2023年6月21日发(作者:)
ldap3官⽅⽂档学习之增删改查操作前⾔公司部门培训⽤到 ldap3,布置了个作业,于是开始看学习中。我是直接从 部分开始看的。主要就是官⽅⽂档提供了增删改查的接⼝,需要看懂函数和参数,然后就会⽤了。增加操作官⽅ add 函数def add(self, dn, object_class=None, attributes=None, controls=None)逐个参数解释:dn:标识要添加的⽬标名字object_class:要添加的标志类名称,可以是包含⼀个单⼀值或⼀串字符串attributes:⼀个以 {‘attr1’: ‘val1’, ‘attr2’: ‘val2’, …} or {‘attr1’: [‘val1’, ‘val2’, …], …} 多值形式的字典controls:发送请求额外的信息举例# import class and constantsfrom ldap3 import Server, Connection, ALL# define the servers = Server('servername', get_info=ALL) # define an unsecure LDAP server, requesting info on DSE and schema# define the connectionc = Connection(s, user='user_dn', password='user_password')# perform the Add ('cn=user1,ou=users,o=company', ['inetOrgPerson', 'posixGroup', 'top'], {'sn': 'user_sn', 'gidNumber': 0})# equivalent to
等同上⾯('cn=user1,ou=users,o=company', attributes={'objectClass': ['inetOrgPerson', 'posixGroup', 'top'], 'sn': 'user_sn', gidNumber: 0})print()# close the ()主要就是 add 函数传三个参数:dn、object_class、attributes。dn 包含⽤户cn、ou、o等信息删除操作官⽅ delete 函数def delete(self, dn, controls=None):逐个参数解释:dn:标识要删除的⽬标名字controls:发送请求额外的信息举例from ldap3 import Server, Connection, ALL# define the servers = Server('servername', get_info=ALL) # define an unsecure LDAP server, requesting info on DSE and schema# define the connectionc = Connection(s, user='user_dn', password='user_password')# perform the Delete ('cn=user1,ou=users,o=company')print()# close the ()主要就是 delete 函数传⼀个参数:dn。dn 包含⽤户cn、ou、o等信息修改操作官⽅ modify 函数def modify(self, dn, changes, controls=None):逐个参数解释:dn:标识要删除的⽬标名字changes:⼀个要被展⽰在具体⼊⼝的修改的字典controls:发送请求额外的信息举例# import class and constantsfrom ldap3 import Server, Connection, ALL, MODIFY_REPLACE# define the servers = Server('servername', get_info=ALL) # define an unsecure LDAP server, requesting info on DSE and schema# define the connectionc = Connection(s, user='user_dn', password='user_password')()# perform the Modify ('cn=user1,ou=users,o=company', {'givenName': [(MODIFY_REPLACE, ['givenname-1-replaced'])], 'sn': [(MODIFY_REPLACE, ['sn-replaced'])]})print()# close the ()主要就是 modify 函数传两个参数:dn、changes。dn 包含⽤户cn、ou、o等信息changes 包含修改前的数据类别和修改后的数据查询操作官⽅ search 函数def search(self, search_base, search_filter, search_scope=SUBTREE, dereference_aliases=DEREF_ALWAYS, attributes=None, size_limit=0, time_limit=0, types_only=False, get_operational_attributes=False, controls=None, paged_size=None, paged_criticality=False, paged_cookie=None):逐个参数解释:search_base:查询请求的基础search_filter:查询请求的过滤器,必须服从 LDAP 过滤语法 RFC4515 标准search_scope:具体指定查询内容的部分BASE:查询 search_base 中指定的条⽬的属性。LEVEL:查询 search_base 中包含的条⽬的属性。基对象必须引⽤⼀个容器对象。SUBTREE:向下查询 search_base 和所有附属容器中指定的条⽬的属性。attributes:查询返回的单个属性或属性列表(默认为None)。如果属性为None,则不返回任何属性。如果属性是 ALL_ATTRIBUTES或 ALL_OPERATIONAL_ATTRIBUTES,则返回所有⽤户属性或所有操作属性。举例from ldap3 import Server, Connection, SUBTREEtotal_entries = 0server = Server('test-server')c = Connection(server, user='username', password='password')(search_base = 'o=test', search_filter = '(objectClass=inetOrgPerson)', search_scope = SUBTREE, attributes = ['cn', 'givenName'], paged_size = 5)total_entries += len(se)for entry in se: print(entry['dn'], entry['attributes'])cookie = ['controls']['1.2.840.113556.1.4.319']['value']['cookie']while cookie: (search_base = 'o=test', search_filter = '(objectClass=inetOrgPerson)', search_scope = SUBTREE, attributes = ['cn', 'givenName'], paged_size = 5, paged_cookie = cookie) total_entries += len(se) cookie = ['controls']['1.2.840.113556.1.4.319']['value']['cookie'] for entry in se: print(entry['dn'], entry['attributes'])print('Total entries retrieved:', total_entries)主要就是 search 函数传四个参数:search_base、search_filter、search_scope、attributes。