searchFilter = "uid=" + uid try: ldap_result_id = obj.search(BASE_DN, searchScope, searchFilter, retrieveAttributes) result_type, result_data = obj.result(ldap_result_id, 0) if result_type == ldap.RES_SEARCH_ENTRY: return result_data[0][1]["userPassword"][0] else: return None except ldap.LDAPError, e: print e return None def ldap_update_pass(self, dn=None, oldpass=None, newpass=None): ''' 修改用户密码 :param dn: :param oldpass: :param newpass: :return:bool ''' obj = self.ldap_obj try: obj.passwd_s(str(dn), oldpass, newpass) return True except ldap.LDAPError, e: print e return False

 

posted @ 2018-09-03 17:02  天行健风行云  阅读(178)  评论(0编辑  收藏  举报