Python实现LDAP用户名密码验证

网上借鉴了不少东西，下面是python代码，备份后用。

思路，因为每个用户的组都不一样，这样就导致了dn不一致的情况，

据需要先根据用户名获取该用户的dn，然后再bind用户名和密码进行验证。

反正是实现了，至于方式对不对后续再研究了。

机器上要先安装python-ldap包

#coding: utf-8
import  ldap
'''
实现LDAP用户登录验证，首先获取用户的dn，然后再验证用户名和密码
'''

ldappath = "ldap://xxxx"#ldap服务器地址
baseDN = "DC=aaaa,DC=bbbb,DC=com"#根目录
ldapuser = "xxxx";#ldap服务器用户名
ldappass = "xxxx";#ldap服务器密码

#获取用户的dn
def _validateLDAPUser(user):
    try:
        l = ldap.initialize(ldappath)
        l.protocol_version = ldap.VERSION3
        l.simple_bind(ldapuser,ldappass)

        searchScope  = ldap.SCOPE_SUBTREE
        searchFiltername = "sAMAccountName"
        retrieveAttributes = None
        searchFilter = '(' + searchFiltername + "=" + user +')'

        ldap_result_id = l.search(baseDN, searchScope, searchFilter, retrieveAttributes)
        result_type, result_data = l.result(ldap_result_id,1)
        if(not len(result_data) == 0):
          r_a,r_b = result_data[0]
          print r_b["distinguishedName"]
          return 1, r_b["distinguishedName"][0]
        else:
          return 0, ''
    except ldap.LDAPError, e:
        print e
        return 0, ''
    finally:
        l.unbind()
        del l

#连接超时，尝试多次连接
def GetDn(user, trynum = 30):
    i = 0
    isfound = 0
    foundResult = ""
    while(i < trynum):
        isfound, foundResult = _validateLDAPUser(user)
        if(isfound):
          break
        i+=1
    return foundResult

def LDAPLogin(userName,Password):
    try:
        if(Password==""):
            print "PassWord empty"
            return
        dn = GetDn(userName,10)
        if(dn==''):
            print "Not Exist User"
            return
        my_ldap = ldap.initialize(ldappath)
        print my_ldap.simple_bind_s(dn,Password)
        print "Login Ok"
    except Exception,e:
        print "Login Fail"
        # print str(e)

LDAPLogin("用户名","密码")