定義一個(gè)類，用于初始化ldap連接，驗(yàn)證、查找用戶等功能

# -*- coding: UTF-8 -*- import sys reload(sys) sys.setdefaultencoding('utf-8') import ldap,logging,time logfile = 'e:\\a.txt' # logging.basicConfig(filename=logfile,level=logging.INFO) # logging.basicConfig(format='%(time.asctime)s %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p') logging.basicConfig(level=logging.INFO, #format='%(asctime)s %(filename)s[line:%(lineno)d] %(levelname)s %(message)s', #返回值：Thu, 26 May 2016 15:09:31 t11.py[line:92] INFO format='%(asctime)s %(levelname)s %(message)s', #datefmt='%a, %d %b %Y %H:%M:%S', #datefmt='%Y/%m/%d %I:%M:%S %p', #返回2016/05/26 03:12:56 PMdatefmt='%Y-%m-%d %H:%M:%S', #返回2016/05/26 03:12:56 PMfilename=logfile#, #filemode='a' #默認(rèn)為a ) #logging輸出結(jié)果： #2016-05-26 15:22:29 INFO liu1 valid passed. #2016-05-26 15:22:37 INFO liu1 valid passed.class ldapc:def __init__(self,ldap_path,baseDN,domainname,ldap_authuser,ldap_authpass):self.baseDN = baseDNself.ldap_error = Noneldap_authduser = '%s\%s' %(domainname,ldap_authuser)self.l=ldap.initialize(ldap_path)self.l.protocol_version = ldap.VERSION3try:self.l.simple_bind_s(ldap_authduser,ldap_authpass)except ldap.LDAPError,err:self.ldap_error = 'Connect to %s failed, Error:%s.' %(ldap_path,err.message['desc'])print self.ldap_error# finally:# self.l.unbind_s()# del self.ldef search_users(self,username): #模糊查找，返回一個(gè)list，使用search_s()if self.ldap_error is None:try:searchScope = ldap.SCOPE_SUBTREEsearchFiltername = "sAMAccountName" #通過samaccountname查找用戶retrieveAttributes = NonesearchFilter = '(' + searchFiltername + "=" + username +'*)'ldap_result =self.l.search_s(self.baseDN, searchScope, searchFilter, retrieveAttributes)if len(ldap_result) == 0: #ldap_result is a list.return "%s doesn't exist." %usernameelse:# result_type, result_data = self.l.result(ldap_result, 0) # return result_type, ldap_resultreturn ldap_resultexcept ldap.LDAPError,err:return errdef search_user(self,username): #精確查找，返回值為list，使用search()if self.ldap_error is None:try:searchScope = ldap.SCOPE_SUBTREEsearchFiltername = "sAMAccountName" #通過samaccountname查找用戶retrieveAttributes = NonesearchFilter = '(' + searchFiltername + "=" + username +')'ldap_result_id =self.l.search(self.baseDN, searchScope, searchFilter, retrieveAttributes)result_type, result_data = self.l.result(ldap_result_id, 0)if result_type == ldap.RES_SEARCH_ENTRY:return result_dataelse:return "%s doesn't exist." %usernameexcept ldap.LDAPError,err:return errdef search_userDN(self,username): #精確查找，最后返回該用戶的DN值if self.ldap_error is None:try:searchScope = ldap.SCOPE_SUBTREEsearchFiltername = "sAMAccountName" #通過samaccountname查找用戶retrieveAttributes = NonesearchFilter = '(' + searchFiltername + "=" + username +')'ldap_result_id =self.l.search(self.baseDN, searchScope, searchFilter, retrieveAttributes)result_type, result_data = self.l.result(ldap_result_id, 0)if result_type == ldap.RES_SEARCH_ENTRY:return result_data[0][0] #list第一個(gè)值為用戶的DN，第二個(gè)值是一個(gè)dict，包含了用戶屬性信息else:return "%s doesn't exist." %usernameexcept ldap.LDAPError,err:return errdef valid_user(self,username,userpassword): #驗(yàn)證用戶密碼是否正確if self.ldap_error is None:target_user = self.search_userDN(username) #使用前面定義的search_userDN函數(shù)獲取用戶的DNif target_user.find("doesn't exist") == -1:try:self.l.simple_bind_s(target_user,userpassword)logging.info('%s valid passed.\r'%(username)) #logging會(huì)自動(dòng)在每行l(wèi)og后面添加"\000"換行，windows下未自動(dòng)換行return Trueexcept ldap.LDAPError,err:return errelse:return target_userdef update_pass(self,username,oldpassword,newpassword): #####未測試#########if self.ldap_error is None:target_user = self.search_userDN(username) if target_user.find("doesn't exist") == -1:try:self.l.simple_bind_s(target_user,oldpassword)self.l.passwd_s(target_user,oldpassword,newpassword)return 'Change password success.'except ldap.LDAPError,err:return errelse:return target_userldap_authuser='liu1' ldap_authpass='pass' domainname='uu' ldappath='ldap://192.168.200.25:389'baseDN='OU=優(yōu)優(yōu),DC=uu,DC=yuu,DC=com' #ldap_authuser在連接到LDAP的時(shí)候不會(huì)用到baseDN，在驗(yàn)證其他用戶的時(shí)候才需要使用 username = 'liu1' #要查找/驗(yàn)證的用戶 p=ldapc(ldappath,baseDN,domainname,ldap_authuser,ldap_authpass) print p.valid_user('Lily','lpass') #調(diào)用valid_user()方法驗(yàn)證用戶是否為合法用戶

