2023年6月21日发(作者:)
使⽤Python-LDAP操作LDAP周末看到那些排队⾎拼的⼈们,不⽤⾛进 shopping mall、不⽤看到那些五颜六⾊的打折和视觉冲击就能感受到 “节⽇要到了!”。⼀年⼜快结束了,这周完成备份、升级之类的收尾⼯作,接下来就是6周的假期,没啥⼤安排,假期第1周去南⾮德班参加⾼性能计算会议,回来后和家⼈短途旅⾏,然后圣诞节在家休息学点新东西,⽐如修车什么的,⼏次痛苦经历告诉我出来玩迟早是要坏的,对于 hiking/camping/roadtrip/4×4 这⼏个关键字的爱好者来说懂点维修常识是必须的。废话留到假期再说吧,接下来六周可能没有技术⽅⾯的博客更新~最近对 LDAP 服务器上⾯的数据做处理,有机会接触了⼀下 这个库和 LDAP/Kerberos. 去除所有打印和错误处理的代码后,⽤ Python-LDAP 操作 LDAP 的⾻⼲代码其实很简单,就这么⼏⾏,唯⼀遇到的⼀个⼩⿇烦就是折腾了⼀个多⼩时才知道 ‘TRUE’ 要⼤写(后⾯有说到)。安装 Python-LDAP在 Ubuntu/Debian 下安装 python-ldap 模块:$ sudo apt-get install python-ldap在 CentOS/RHEL 下安装 python-ldap 模块:# yum install python-ldap创建创建⼀条 LDAP 新纪录。有个要注意的地⽅,我们的 LDAP 有个属性 active,⽤来判断⽤户帐号是否是激活的 attrs['active'] = ‘TRUE’,这⾥的 ‘TRUE’ 不能⽤⼩写的 ‘true’,刚开始被 LDAP 管理⼯具上的⼩写 ‘true’ 误导,⽼以为 Python 程序⾥也应该⽤⼩写,结果总报错。phpLDAPadmindef ldap_add(firstname, lastname, username): l = (LDAP_HOST) ol_version = N3 _bind(LDAP_BIND, LDAP_PASS) cn = firstname + ' ' + lastname addDN = "cn=%s,ou=People,dc=vpsee,dc=com" % cn attrs = {} attrs['objectclass'] = ['top','person','inetOrgPerson','posixAccount','vpseeAccount'] attrs['cn'] = cn attrs['givenName'] = firstname attrs['homeDirectory'] = '/home/people/%s' % username attrs['loginShell'] = '/bin/bash' attrs['sn'] = lastname attrs['uid'] = username attrs['uidNumber'] = ldap_newuid() attrs['gidNumber'] = ldap_getgid() attrs['active'] = 'TRUE' ldif = list(attrs) _s(addDN, ldif) _s()查找和读取查找和读取⼀条 LDAP 纪录,⽐如根据 username 查找出 cn:def ldap_getcn(username): try: l = (LDAP_HOST) ol_version = N3 _bind(LDAP_BIND, LDAP_PASS) searchScope = _SUBTREE searchFilter = "uid=*" + username + "*" resultID = (LDAP_BASE, searchScope, searchFilter, None) result_set = [] while 1: result_type, result_data = (resultID, 0) if (result_data == []): break else: if result_type == _SEARCH_ENTRY: result_(result_data) return result_set[0][0][1]['cn'][0] except ror, e: print e更新更新⼀条 LDAP 纪录,⽐如更新⽤户状态 active 为 false:def ldap_deactive(username): try: l = (LDAP_HOST) ol_version = N3 _bind(LDAP_BIND, LDAP_PASS) deactiveDN = ("cn=%s," + LDAP_BASE) % ldap_getcn(username) old = {'active':'TRUE'} new = {'active':'FALSE'} ldif = Modlist(old, new) _s(deactiveDN, ldif) _s() except ror, e: print e删除删除⼀条 LDAP 纪录:def ldap_delete(username): try: l = (LDAP_HOST) ol_version = N3 _bind(LDAP_BIND, LDAP_PASS) deleteDN = ("cn=%s," + LDAP_BASE) % ldap_getcn(username) _s(deleteDN) except ror, e: print e
