Get additional data in LDAP with python

Introduction

LDAP is used for authentication and management of tree-structured data. Compared to RDB, LDAP is used less often and is used differently, so I will summarize how to operate LDAP with python. In addition, LDAP authentication samples are available in many places, but here's a simple example to make things easier.

Environmental preparation

LDAP server

The LDAP server can also be installed with ldap on Ubuntu or Centos, but since there was a docker image, I will use that.

docker image pull

The docker image is simply pulled.


docker pull osixia/openldap

Launch docker image

When starting the image, set the ldap password, top domain, and mount each port. If you are using docker network, set the network and IP address without mounting the port.


 docker run -p 389:389 -p 636:636 --env LDAP_DOMAIN="sample-ldap" --env LDAP_ADMIN_PASSWORD="LdapPass" --name LDAPSERVER --detach osixia/openldap

result


> docker ps
CONTAINER ID        IMAGE               COMMAND                 CREATED             STATUS              PORTS               NAMES
4f6e1b4eaf29        osixia/openldap     "/container/tool/run"   2 hours ago         Up 2 hours          0.0.0.0:389->389/tcp, 0.0.0.0:636->636/tcp   LDAPSERVER

Install Ldap library

Since the client is used by python, install the LDAP client library `` `ldap3``` with pip.


pip install ldap3

LDAP operations

Now that the LDAP server and client are ready, it's time to create the source of the operation.

Login to LDAP

You need to log in to operate LDAP, so log in first. Set the Server class with the necessary settings such as the IP address, port number, and timeout of the LDAP server. Generate a Connection class using that Server class. At this time, it will not connect to the LDAP server, but will connect for the first time with `bind ()`. dc and password will be the values you specified during docker run, and cn will default to admin.

main.py



conn = Connection(server, 'cn=admin,dc=sample-ldap',  password='LdapPass')
result = conn.bind()
print(result)

result

> python main.py' 
True

Since the result of bind is True, you can see that the connection to the LDAP server was successful.

domain

Now that we have a connection, we will add and get LDAP. LDAP is composed of a tree structure in the order of dc, ou, cn from the top, so first add and get from dc.

Add domain

The sample code is a continuation of the source above. Specify the character string that connects the dc you want to add and the top dc in the first argument of the add function `` `of the created connection, and specify domain''`` `in the second argument. I will. At this time, if you put a space after the comma of the character string of the first argument, an error will occur, so be careful.

main.py



#Add domain
dc_result = conn.add('dc=sample-component,dc=sample-ldap', 'domain')
print(dc_result)

result

True

The execution result is the same as the bind, and True is returned as the result of add, so you can see that it was possible to add.

Obtaining a domain

The sample code is a continuation of the source above. Get the dc added above. Specify the LDAP path you want to check in the first argument of `conn.search ()`. The second argument specifies domain. As a result, you can get the sample-component information in `conn.entries`.

main.py



#Obtaining a domain
conn.search('dc=sample-component,dc=sample-ldap', '(objectclass=domain)')
print(conn.entries)

result

True
[DN: dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T22:35:26.491599
]

This time, since the domain is searched by specifying domain as the second argument, one target entries can be obtained. I will post the source later, but you can get more than one by putting other values in the second argument.

organization

Now that we have added LDAP dc, we will add and acquire ou.

Addition of organization

The sample code is a continuation of the source above. Specify the character string that connects ou and dc that you want to add to the first argument of the add function `` `of the created connection, and specify organizationalUnit''``` to the second argument.

main.py



#Add domain
ou_result = conn.add('ou=sample-unit,dc=sample-component,dc=sample-ldap', 'organizationalUnit')
print(ou_result)

result

True

The execution result is the same as the bind, and True is returned as the result of add, so you can see that it was possible to add.

Obtaining an organization

The sample code is a continuation of the source above. Get the ou added above. Specify the path you want to search for in the first argument of `conn.search ()`. The second argument specifies organizationalUnit. As a result, you can get the sample-unit information in `conn.entries`.

main.py



#Obtaining an organization
conn.search('ou=sample-unit,dc=sample-component,dc=sample-ldap', '(objectclass=organizationalUnit)')
print(conn.entries)

#dc acquisition of specified organization
conn.search('dc=sample-component,dc=sample-ldap', '(objectclass=organizationalUnit)')
print(conn.entries)


result


[DN: ou=sample-unit,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:27:36.594396]
[DN: ou=sample-unit,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:27:36.604398
, DN: ou=sample-unit2,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:27:36.604398
]

If you are searching for an organization as the first argument, you can get one entry of interest. If you are searching for a domain, you can get as many as the number of ou that the domain contains.

Common name

Now that we have added the LDAP ou, we will add and get the cn.

