环境:Centos7 + Python3.8.0
使用python包:
pip3 listpython-ldap 3.3.1
示例中使用的参数:
域控ip、域、密码: 192.168.1.1 ,”bj.localnetwork.cn”, ‘123456789’
公共账户DN信息(CN项为公共邮箱中文名):
CN=邮箱中文名,OU=公共邮箱,OU=Person,DC=bj,DC=localnetwork,DC=cn
用户OU:
OU=Person,DC=bj,DC=localnetwork,DC=cn
LDAP:什么是DN
在LDAP协议中,DN用于指向一个LDAP对象,DN由一系列RDN(relative distinguished names)组成。
RDN之间用“逗号”隔开,它是一个键值对,格式为:attribute=value
# Copyright: (c) OpenSpug Organization. https://github.com/openspug/spug# Copyright: (c) <spug.dev@gmail.com># Released under the AGPL-3.0 License.#from apps.setting.models import Settingimport ldapimport jsonclass LDAP:def __init__(self):#server_info = Setting.objects.filter(key='ldap_service').first()#ldap_info_dict = json.loads(server_info.value)self.server = "192.168.1.1"self.port = "389"# self.rules = ldap_info_dict['rules']self.admin_dn = "CN=技术部邮箱,OU=公共邮箱,OU=Person,DC=bj,DC=localnetwork,DC=cn"self.password = "123456789"self.base_dn = "OU=Person,DC=bj,DC=localnetwork,DC=cn"def valid_user(self, username, password):try:print("准备连接ldap")conn = ldap.initialize("ldap://{0}:{1}".format(self.server, self.port), bytes_mode=False)print("验证")conn.simple_bind_s(self.admin_dn, self.password)print("连接ldap成功")#search_filter = f'({self.rules}={username})'search_filter = "sAMAccountName=" + usernameldap_result_id = conn.search(self.base_dn, ldap.SCOPE_SUBTREE, search_filter, None)print("准备搜索用户")result_type, result_data = conn.result(ldap_result_id, 0)if result_type == ldap.RES_SEARCH_ENTRY:print("找到用户")dn = result_data[0][0]#user_info = result_data[0][1]#print(dn)if conn.simple_bind_s(dn, password):print("用户:%s LDAP认证成功" % username)return True, Noneelse:print("用户:%s LDAP认证失败" % username)return False, Noneelse:print("认证失败")return False, Noneexcept Exception as error:args = error.argsprint("ldap发生意外")return False, args[0].get('desc', '未知错误') if args else '%s' % error