2023年6月21日发(作者:)
使⽤Python-LDAP操作LDAP周末看到那些排队⾎拼的⼈们,不⽤⾛进 shopping mall、不⽤看到那些五颜六⾊的打折和视觉冲击就能感受到 “节⽇要到了!”。⼀年⼜快结束了,这周完成备份、升级之类的收尾⼯作,接下来就是6周的假期,没啥⼤安排,假期第1周去南⾮德班参加⾼性能计算会议,回来后和家⼈短途旅⾏,然后圣诞节在家休息学点新东西,⽐如修车什么的,⼏次痛苦经历告诉我出来玩迟早是要坏的,对于 hiking/camping/roadtrip/4×4 这⼏个关键字的爱好者来说懂点维修常识是必须的。废话留到假期再说吧,接下来六周可能没有技术⽅⾯的博客更新~最近对 LDAP 服务器上⾯的数据做处理,有机会接触了⼀下 这个库和 LDAP/Kerberos. 去除所有打印和错误处理的代码后,⽤ Python-LDAP 操作 LDAP 的⾻⼲代码其实很简单,就这么⼏⾏,唯⼀遇到的⼀个⼩⿇烦就是折腾了⼀个多⼩时才知道 ‘TRUE’ 要⼤写(后⾯有说到)。安装 Python-LDAP在 Ubuntu/Debian 下安装 python-ldap 模块:$ sudo apt-get install python-ldap在 CentOS/RHEL 下安装 python-ldap 模块:# yum install python-ldap创建创建⼀条 LDAP 新纪录。有个要注意的地⽅,我们的 LDAP 有个属性 active,⽤来判断⽤户帐号是否是激活的 attrs['active'] = ‘TRUE’,这⾥的 ‘TRUE’ 不能⽤⼩写的 ‘true’,刚开始被 LDAP 管理⼯具上的⼩写 ‘true’ 误导,⽼以为 Python 程序⾥也应该⽤⼩写,结果总报错。phpLDAPadmindef ldap_add(firstname, lastname, username): l = (LDAP_HOST) ol_version = N3 _bind(LDAP_BIND, LDAP_PASS) cn = firstname + ' ' + lastname addDN = "cn=%s,ou=People,dc=vpsee,dc=com" % cn attrs = {} attrs['objectclass'] = ['top','person','inetOrgPerson','posixAccount','vpseeAccount'] attrs['cn'] = cn attrs['givenName'] = firstname attrs['homeDirectory'] = '/home/people/%s' % username attrs['loginShell'] = '/bin/bash' attrs['sn'] = lastname attrs['uid'] = username attrs['uidNumber'] = ldap_newuid() attrs['gidNumber'] = ldap_getgid() attrs['active'] = 'TRUE' ldif = list(attrs) _s(addDN, ldif) _s()查找和读取查找和读取⼀条 LDAP 纪录,⽐如根据 username 查找出 cn:def ldap_getcn(username): try: l = (LDAP_HOST) ol_version = N3 _bind(LDAP_BIND, LDAP_PASS) searchScope = _SUBTREE searchFilter = "uid=*" + username + "*" resultID = (LDAP_BASE, searchScope, searchFilter, None) result_set = [] while 1: result_type, result_data = (resultID, 0) if (result_data == []): break else: if result_type == _SEARCH_ENTRY: result_(result_data) return result_set[0][0][1]['cn'][0] except ror, e: print e更新更新⼀条 LDAP 纪录,⽐如更新⽤户状态 active 为 false:def ldap_deactive(username): try: l = (LDAP_HOST) ol_version = N3 _bind(LDAP_BIND, LDAP_PASS) deactiveDN = ("cn=%s," + LDAP_BASE) % ldap_getcn(username) old = {'active':'TRUE'} new = {'active':'FALSE'} ldif = Modlist(old, new) _s(deactiveDN, ldif) _s() except ror, e: print e删除删除⼀条 LDAP 纪录:def ldap_delete(username): try: l = (LDAP_HOST) ol_version = N3 _bind(LDAP_BIND, LDAP_PASS) deleteDN = ("cn=%s," + LDAP_BASE) % ldap_getcn(username) _s(deleteDN) except ror, e: print e
发布评论