Python 操作LDAP实现用户统一认证密码修改功能

[日期：2015-02-07]

来源：Linux社区作者：gccmx

[字体： ]

最近做了一个单点登录系统，使用的openLDAP存储用户和组信息。封装了一个ldap的操作类。ldap这东西还是蛮复杂的，用以备忘吧。要是不知道LDAP是什么东西，请把鼠标移到浏览器右上角，mac系统移到左上角，点小叉叉。呵呵……

#-*- coding: UTF-8 -*-
import sys,ldap
import ldap
LDAP_HOST = '10.10.10.10'
USER = 'cn=admin,dc=gccmx,dc=cn'
PASSWORD = 'yourpass'
BASE_DN = 'dc=gccmx,dc=cn'
class LDAPTool:

def __init__(self,ldap_host=None,base_dn=None,user=None,password=None):
if not ldap_host:
ldap_host = LDAP_HOST
if not base_dn:
self.base_dn = BASE_DN
if not user:
user = USER
if not password:
password = PASSWORD
try:
self.ldapconn = ldap.open(ldap_host)
self.ldapconn.simple_bind(user,password)
except ldap.LDAPError,e:
print e

#根据表单提交的用户名，检索该用户的dn,一条dn就相当于数据库里的一条记录。
#在ldap里类似cn=username,ou=users,dc=gccmx,dc=cn,验证用户密码，必须先检索出该DN
def ldap_search_dn(self,uid=None):
obj = self.ldapconn
obj.protocal_version = ldap.VERSION3
searchScope = ldap.SCOPE_SUBTREE
retrieveAttributes = None
searchFilter = "cn=" + uid

try:
ldap_result_id = obj.search(self.base_dn, searchScope, searchFilter, retrieveAttributes)
result_type, result_data = obj.result(ldap_result_id, 0)
#返回数据格式
#('cn=django,ou=users,dc=gccmx,dc=cn',
# { 'objectClass': ['inetOrgPerson', 'top'],
# 'userPassword': ['{MD5}lueSGJZetyySpUndWjMBEg=='],
# 'cn': ['django'], 'sn': ['django'] } )
#
if result_type == ldap.RES_SEARCH_ENTRY:
#dn = result[0][0]
return result_data[0][0]
else:
return None
except ldap.LDAPError, e:
print e

#查询用户记录，返回需要的信息
def ldap_get_user(self,uid=None):
obj = self.ldapconn
obj.protocal_version = ldap.VERSION3
searchScope = ldap.SCOPE_SUBTREE
retrieveAttributes = None
searchFilter = "cn=" + uid
try:
ldap_result_id = obj.search(self.base_dn, searchScope, searchFilter, retrieveAttributes)
result_type, result_data = obj.result(ldap_result_id, 0)
if result_type == ldap.RES_SEARCH_ENTRY:
username = result_data[0][1]['cn'][0]
email = result_data[0][1]['mail'][0]
nick = result_data[0][1]['sn'][0]
result = {'username':username,'email':email,'nick':nick}
return result
else:
return None
except ldap.LDAPError, e:
print e

#用户验证，根据传递来的用户名和密码，搜索LDAP，返回boolean值
def ldap_get_vaild(self,uid=None,passwd=None):
obj = self.ldapconn
target_cn = self.ldap_search_dn(uid)
try:
if obj.simple_bind_s(target_cn,passwd):
return True
else:
return False
except ldap.LDAPError,e:
print e

#修改用户密码
def ldap_update_pass(self,uid=None,oldpass=None,newpass=None):
modify_entry = [(ldap.MOD_REPLACE,'userpassword',newpass)]
obj = self.ldapconn
target_cn = self.ldap_search_dn(uid)
try:
obj.simple_bind_s(target_cn,oldpass)
obj.passwd_s(target_cn,oldpass,newpass)
return True
except ldap.LDAPError,e:
return False

Liferay Portal 配置使用和OpenLDAP

Axigen+OpenLDAP+BerkeleyDB+ejabberd多域+JWchat详细配置

部署OpenLDAP认证

本文永久更新链接地址：

阅读(648) | 评论(0) | 转发(0) |

上一篇：CentOS 6.5 安装和配置Cobbler

下一篇：Linux下MongoDB集群--副本集环境搭建

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6