Python使用ldap3认证

时间:2021-09-11 10:57:37

一、安装ldap3模块(python版本为python3以上,Django=1.11.8)
pip install ldap3

二、相关代码

from ldap3 import Server, Connection, ALL, SUBTREE, ServerPool,ALL_ATTRIBUTES

LDAP_SERVER_POOL = ["AD_IP1", "AD_IP2"]
LDAP_SERVER_PORT = 389
ADMIN_DN = "administrator@domainname.com"
ADMIN_PASSWORD = "xxxxxxx"
SEARCH_BASE = "ou=Users,dc=domainname,dc=com" def ldap_auth(username, password):
ldap_server_pool = ServerPool(LDAP_SERVER_POOL)
conn = Connection(ldap_server_pool, user=ADMIN_DN, password=ADMIN_PASSWORD, check_names=True, lazy=False, raise_exceptions=False)
conn.open()
conn.bind() res = conn.search(
search_base = SEARCH_BASE,
search_filter = '(sAMAccountName={})'.format(username),
search_scope = SUBTREE,
attributes = ['cn', 'givenName', 'mail', 'sAMAccountName','department','manager'],
#ALL_ATTRIBUTES:获取所有属性值
# attributes=ALL_ATTRIBUTES,
paged_size = 5
) if res:
entry = conn.response[0]
# print(entry)
dn = entry['dn']
attr_dict = entry['attributes'] # check password by dn
try:
conn2 = Connection(ldap_server_pool, user=dn, password=password, check_names=True, lazy=False, raise_exceptions=False)
conn2.bind()
if conn2.result["description"] == "success":
print((True,attr_dict["sAMAccountName"],password, attr_dict["mail"], attr_dict["cn"],attr_dict["department"], attr_dict["givenName"]))
return (True, attr_dict["sAMAccountName"],password, attr_dict["mail"],attr_dict["cn"],attr_dict["department"],attr_dict["givenName"])
else:
print("auth fail")
return (False, None, None, None)
except Exception as e:
print("auth fail")
return (False, None, None, None)
else:
return (False, None, None, None) if __name__ == "__main__":
ldap_auth("administrator", "xxxxxxxx")

官方文档链接:
        https://ldap3.readthedocs.io/index.html