是否有可能以及如何使用 python 和 django 从 LDAP 获取所有用户?
Is it possible and how get all users from LDAP using python and django?
环境:
python - 3.6.6
django - 2.x.x
django-auth-ldap - 2.0.0
python-ldap - 3.2.0
代码:
import ldap
from django_auth_ldap.backend import LDAPBackend, _LDAPUser, LDAPSearch
user = _LDAPUser(LDAPBackend(), "any") # just for getting root connection to LDAP
search = LDAPSearch(
"ou=Some,dc=some,dc=some,dc=some",
ldap.SCOPE_SUBTREE,
"???? what should be here ???" # criteria, I guess
)
# list of users is expected, or at least user's names
result = search.execute(user.connection)
问题:
如何构造正确的条件(或应该如何正确调用)来获取用户列表? (链接会很棒)
有可能吗?
解决方案(不适用于生产,只是工作草图):
# based on https://medium.com/@alpolishchuk/pagination-of-ldap-search-results-with-python-ldap-845de60b90d2
import ldap
from ldap.controls import SimplePagedResultsControl
from django_auth_ldap.backend import LDAPBackend, _LDAPUser
user = _LDAPUser(LDAPBackend(), "any")
connect = user.connection
page_control = SimplePagedResultsControl(True, size=2, cookie='')
result = []
fuse = 2
while True:
fuse -= 1
if fuse < 0:
break
response = connect.search_ext(
"ou=some,dc=some,dc=some,dc=some",
ldap.SCOPE_SUBTREE,
"(objectClass=inetorgperson)",
[],
serverctrls=[page_control]
)
rtype, rdata, rmsgid, serverctrls = connect.result3(response)
result.extend(rdata)
controls = [control for control in serverctrls
if control.controlType == SimplePagedResultsControl.controlType]
if not controls:
print("The server ignores RFC 2696 control")
break
if not controls[0].cookie:
break
page_control.cookie = controls[0].cookie
您的环境中可能涉及许多不同的场景。
- LDAP 中有多少用户?
- 哪个 LDAP 服务器实现? (微软活动目录?)
- 您可能需要使用 Simple Paged Results control。
至于过滤器,Microsoft Active Directory 有 some examples
对于(不是广告)像
这样简单的东西
(objectClass=inetorgperson)
应该足够了。
环境:
python - 3.6.6
django - 2.x.x
django-auth-ldap - 2.0.0
python-ldap - 3.2.0
代码:
import ldap
from django_auth_ldap.backend import LDAPBackend, _LDAPUser, LDAPSearch
user = _LDAPUser(LDAPBackend(), "any") # just for getting root connection to LDAP
search = LDAPSearch(
"ou=Some,dc=some,dc=some,dc=some",
ldap.SCOPE_SUBTREE,
"???? what should be here ???" # criteria, I guess
)
# list of users is expected, or at least user's names
result = search.execute(user.connection)
问题:
如何构造正确的条件(或应该如何正确调用)来获取用户列表? (链接会很棒)
有可能吗?
解决方案(不适用于生产,只是工作草图):
# based on https://medium.com/@alpolishchuk/pagination-of-ldap-search-results-with-python-ldap-845de60b90d2
import ldap
from ldap.controls import SimplePagedResultsControl
from django_auth_ldap.backend import LDAPBackend, _LDAPUser
user = _LDAPUser(LDAPBackend(), "any")
connect = user.connection
page_control = SimplePagedResultsControl(True, size=2, cookie='')
result = []
fuse = 2
while True:
fuse -= 1
if fuse < 0:
break
response = connect.search_ext(
"ou=some,dc=some,dc=some,dc=some",
ldap.SCOPE_SUBTREE,
"(objectClass=inetorgperson)",
[],
serverctrls=[page_control]
)
rtype, rdata, rmsgid, serverctrls = connect.result3(response)
result.extend(rdata)
controls = [control for control in serverctrls
if control.controlType == SimplePagedResultsControl.controlType]
if not controls:
print("The server ignores RFC 2696 control")
break
if not controls[0].cookie:
break
page_control.cookie = controls[0].cookie
您的环境中可能涉及许多不同的场景。
- LDAP 中有多少用户?
- 哪个 LDAP 服务器实现? (微软活动目录?)
- 您可能需要使用 Simple Paged Results control。
至于过滤器,Microsoft Active Directory 有 some examples
对于(不是广告)像
这样简单的东西(objectClass=inetorgperson)
应该足够了。