Untitled

import traceback
import ldap
import datetime


def get_membership_from_answer (obj) :
    if list == type(obj):
        for i in obj:
            ans = get_membership_from_answer(i)
            if None != ans:
                return ans;
    elif tuple == type(obj):
        for i in obj:
            ans = get_membership_from_answer(i)
            if None != ans:
                return ans;
    elif dict == type(obj):
        array_of_groups = obj.get('memberOf')
        ans = list()
        for grp in array_of_groups:
            start_name = grp.find ("CN=")
            end_name = grp.find(",")
            ans.append(grp[start_name+3: end_name])
        return ans
    else:
        return None
    return None

#testing
try:
    l = ldap.open("192.168.1.1")
    l.set_option(ldap.OPT_REFERRALS, 0)
    l.protocol_version = ldap.VERSION3

    username = "ca4@test.local.domain"
    password  = "pass_Ca"

    dn_recs = username.split('@')[1].split('.')
    username_bare = username.split('@')[0]
    for i in range(len(dn_recs)):
        dn_recs[i] = 'dc=%s' % dn_recs[i]
    dn_recs = ','.join(dn_recs)

    # Any errors will throw an ldap.LDAPError exception
    # or related exception so you can ignore the result
    l.simple_bind_s(username, password)

    #get groups - here we are falling.  what should be here?
    f_filterStr = "(&(objectClass=user)(cn=%s))" % username_bare
    print "Filter == ", f_filterStr
    results = l.search_s(dn_recs, ldap.SCOPE_SUBTREE, f_filterStr)
    print "results == ",  results
    print get_membership_from_answer (results)

except ldap.LDAPError, e:
    print "No login :-("
    print traceback.format_exc()

$$>test_ldap_grps_1.py
Filter ==  (&(objectClass=user)(cn=ca4))

results ==  [('CN=ca4,DC=test,DC=local,DC=domain', {'primaryGroupID': ['513'], 'logonCount': ['0'], 'cn': ['ca4'], 'countryCode': ['0'], 'dSCorePropagationData': ['16010101000000.0Z'], 'objectClass': ['top', 'person', 'organizationalPerson', 'user'], 'userPrincipalName': ['ca4@test.local.domain'], 'lastLogonTimestamp': ['130606496321699064'], 'instanceType': ['4'], 'distinguishedName': ['CN=ca4,DC=test,DC=local,DC=domain'], 'sAMAccountType': ['805306368'], 'objectSid': ['x01x05x00x00x00x00x00x05x15x00x00x00xc4Jyx08Kxc94x8ex8fx1excdx96Wx04x00x00'], 'whenCreated': ['20140601213859.0Z'], 'uSNCreated': ['12788'], 'badPasswordTime': ['130606517298027248'], 'pwdLastSet': ['130591819072140892'], 'sAMAccountName': ['ca4'], 'objectCategory': ['CN=Person,CN=Schema,CN=Configuration,DC=test,DC=local,DC=domain'], 'objectGUID': ['xb4xb8.x8ahx00x84Mx84xe4xd5xa3xe2)x84x7f'], 'whenChanged': ['20141116221352.0Z'], 'badPwdCount': ['0'], 'accountExpires': ['9223372036854775807'], 'displayName': ['ca4'], 'name': ['ca4'], 'memberOf': ['CN=ca_manager,DC=test,DC=local,DC=domain', 'CN=ca_tech,DC=test,DC=local,DC=domain', 'CN=ca_change,DC=test,DC=local,DC=domain', 'CN=ca,DC=test,DC=local,DC=domain'], 'codePage': ['0'], 'userAccountControl': ['66048'], 'lastLogon': ['130606528359838513'], 'uSNChanged': ['41278'], 'givenName': ['ca4'], 'lastLogoff': ['0']}), (None, ['ldap://ForestDnsZones.test.local.domain/DC=ForestDnsZones,DC=test,DC=local,DC=domain']), (None, ['ldap://DomainDnsZones.test.local.domain/DC=DomainDnsZones,DC=test,DC=local,DC=domain']), (None, ['ldap://test.local.domain/CN=Configuration,DC=test,DC=local,DC=domain'])]

['ca_manager', 'ca_tech', 'ca_change', 'ca']

$$>test_ldap_grps_1.py
Filter ==  (&(objectClass=user)(cn=ca4))

results ==  [('CN=ca4,DC=test,DC=local,DC=domain', None)]

None