Chinaunix首页 | 论坛 | 博客
  • 博客访问: 223363
  • 博文数量: 46
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 482
  • 用 户 组: 普通用户
  • 注册时间: 2014-07-18 14:14
个人简介

小菜鸟

文章分类

全部博文(46)

文章存档

2020年(2)

2017年(7)

2016年(36)

2014年(1)

我的朋友

分类: LINUX

2016-04-22 14:03:23

Python实现LDAP用户名密码认证

1 Python实现LDAP用户名密码认证,来实现统一认证


点击(此处)折叠或打开

  1. #!/usr/bin/python

  2. import ldap

  3. # ldap server's ip address.
  4. # the ldap server default port is 389, if your ldap server is use SSL port 636,
  5. # pls. change to : ldap://192.168.13.13:636
  6. ldap_path = "ldap://192.168.13.13"
  7. # ladp administrator, use to find the input user is exist in ldap.
  8. ldap_user = "Manager"
  9. # ldap administrator password.
  10. ldap_pwd = "secret"
  11. # ldap base.
  12. base_dn = "dc=maxcrc,dc=com"

  13. # get the dn of user
  14. def validateLDAPUser(user):
  15.     try:
  16.         conn = ldap.initialize(ldap_path)
  17.         # the ldap default version is version3,
  18.         #if your ldap server is use ldap version1, or version2,
  19.         # pls. change this to VERSION1 VERSION2
  20.         conn.protocol_version = ldap.VERSION3
  21.         conn.simple_bind(ldap_user, ldap_pwd)

  22.         searchScope = ldap.SCOPE_SUBTREE
  23.         searchFiltername = "uid"
  24.         retrieveAttributes = None

  25.         # ensure the user is exist in ldap
  26.         searchFilter = '(' + searchFiltername + "=" + user + ')'
  27.         ldap_result_id = conn.search(base_dn, searchScope, searchFilter, retrieveAttributes)
  28.         result_type, result_data = conn.result(ldap_result_id, 1)
  29.         if (not len(result_data) == 0):
  30.             return 1, result_data[0][0]
  31.         else:
  32.             return 0, ''

  33.     except ldap.LDAPError, e:
  34.         print e
  35.         return 0, ''

  36.     finally:
  37.         conn.unbind()
  38.         del conn

  39. #if time out, retry
  40. def get_dn(user, try_num=2):
  41.     i = 0
  42.     is_found = 0
  43.     found_result = ""
  44.     while (i < try_num):
  45.         is_found, found_result = validateLDAPUser(user)
  46.         if (is_found):
  47.             break
  48.         i += 1
  49.     return found_result

  50. # test the username is exist in ldap server, and it's password is correct.
  51. def LDAPLogin(user_name, user_pwd):
  52.     try:
  53.         if (user_name == ""):
  54.             print "Username is empty!"
  55.             return
  56.         if (user_pwd == ""):
  57.             print "Password is empty!"
  58.             return
  59.         
  60.         dn = get_dn(user_name, 2)
  61.         if (dn == ''):
  62.             print "User Not Exist"
  63.             return
  64.         else:
  65.             print "User Name Ok"
  66.         ldap_conn = ldap.initialize(ldap_path)
  67.         ldap_conn.simple_bind_s(dn, user_pwd)
  68.         print "Login Success!"
  69.     except Exception, e:
  70.         print "Login Failed!"
  71.         
  72.     finally:
  73.         ldap_conn.unbind()
  74.         del ldap_conn


  75. # param 1: in, the ldap user name, such as san.zhang
  76. # param 2: in, the password of input user.
  77. # other: pls. add a return value based on your need.
  78. LDAPLogin("zhiye.wang", "123456")


阅读(3524) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~