API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 15th, 2016
99
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.35 KB | None | 0 0
raw download clone embed print report
  1. #! /usr/bin/python
  2.  
  3. import sys
  4. import ldap
  5. from ldap.controls import SimplePagedResultsControl
  6. from distutils.version import StrictVersion
  7.  
  8. # Check if we're using the Python "ldap" 2.4 or greater API
  9. LDAP24API = StrictVersion(ldap.__version__) >= StrictVersion('2.4')
  10.  
  11. # If you're talking to LDAP, you should be using LDAPS for security!
  12. LDAPSERVER='ldaps://ldap.somecompany.com'
  13. BASEDN='cn=users,dc=somecompany,dc=com'
  14. LDAPUSER = 'uid=someuser,dc=somecompany,dc=com'
  15. LDAPPASSWORD = 'somepassword'
  16. PAGESIZE = 1000
  17. ATTRLIST = ['uid', 'shadowLastChange', 'shadowMax', 'shadowExpire']
  18. SEARCHFILTER='uid=*'
  19.  
  20. def create_controls(pagesize):
  21. """Create an LDAP control with a page size of "pagesize"."""
  22. # Initialize the LDAP controls for paging. Note that we pass ''
  23. # for the cookie because on first iteration, it starts out empty.
  24. if LDAP24API:
  25. return SimplePagedResultsControl(True, size=pagesize, cookie='')
  26. else:
  27. return SimplePagedResultsControl(ldap.LDAP_CONTROL_PAGE_OID, True,
  28. (pagesize,''))
  29.  
  30. def get_pctrls(serverctrls):
  31. """Lookup an LDAP paged control object from the returned controls."""
  32. # Look through the returned controls and find the page controls.
  33. # This will also have our returned cookie which we need to make
  34. # the next search request.
  35. if LDAP24API:
  36. return [c for c in serverctrls
  37. if c.controlType == SimplePagedResultsControl.controlType]
  38. else:
  39. return [c for c in serverctrls
  40. if c.controlType == ldap.LDAP_CONTROL_PAGE_OID]
  41.  
  42. def set_cookie(lc_object, pctrls, pagesize):
  43. """Push latest cookie back into the page control."""
  44. if LDAP24API:
  45. cookie = pctrls[0].cookie
  46. lc_object.cookie = cookie
  47. return cookie
  48. else:
  49. est, cookie = pctrls[0].controlValue
  50. lc_object.controlValue = (pagesize,cookie)
  51. return cookie
  52.  
  53. # This is essentially a placeholder callback function. You would do your real
  54. # work inside of this. Really this should be all abstracted into a generator...
  55. def process_entry(dn, attrs):
  56. """Process an entry. The two arguments passed are the DN and
  57. a dictionary of attributes."""
  58. print dn, attrs
  59.  
  60. # Ignore server side certificate errors (assumes using LDAPS and
  61. # self-signed cert). Not necessary if not LDAPS or it's signed by
  62. # a real CA.
  63. ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
  64. # Don't follow referrals
  65. ldap.set_option(ldap.OPT_REFERRALS, 0)
  66.  
  67. l = ldap.initialize(LDAPSERVER)
  68. l.protocol_version = 3 # Paged results only apply to LDAP v3
  69. try:
  70. l.simple_bind_s(LDAPUSER, LDAPPASSWORD)
  71. except ldap.LDAPError as e:
  72. exit('LDAP bind failed: %s' % e)
  73.  
  74. # Create the page control to work from
  75. lc = create_controls(PAGESIZE)
  76.  
  77. # Do searches until we run out of "pages" to get from
  78. # the LDAP server.
  79. while True:
  80. # Send search request
  81. try:
  82. # If you leave out the ATTRLIST it'll return all attributes
  83. # which you have permissions to access. You may want to adjust
  84. # the scope level as well (perhaps "ldap.SCOPE_SUBTREE", but
  85. # it can reduce performance if you don't need it).
  86. msgid = l.search_ext(BASEDN, ldap.SCOPE_ONELEVEL, SEARCHFILTER,
  87. ATTRLIST, serverctrls=[lc])
  88. except ldap.LDAPError as e:
  89. sys.exit('LDAP search failed: %s' % e)
  90.  
  91. # Pull the results from the search request
  92. try:
  93. rtype, rdata, rmsgid, serverctrls = l.result3(msgid)
  94. except ldap.LDAPError as e:
  95. sys.exit('Could not pull LDAP results: %s' % e)
  96.  
  97. # Each "rdata" is a tuple of the form (dn, attrs), where dn is
  98. # a string containing the DN (distinguished name) of the entry,
  99. # and attrs is a dictionary containing the attributes associated
  100. # with the entry. The keys of attrs are strings, and the associated
  101. # values are lists of strings.
  102. for dn, attrs in rdata:
  103. process_entry(dn, attrs)
  104.  
  105. # Get cookie for next request
  106. pctrls = get_pctrls(serverctrls)
  107. if not pctrls:
  108. print >> sys.stderr, 'Warning: Server ignores RFC 2696 control.'
  109. break
  110.  
  111. # Ok, we did find the page control, yank the cookie from it and
  112. # insert it into the control for our next search. If however there
  113. # is no cookie, we are done!
  114. cookie = set_cookie(lc, pctrls, PAGESIZE)
  115. if not cookie:
  116. break
  117.  
  118. # Clean up
  119. l.unbind()
  120.  
  121. # Done!
  122. sys.exit(0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!