search_base:⼀般就是之前三个操作都要⽤到的 dnsearch_filter:默认为 ‘(objectClass=inetOrgPerson)’search_scope:我⽤的是 SUBTREEattributes:我⽤的是 ALL_ATTRIBUTES增删改查完整版代码增删改查操作都是从 Excel 表格中读取数据的。# coding: utf8import sysimport jsonfrom ldap3 import Connection, Server, ALL, MODIFY_ADD, MODIFY_REPLACE, SUBTREE, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTESimport utilsfrom config import BASE_DN, LDAP_TEST_CONFIG, LDAP_PROD_CONFIG, GROUP_DNShost = ""port = xxxuser = "cn=xxx,dc=xx,dc=xxx"password = "xxx"#
创建连接server = Server(host=host, port=port, get_info=ALL)conn = Connection(server=server, auto_bind=True, read_only=False, fast_decoder=True, check_names=True, user=user, password=password)#
检查连接是否成功def test_connection(): print() print() print(_am_i())#
获取⽤户def get_users(): (search_base="dc=xxx,dc=xxx", attributes=ALL_ATTRIBUTES, search_filter='(objectclass=person)') print() res = se_to_json() res = (res)['entries'] return resprint("===================测试链接====================")test_connection()print("nnn===================打印⽤户====================")print(get_users())ldap_config = {}excel_file_path = ""ldap_user_excel_file = excel_file_path#
批量添加组织⼈员def add_users(): #
读取⽤户excel信息 userattrs = te_ldap_userattrs(ldap_user_excel_file) # print(userattrs) print("nnn===================开始添加⽤户========================") for user_dn, userattr in (): #
添加⽤户 (user_dn, ['top', 'inetOrgPerson', 'posixAccount'], userattr) res = #
⽤户已存在 if res['result'] != 0: msg = res['description'] print("add user failed:%s res: %s" % (user_dn, res)) continue #
添加⽤户到⽤户组,直接添加到 cn = xx组中,没有这个操作的话就是不添加到 cn
中 for GROUP_DN in GROUP_DNS: (GROUP_DN, {'uniqueMember': [(MODIFY_ADD, user_dn)]}) # print("====modify result=====") res = msg = "success" if res['result'] != 0: msg = res['message'] print("add user to group:%s res: %s" % (GROUP_DN, msg)) continue print(user_dn, "success") print("===================添加⽤户完毕========================")#
批量删除组织⼈员def delete_users(): #
读取⽤户excel信息 userattrs = te_ldap_userattrs(ldap_user_excel_file) # print(userattrs) print("nnn===================开始删除⽤户========================") for user_dn, userattr in (): #
删除⽤户 (user_dn) res = print(user_dn, "success") print("===================删除⽤户完毕========================")#
修改⼈员信息def modify_users(): #
读取⽤户excel信息 userattrs = te_ldap_userattrs(ldap_user_excel_file) # print(userattrs) print("nnn===================开始修改⽤户信息========================") for user_dn, userattr in (): #
修改⽤户部门和⼯作地点 (user_dn, {'physicalDeliveryOfficeName': [(MODIFY_REPLACE, ['武汉研发组'])], 'l': [(MODIFY_REPLACE, ['武汉'])]}) res = print(user_dn, "success") print("===================修改⽤户信息完毕========================")#
查询⼈员信息def search_users(): #
读取⽤户excel信息 userattrs = te_ldap_userattrs(ldap_user_excel_file) # print(userattrs) print("nnn===================开始查询⽤户信息========================") for user_dn, userattr in (): #
查询⽤户 print(user_dn) status = (search_base = user_dn, search_filter = '(objectClass=inetOrgPerson)', search_scope = SUBTREE, attributes = ALL_ATTRIBUTES) if status: print(user_dn, "success") else: print(user_dn, "failed") print("===================查询⽤户信息完毕========================")test_connection()get_users()search_users()add_users()delete_users()modify_users()search_users()# close the ()参考
2023年6月21日发(作者:)