?

遍歷OU下的用戶函數(shù)：

def search_OU(self): #精確查找，最后返回該用戶的DN值if self.ldap_error is None:try:searchScope = ldap.SCOPE_SUBTREE#searchFiltername = "sAMAccountName" #通過samaccountname查找用戶retrieveAttributes = NonesearchFilter = '(&(objectClass=person))'ldap_result =self.l.search_s(self.baseDN, searchScope, searchFilter, retrieveAttributes)if ldap_result is not None:udict = {}usersinfor = []for pinfor in ldap_result:#pinfor是一個(gè)tuple，第一個(gè)元素是該用戶的CN，第二個(gè)元素是一個(gè)dict，包含有用戶的所有屬性if pinfor[1]:p=pinfor[1]sAMAccountName = p['sAMAccountName'][0] #返回值是一個(gè)listdisplayName = p['displayName'][0]#如果用戶的某個(gè)屬性為空，則dict中不會(huì)包含有相應(yīng)的keyif 'department' in p:department = p['department'][0]else:department = None#print sAMAccountName,displayName,departmentudict['sAMAccountName'] = sAMAccountNameudict['displayName'] = displayNameudict['department'] = departmentusersinfor.append(udict)# print udictreturn usersinforexcept ldap.LDAPError,err:return errfinally:self.l.unbind_s()del self.l

?

baseDN='OU=Admin,DC=u,DC=y,DC=com' #需要遍歷的OU
p=ldapc(ldappath,baseDN,domainname,ldap_authuser,ldap_authpass)
users = p.search_OU()
print users[0]['department']

?

#retrieveAttributes = None searchFilter = '(&(objectClass=person))' attrs = ['cn','uid','mail'] ldap_result =self.l.search_s(self.baseDN, searchScope, searchFilter, attrs) #只過濾attrs屬性，如果為*，則過濾所有屬性

?

分頁返回LDAP查詢結(jié)果：

import ldap from ldap.controls import SimplePagedResultsControl l = ldap.initialize('ldap://1.1.1.16') l.simple_bind_s('user', 'Password') baseDN=unicode('OU=集團(tuán),DC=uxin,DC=youxinpai,DC=com','utf8') PAGE_SIZE = 500 #設(shè)置每頁返回的條數(shù) ATTRLIST = ['sAMAccountName','name', 'mail','department','title'] #設(shè)置返回的屬性值 # ATTRLIST = None #設(shè)置為None則返回用戶的所有屬性 searchFilter = '(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))' #查詢Enabled的用戶 pg_ctrl = SimplePagedResultsControl(True, size=PAGE_SIZE, cookie="") userdata = [] while True: msgid = l.search_ext(baseDN,ldap.SCOPE_SUBTREE, searchFilter, ATTRLIST, serverctrls=[pg_ctrl]) _a, res_data, _b, srv_ctrls = l.result3(msgid) # print 'res_data', len(res_data) ,msgid userdata.extend(res_data) cookie = srv_ctrls[0].cookie if cookie: pg_ctrl.cookie = cookie else: break print 'totalnum:', len(userdata) print userdata[0]

?

?

ObjectClass類型如下：詳細(xì)參考：http://www.cnblogs.com/dreamer-fish/p/5832735.html（LDAP查詢過濾語法）http://www.morgantechspace.com/2013/05/ldap-search-filter-examples.html

objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson

?

總結(jié)

以上是生活随笔為你收集整理的Python通过LDAP验证、查找用户（class,logging）的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。