# -*- coding: UTF-8 -*-
import ldap, ConfigParser, os
from ldap import modlist
LDAP_HOST = "mydomain.com"
USER = "cn=admin,dc=mydomain,dc=com"
PASSWORD = password
BASE_DN = dc=mydomain,dc=com
class LdapOpt(object):
def __init__(self, server_port=389):
self.server_uri = LDAP_HOST
self.server_port = server_port
self.ldap_obj = None
self.bind_name = USER
self.bind_passwd = PASSWORD
self.ldap_connect()
def ldap_connect(self):
"""
:param bind_name:
:param bind_passwd:
:return:
"""
url = self.server_uri
conn = ldap.open(url)
try:
rest = conn.simple_bind_s(self.bind_name, self.bind_passwd)
except ldap.SERVER_DOWN:
print(u"无法连接到LDAP")
except ldap.INVALID_CREDENTIALS:
print (u"LDAP账号错误")
except Exception, ex:
print (type(ex))
if rest[0] != 97: # 97 表示success
print (rest[1])
self.ldap_obj = conn
def add_user(self, base_dn, password):
"""
base_dn: uid=test, ou=magicstack,dc=test,dc=com NOT NONE
"""
if not base_dn:
print (u"DN不能为空")
dn_list = base_dn.split(',')
user_info = dict()
for item in dn_list:
attr, value = item.split('=')
user_info[attr] = value
attrs = {}
attrs['objectclass'] = ['person', 'inetOrgPerson', 'posixAccount', 'organizationalPerson']
attrs['cn'] = str(user_info['uid'])
attrs['homeDirectory'] = '/ftp_data/%s' % str(user_info['uid'])
attrs['loginShell'] = '/bin/bash'
attrs['sn'] = str(user_info['uid'])
attrs['uid'] = str(user_info['uid'])
attrs['uidNumber'] = str(self.__get_max_uidNumber() or "10001")
attrs['gidNumber'] = "10001"
attrs['userPassword'] = str(password)
ldif = modlist.addModlist(attrs)
try:
result = self.ldap_obj.add_s(base_dn, ldif)
except ldap.LDAPError, error_message:
print (error_message)
return False, error_message
else:
if result[0] == 105:
return True, []
else:
return False, result[1]
def delete_user(self, dn):
"""
dn: cn=test, ou=magicstack,dc=test, dc=com
"""
try:
result = self.ldap_obj.delete_s(dn)
except ldap.LDAPError, error_message:
print (error_message)
return False, error_message
else:
if result[0] == 107:
return True, []
else:
return False, result[1]
def __get_max_uidNumber(self):
"""
查询 当前最大的uid,这个是在添加用户时,用于自增uid
:param: None
:return: max uidNumber
"""
obj = self.ldap_obj
obj.protocal_version = ldap.VERSION3
searchScope = ldap.SCOPE_SUBTREE
retrieveAttributes = ['uidNumber']
searchFilter = "uid=*"
try:
ldap_result = obj.search_s(
base=BASE_DN,
scope=searchScope,
filterstr=searchFilter,
attrlist=retrieveAttributes
)
result_set = []
for data in ldap_result:
if data[1]:
result_set.append(int(data[1]["uidNumber"][0]))
if not result_set:
return False
return max(result_set) + 1
except ldap.LDAPError, error_message:
print (error_message)
return False
def ldap_get_user(self, uid=None):
'''
查询用户返回用户密码
:param uid:
:return: userpassword
'''
obj = self.ldap_obj
obj.protocal_version = ldap.VERSION3
searchScope = ldap.SCOPE_SUBTREE
retrieveAttributes = ["userPassword"]
searchFilter = "uid=" + uid
try:
ldap_result_id = obj.search(BASE_DN, searchScope, searchFilter, retrieveAttributes)
result_type, result_data = obj.result(ldap_result_id, 0)
if result_type == ldap.RES_SEARCH_ENTRY:
return result_data[0][1]["userPassword"][0]
else:
return None
except ldap.LDAPError, e:
print e
return None
def ldap_update_pass(self, dn=None, oldpass=None, newpass=None):
'''
修改用户密码
:param dn:
:param oldpass:
:param newpass:
:return:bool
'''
obj = self.ldap_obj
try:
obj.passwd_s(str(dn), oldpass, newpass)
return True
except ldap.LDAPError, e:
print e
return False