Difference between revisions of "Python ldap"

From UVOO Tech Wiki
Jump to navigation Jump to search
(Created page with "https://flask-ldap3-login.readthedocs.io/en/latest/quick_start.html")
 
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
https://flask-ldap3-login.readthedocs.io/en/latest/quick_start.html
+
- https://flask-ldap3-login.readthedocs.io/en/latest/quick_start.html
 +
- https://ldap3.readthedocs.io/en/latest/searches.html
 +
- https://flask-ldap3-login.readthedocs.io/en/latest/configuration.html
 +
- https://stackoverflow.com/questions/53342486/authenticate-with-flask-ldap3-login-based-on-group-membership
 +
 
 +
```
 +
from flask_ldap3_login import LDAP3LoginManager
 +
from ldap3 import Tls
 +
import ssl
 +
 
 +
config = dict()
 +
 
 +
# Setup LDAP Configuration Variables. Change these to your own settings.
 +
# All configuration directives can be found in the documentation.
 +
 
 +
# Hostname of your LDAP Server
 +
config['LDAP_HOST'] = 'ad.mydomain.com'
 +
 
 +
# Port number of your LDAP server
 +
config['LDAP_PORT'] = 636
 +
 
 +
# Base DN of your directory
 +
config['LDAP_BASE_DN'] = 'dc=mydomain,dc=com'
 +
 
 +
# Users DN to be prepended to the Base DN
 +
config['LDAP_USER_DN'] = 'ou=users'
 +
 
 +
# Groups DN to be prepended to the Base DN
 +
config['LDAP_GROUP_DN'] = 'ou=groups'
 +
 
 +
 
 +
# The RDN attribute for your user schema on LDAP
 +
config['LDAP_USER_RDN_ATTR'] = 'cn'
 +
 
 +
# The Attribute you want users to authenticate to LDAP with.
 +
config['LDAP_USER_LOGIN_ATTR'] = 'mail'
 +
 
 +
# The Username to bind to LDAP with
 +
config['LDAP_BIND_USER_DN'] = None
 +
 
 +
# The Password to bind to LDAP with
 +
config['LDAP_BIND_USER_PASSWORD'] = None
 +
 
 +
# Specify the server connection should use SSL
 +
config['LDAP_USE_SSL'] = True
 +
 
 +
# Instruct Flask-LDAP3-Login to not automatically add the server
 +
config['LDAP_ADD_SERVER'] = False
 +
 
 +
# Setup a LDAP3 Login Manager.
 +
ldap_manager = LDAP3LoginManager()
 +
 
 +
# Init the mamager with the config since we aren't using an app
 +
ldap_manager.init_config(config)
 +
 
 +
 
 +
# Initialize a `Tls` context, and add the server manually. See
 +
# http://ldap3.readthedocs.io/ssltls.html for more information.
 +
tls_ctx = Tls(
 +
    validate=ssl.CERT_REQUIRED,
 +
    version=ssl.PROTOCOL_TLSv1,
 +
    ca_certs_file='/path/to/cacerts',
 +
    valid_names=[
 +
        'ad.mydomain.com',
 +
    ]
 +
)
 +
 
 +
ldap_manager.add_server(
 +
    config.get('LDAP_HOST'),
 +
    config.get('LDAP_PORT'),
 +
    config.get('LDAP_USE_SSL'),
 +
    tls_ctx=tls_ctx
 +
)
 +
 
 +
# Check if the credentials are correct
 +
response = ldap_manager.authenticate('username', 'password')
 +
print(response.status)
 +
```

Latest revision as of 00:48, 5 May 2021

from flask_ldap3_login import LDAP3LoginManager
from ldap3 import Tls
import ssl

config = dict()

# Setup LDAP Configuration Variables. Change these to your own settings.
# All configuration directives can be found in the documentation.

# Hostname of your LDAP Server
config['LDAP_HOST'] = 'ad.mydomain.com'

# Port number of your LDAP server
config['LDAP_PORT'] = 636

# Base DN of your directory
config['LDAP_BASE_DN'] = 'dc=mydomain,dc=com'

# Users DN to be prepended to the Base DN
config['LDAP_USER_DN'] = 'ou=users'

# Groups DN to be prepended to the Base DN
config['LDAP_GROUP_DN'] = 'ou=groups'


# The RDN attribute for your user schema on LDAP
config['LDAP_USER_RDN_ATTR'] = 'cn'

# The Attribute you want users to authenticate to LDAP with.
config['LDAP_USER_LOGIN_ATTR'] = 'mail'

# The Username to bind to LDAP with
config['LDAP_BIND_USER_DN'] = None

# The Password to bind to LDAP with
config['LDAP_BIND_USER_PASSWORD'] = None

# Specify the server connection should use SSL
config['LDAP_USE_SSL'] = True

# Instruct Flask-LDAP3-Login to not automatically add the server
config['LDAP_ADD_SERVER'] = False

# Setup a LDAP3 Login Manager.
ldap_manager = LDAP3LoginManager()

# Init the mamager with the config since we aren't using an app
ldap_manager.init_config(config)


# Initialize a `Tls` context, and add the server manually. See
# http://ldap3.readthedocs.io/ssltls.html for more information.
tls_ctx = Tls(
    validate=ssl.CERT_REQUIRED,
    version=ssl.PROTOCOL_TLSv1,
    ca_certs_file='/path/to/cacerts',
    valid_names=[
        'ad.mydomain.com',
    ]
)

ldap_manager.add_server(
    config.get('LDAP_HOST'),
    config.get('LDAP_PORT'),
    config.get('LDAP_USE_SSL'),
    tls_ctx=tls_ctx
)

# Check if the credentials are correct
response = ldap_manager.authenticate('username', 'password')
print(response.status)
Retrieved from "https://tech.uvoo.io/index.php?title=Python_ldap&oldid=1680"