碼上快樂

相關內容    簡體    繁體

AD用戶登錄驗證,遍歷OU(LDAP)

本文轉載自   查看原文   2016-04-19 15:16   2207    ldap/ Python

先安裝python-ldap模塊

1.驗證AD用戶登錄是否成功

import sqlite3,ldap

domainname='cmr\\'
username='zhangsan'
ldapuser = domainname + username
ldappass='password'
ldappath='ldap://192.168.200.20:389/'
baseDN='OU=ouname,DC=d1,DC=d2,DC=com'

l=ldap.initialize(ldappath)
l.protocol_version = ldap.VERSION3
try:
    l.simple_bind_s(ldapuser,ldappass)
    #print l.simple_bind_s(ldapuser,ldappass)
except Exception,err:  #ldap.LDAPError
    print err.message['desc'] #DC無法連通,或憑據錯誤,報錯也不同

2.驗證用戶queryusername是否存在

import ldap
domainname='dname\\'
username='authname'
queryusername ='queryusername'
ldapuser = domainname + username
ldappass='password'
ldappath='ldap://192.168.200.20:389/'
baseDN='OU=拍,DC=d1,DC=d2,DC=com'

try:
    l = ldap.initialize(ldappath)
    l.protocol_version = ldap.VERSION3
    #l.simple_bind(ldapuser,ldappass)
    l.bind_s(ldapuser,ldappass)
    searchScope  = ldap.SCOPE_SUBTREE
    searchFiltername = "sAMAccountName" #通過samaccountname查找用戶
    retrieveAttributes = None
    searchFilter = '(' + searchFiltername + "=" + queryusername +')'  #searchFilter = '(' + searchFiltername + "=" + username +'*)' 加星號表示模糊查找
    ldap_result =l.search_s(baseDN, searchScope, searchFilter, retrieveAttributes) #返回結果為list或None #searchFilter =  '(&(objectClass=person)(sAMAccountName=username))'
    #ldap_result =l.search(baseDN, searchScope, searchFilter, retrieveAttributes)
    #ldap_result =l.search_ext_s(baseDN, searchScope, searchFilter, retrieveAttributes)
    #print ldap_result
    if len(ldap_result) == 0:
        print queryusername + ' Doesnot Exist'
except ldap.LDAPError, e:
    print e
finally:
    l.unbind_s() #解除ldap binding del l

 3.遍歷某個OU下所有用戶

# -*- coding: UTF-8 -*-

import ldap
domainname='umr\\'
username='authusername'
ldapuser = domainname + username
ldappass='password'
ldappath='ldap://192.168.200.20:389/'
baseDN='OU=ServerAdmin,DC=umr,DC=uu,DC=com'

try:
    l = ldap.initialize(ldappath)
    l.protocol_version = ldap.VERSION3
    #l.simple_bind(ldapuser,ldappass)
    l.bind_s(ldapuser,ldappass)
    searchScope  = ldap.SCOPE_SUBTREE
    retrieveAttributes = None
    searchFilter = '(&(objectClass=person))' #遍歷該OU下所有用戶,包含子OU
    ldap_result =l.search_s(baseDN, searchScope, searchFilter, retrieveAttributes) #返回結果為list或None

    for pinfor in ldap_result:
        #pinfor是一個tuple,第一個元素是該用戶的CN,第二個元素是一個dict,包含有用戶的所有屬性
        if pinfor[1]:
            p=pinfor[1]
            sAMAccountName = p['sAMAccountName'][0] #返回值是一個list
            displayName = p['displayName'][0]
            #如果用戶的某個屬性為空,則dict中不會包含有相應的key
            if 'department' in p:
                department = p['department'][0]
            else:
                department = None
            print sAMAccountName,displayName,department

    if len(ldap_result) == 0:
        print queryusername + ' Doesnot Exist'
except ldap.LDAPError, e:
    print e
finally:
    l.unbind_s() #解除ldap binding
    del l

 

參考:http://blog.sina.com.cn/s/blog_69ac00af01012e0g.html

http://www.vpsee.com/2012/11/use-python-ldap-to-create-read-delete-upgrade-ldap-entries/

https://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.search


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 springboot整合微軟的ad域,采用ldap的api來整合,實現用戶登錄驗證、 PHP操作LDAP訪問AD域進行登錄驗證 LDAP2-創建OU創建用戶 批量移動AD用戶到指定OU 根據當前登錄域賬號 獲取AD用戶姓名和所在OU目錄 django Ad域認證, 免設置ldap 免用戶名密碼登錄 編制AD域OU與用戶組自動同步腳本 Powershell :AD 域操作之OU 導出、創建、 用戶導出、創建、移動OU AD域登錄驗證 Java使用LdAP獲取AD域用戶
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM