Reading groups from LDAP

Melita Mihaljevic melita.mihaljevic at
Thu Jun 19 14:24:36 CEST 2008

On Wed, Jun 18, 2008 at 7:17 PM, Michael Ströder <michael at>

> Michael Ströder wrote:
>> The user enters some user name. During login you have to use a
>> configurable search filter for searching the user's entry.
>> Something like:
>> user_search_filter_template = '(|(uid=%s)(sAMAccountName=%s))'
>> An then replace %s with what the user entered as user name.
> Furthermore:
> 1. You have to check whether exactly *one* entry is returned in the search
> results. search_ext_s(..,sizelimit=2)
> 2. You MUST only accept non-empty passwords when checking the user's
> password with a bind request. If you send a simple bind request with an
> empty password the bind is ok because it's only treated as anonymous bind by
> most LDAP servers.
> Ciao, Michael.

Probably we didn't understand.I will use uid=userid_name ( %s =
I have a test that I want to succeed:

    def testMemberOfGroup(self):
        """Authenticate to LDAP and read all groups that user with uid usera
        is a member of.
        server_uri = self.ldap_env.slapd.url
        base_dn = self.ldap_env.basedn
        lo = ldap.initialize(server_uri)
        ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
        lo.simple_bind_s('', '')
A,ou=Users,ou=testing,dc=example,dc=org)))'' # ths one was just for checking
if this works
        search_groups = lo.search_st(base_dn, ldap.SCOPE_SUBTREE,

(yes this works but I don't want to need to know all those stuff after the

I know you said it's a bad thing to search for substring nut this is the
only way how I can say something is a grop -> for me in ma definition,
something is a group if has a member (or a type containing word member-
there is wher it will be grat to use substrings) and in the member part of
the record it has uid, the rest of the groups I don't want to know about

And I have a part of record record:
'member': ['cn=dummy', 'uid=usera,ou=Unit

And I only want to search for uid=usera, not the rest of the record. This is
only for test and for the real search I will use it more configurable.

Melita MIhaljevic|melita.mihaljevic at| melita.mihaljevic at
ICQ: 201278527 | Gtalk: melita.mihaljevic |
PGP: 0xDB17A80C | |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the python-ldap mailing list