ldap3官⽅⽂档学习之增删改查操作前⾔公司部门培训⽤到 ldap3,布置了个作业,于是开始看学习中。我是直接从 部分开始看的。主要就是官⽅⽂档提供了增删改查的接⼝,需要看懂函数和参数,然后就会⽤了。增加操作官⽅ add 函数def add(self, dn, object_class=None, attributes=None, controls=None)逐个参数解释:dn:标识要添加的⽬标名字object_class:要添加的标志类名称,可以是包含⼀个单⼀值或⼀串字符串attributes:⼀个以 {‘attr1’: ‘val1’, ‘attr2’: ‘val2’, …} or {‘attr1’: [‘val1’, ‘val2’, …], …} 多值形式的字典controls:发送请求额外的信息举例# import class and constantsfrom ldap3 import Server, Connection, ALL# define the servers = Server('servername', get_info=ALL) # define an unsecure LDAP server, requesting info on DSE and schema# define the connectionc = Connection(s, user='user_dn', password='user_password')# perform the Add ('cn=user1,ou=users,o=company', ['inetOrgPerson', 'posixGroup', 'top'], {'sn': 'user_sn', 'gidNumber': 0})# equivalent to
等同上⾯('cn=user1,ou=users,o=company', attributes={'objectClass': ['inetOrgPerson', 'posixGroup', 'top'], 'sn': 'user_sn', gidNumber: 0})print()# close the ()主要就是 add 函数传三个参数:dn、object_class、attributes。dn 包含⽤户cn、ou、o等信息删除操作官⽅ delete 函数def delete(self, dn, controls=None):逐个参数解释:dn:标识要删除的⽬标名字controls:发送请求额外的信息举例from ldap3 import Server, Connection, ALL# define the servers = Server('servername', get_info=ALL) # define an unsecure LDAP server, requesting info on DSE and schema# define the connectionc = Connection(s, user='user_dn', password='user_password')# perform the Delete ('cn=user1,ou=users,o=company')print()# close the ()主要就是 delete 函数传⼀个参数:dn。dn 包含⽤户cn、ou、o等信息修改操作官⽅ modify 函数def modify(self, dn, changes, controls=None):逐个参数解释:dn:标识要删除的⽬标名字changes:⼀个要被展⽰在具体⼊⼝的修改的字典controls:发送请求额外的信息举例# import class and constantsfrom ldap3 import Server, Connection, ALL, MODIFY_REPLACE# define the servers = Server('servername', get_info=ALL) # define an unsecure LDAP server, requesting info on DSE and schema# define the connectionc = Connection(s, user='user_dn', password='user_password')()# perform the Modify ('cn=user1,ou=users,o=company', {'givenName': [(MODIFY_REPLACE, ['givenname-1-replaced'])], 'sn': [(MODIFY_REPLACE, ['sn-replaced'])]})print()# close the ()主要就是 modify 函数传两个参数:dn、changes。dn 包含⽤户cn、ou、o等信息changes 包含修改前的数据类别和修改后的数据查询操作官⽅ search 函数def search(self, search_base, search_filter, search_scope=SUBTREE, dereference_aliases=DEREF_ALWAYS, attributes=None, size_limit=0, time_limit=0, types_only=False, get_operational_attributes=False, controls=None, paged_size=None, paged_criticality=False, paged_cookie=None):逐个参数解释:search_base:查询请求的基础search_filter:查询请求的过滤器,必须服从 LDAP 过滤语法 RFC4515 标准search_scope:具体指定查询内容的部分BASE:查询 search_base 中指定的条⽬的属性。LEVEL:查询 search_base 中包含的条⽬的属性。基对象必须引⽤⼀个容器对象。SUBTREE:向下查询 search_base 和所有附属容器中指定的条⽬的属性。attributes:查询返回的单个属性或属性列表(默认为None)。如果属性为None,则不返回任何属性。如果属性是 ALL_ATTRIBUTES或 ALL_OPERATIONAL_ATTRIBUTES,则返回所有⽤户属性或所有操作属性。举例from ldap3 import Server, Connection, SUBTREEtotal_entries = 0server = Server('test-server')c = Connection(server, user='username', password='password')(search_base = 'o=test', search_filter = '(objectClass=inetOrgPerson)', search_scope = SUBTREE, attributes = ['cn', 'givenName'], paged_size = 5)total_entries += len(se)for entry in se: print(entry['dn'], entry['attributes'])cookie = ['controls']['1.2.840.113556.1.4.319']['value']['cookie']while cookie: (search_base = 'o=test', search_filter = '(objectClass=inetOrgPerson)', search_scope = SUBTREE, attributes = ['cn', 'givenName'], paged_size = 5, paged_cookie = cookie) total_entries += len(se) cookie = ['controls']['1.2.840.113556.1.4.319']['value']['cookie'] for entry in se: print(entry['dn'], entry['attributes'])print('Total entries retrieved:', total_entries)主要就是 search 函数传四个参数:search_base、search_filter、search_scope、attributes。