Add common name

The sample code is a continuation of the source above. Specify the character string that connects cn, ou, and dc that you want to add to the first argument of the add function `` `of the created connection, and specify 'inetOrgPerson'`` `in the second argument. And specify additional information in the third argument.

main.py



#Add domain
cn_result = conn.add('cn=sample-name,ou=sample-unit,dc=sample-component,dc=sample-ldap', 'inetOrgPerson', {'sn':'sample'})
print(cn_result)

result

True

The execution result is the same as the bind, and True is returned as the result of add, so you can see that it was possible to add.

Obtaining a common name

The sample code is a continuation of the source above. Get the cn added above. Specify the path you want to search for in the first argument of `conn.search ()`. The second argument specifies inetOrgPerson. As a result, you can get the sample-name information in `conn.entries`.

main.py



#Obtaining a common name
conn.search('cn=sample-name,ou=sample-unit,dc=sample-component,dc=sample-ldap', '(objectclass=inetOrgPerson)')
print(conn.entries)

#Acquisition of ou designated common name
conn.search('ou=sample-unit,dc=sample-component,dc=sample-ldap', '(objectclass=inetOrgPerson)')
print(conn.entries)

#Get the common name specified by dc
conn.search('dc=sample-component,dc=sample-ldap', '(objectclass=inetOrgPerson)')
print(conn.entries)

result


[DN: cn=sample-name,ou=sample-unit,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:36:41.125246
]
[DN: cn=sample-name,ou=sample-unit,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:36:41.156378
, DN: cn=sample-name2,ou=sample-unit,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:36:41.157365
, DN: cn=sample-name3,ou=sample-unit,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:36:41.157365
, DN: cn=sample-name1,ou=sample-unit,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:36:41.157365
]
[DN: cn=sample-name,ou=sample-unit,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:51:20.773638
, DN: cn=sample-name2,ou=sample-unit,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:51:20.773638
, DN: cn=sample-name3,ou=sample-unit,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:51:20.774650
, DN: cn=sample-name1,ou=sample-unit,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:51:20.774650
, DN: cn=sample-name,ou=sample-unit1,dc=sample-component,dc=sample-ldap - STATUS: Read - READ TIME: 2020-03-25T23:51:20.774650
]

If you are searching for a common name by specifying inetOrgPerson as the second argument, you can get one target entry. If you are searching for an organization or domain, you can get as many as the number of cn that each contains.

in conclusion

Regarding LDAP, since it was only used as LDAP authentication, I did not add it from the LDAP domain or search from each directory by changing the search method like this time. I have a habit of using it, but it may be easier to use than RDB if it is tree-structured data because you can get the value in a simpler way than you think. Next, we will look at other operations.

Recommended Posts

Get additional data in LDAP with python
Get additional data to LDAP with python (Writer and Reader)
Get Youtube data with python
Get Leap Motion data in Python.
Get data from Quandl in Python
[Python] Get economic data with DataReader
Get started with Python in Blender
[Note] Get data from PostgreSQL with Python
Try working with binary data in Python
Get Google Fit API data in Python
Get Youtube data in Python using Youtube Data API
Get Started with TopCoder in Python (2020 Edition)
Data analysis with python 2
Get date in Python
Get date with python
Data analysis with Python
Get time series data from k-db.com in Python
[Python] Get the files in a folder with Python
Read table data in PDF file with Python
Get stock price data with Quandl API [Python]
I tried to get CloudWatch data with Python
Get YouTube Comments in Python
Get country code with python
Sample data created with python
Handle Ambient data in Python
Scraping with selenium in Python
Get last month in python
Working with LibreOffice in Python
Get Twitter timeline with python
Scraping with chromedriver in python
Display UTM-30LX data in Python
Debugging with pdb in Python
Get financial data with python (then a little tinkering)
[Python] Get the numbers in the graph image with OCR
Get LEAD data using Marketo's REST API in Python
Get standard output in real time with Python subprocess
Working with sounds in Python
Get data from GPS module at 10Hz in Python
Scraping with Selenium in Python
Get the result in dict format with Python psycopg2
Scraping with Tor in Python
Tweet with image in Python
Get Terminal size in Python
Explicitly get EOF in python
Combined with permutations in Python
Get thread ID with python
Get started with Python! ~ ② Grammar ~
Get stock price with Python
Get Evernote notes in Python
Get home directory with python
Get keyboard events with python
Get in touch with functional programming in JavaScript or Python 3
Get data from database via ODBC with Python (Access)
Get Alembic information with Python
Get Japanese synonyms in Python
Read json data with python
Try scraping the data of COVID-19 in Tokyo with Python
Get rid of dirty data with Python and regular expressions
[Homology] Count the number of holes in data with Python
Hit REST in Python to get data from New Relic
Get data from analytics API with Google API Client for python