Reading groups from LDAP
melita.mihaljevic at gmail.com
Thu Jun 19 14:24:36 CEST 2008
On Wed, Jun 18, 2008 at 7:17 PM, Michael Ströder <michael at stroeder.com>
> Michael Ströder wrote:
>> The user enters some user name. During login you have to use a
>> configurable search filter for searching the user's entry.
>> Something like:
>> user_search_filter_template = '(|(uid=%s)(sAMAccountName=%s))'
>> An then replace %s with what the user entered as user name.
> 1. You have to check whether exactly *one* entry is returned in the search
> results. search_ext_s(..,sizelimit=2)
> 2. You MUST only accept non-empty passwords when checking the user's
> password with a bind request. If you send a simple bind request with an
> empty password the bind is ok because it's only treated as anonymous bind by
> most LDAP servers.
> Ciao, Michael.
Probably we didn't understand.I will use uid=userid_name ( %s =
I have a test that I want to succeed:
"""Authenticate to LDAP and read all groups that user with uid usera
is a member of.
server_uri = self.ldap_env.slapd.url
base_dn = self.ldap_env.basedn
lo = ldap.initialize(server_uri)
A,ou=Users,ou=testing,dc=example,dc=org)))'' # ths one was just for checking
if this works
search_groups = lo.search_st(base_dn, ldap.SCOPE_SUBTREE,
(yes this works but I don't want to need to know all those stuff after the
I know you said it's a bad thing to search for substring nut this is the
only way how I can say something is a grop -> for me in ma definition,
something is a group if has a member (or a type containing word member-
there is wher it will be grat to use substrings) and in the member part of
the record it has uid, the rest of the groups I don't want to know about
And I have a part of record record:
'member': ['cn=dummy', 'uid=usera,ou=Unit
And I only want to search for uid=usera, not the rest of the record. This is
only for test and for the real search I will use it more configurable.
Melita MIhaljevic|melita.mihaljevic at gmail.com| melita.mihaljevic at
ICQ: 201278527 | Gtalk: melita.mihaljevic |
PGP: 0xDB17A80C | http://fly.srk.fer.hr/~gizmo
http://www.last.fm/user/maligizmo/ | http://www.linkedin.com/in/mmihaljevic
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the python-ldap