search_base:⼀般就是之前三个操作都要⽤到的 dnsearch_filter:默认为 ‘(objectClass=inetOrgPerson)’search_scope:我⽤的是 SUBTREEattributes:我⽤的是 ALL_ATTRIBUTES增删改查完整版代码增删改查操作都是从 Excel 表格中读取数据的。# coding: utf8import sysimport jsonfrom ldap3 import Connection, Server, ALL, MODIFY_ADD, MODIFY_REPLACE, SUBTREE, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTESimport utilsfrom config import BASE_DN, LDAP_TEST_CONFIG, LDAP_PROD_CONFIG, GROUP_DNShost = ""port = xxxuser = "cn=xxx,dc=xx,dc=xxx"password = "xxx"#
创建连接server = Server(host=host, port=port, get_info=ALL)conn = Connection(server=server, auto_bind=True, read_only=False, fast_decoder=True, check_names=True, user=user, password=password)#
检查连接是否成功def test_connection(): print() print() print(_am_i())#
获取⽤户def get_users(): (search_base="dc=xxx,dc=xxx", attributes=ALL_ATTRIBUTES, search_filter='(objectclass=person)') print() res = se_to_json() res = (res)['entries'] return resprint("===================测试链接====================")test_connection()print("nnn===================打印⽤户====================")print(get_users())ldap_config = {}excel_file_path = ""ldap_user_excel_file = excel_file_path#
批量添加组织⼈员def add_users(): #
读取⽤户excel信息 userattrs = te_ldap_userattrs(ldap_user_excel_file) # print(userattrs) print("nnn===================开始添加⽤户========================") for user_dn, userattr in (): #
添加⽤户 (user_dn, ['top', 'inetOrgPerson', 'posixAccount'], userattr) res = #
⽤户已存在 if res['result'] != 0: msg = res['description'] print("add user failed:%s res: %s" % (user_dn, res)) continue #
添加⽤户到⽤户组,直接添加到 cn = xx组中,没有这个操作的话就是不添加到 cn
中 for GROUP_DN in GROUP_DNS: (GROUP_DN, {'uniqueMember': [(MODIFY_ADD, user_dn)]}) # print("====modify result=====") res = msg = "success" if res['result'] != 0: msg = res['message'] print("add user to group:%s res: %s" % (GROUP_DN, msg)) continue print(user_dn, "success") print("===================添加⽤户完毕========================")#
批量删除组织⼈员def delete_users(): #
读取⽤户excel信息 userattrs = te_ldap_userattrs(ldap_user_excel_file) # print(userattrs) print("nnn===================开始删除⽤户========================") for user_dn, userattr in (): #
删除⽤户 (user_dn) res = print(user_dn, "success") print("===================删除⽤户完毕========================")#
修改⼈员信息def modify_users(): #
读取⽤户excel信息 userattrs = te_ldap_userattrs(ldap_user_excel_file) # print(userattrs) print("nnn===================开始修改⽤户信息========================") for user_dn, userattr in (): #
修改⽤户部门和⼯作地点 (user_dn, {'physicalDeliveryOfficeName': [(MODIFY_REPLACE, ['武汉研发组'])], 'l': [(MODIFY_REPLACE, ['武汉'])]}) res = print(user_dn, "success") print("===================修改⽤户信息完毕========================")#
查询⼈员信息def search_users(): #
读取⽤户excel信息 userattrs = te_ldap_userattrs(ldap_user_excel_file) # print(userattrs) print("nnn===================开始查询⽤户信息========================") for user_dn, userattr in (): #
查询⽤户 print(user_dn) status = (search_base = user_dn, search_filter = '(objectClass=inetOrgPerson)', search_scope = SUBTREE, attributes = ALL_ATTRIBUTES) if status: print(user_dn, "success") else: print(user_dn, "failed") print("===================查询⽤户信息完毕========================")test_connection()get_users()search_users()add_users()delete_users()modify_users()search_users()# close the ()参考
![[原创]archery平台升级部署实践](/uploads/image/0873.jpg)
发布评论