ldap简介:
LDAP(Light Directory Access Portocol),它是基于X.500标准的轻量级目录访问协议
目录是一个为查询、浏览和搜索而优化的数据库,它成树状结构组织数据,类似文件目录一样
LDAP目录服务是由目录数据库和一套访问协议组成的系统
ldap基础知识
python操作:
pip install ldap3
# !/usr/bin/python3
# -*- encoding: utf-8 -*-
"""
@File : open_ldap.py
@Time : 2021/6/20 17:19
@Author : yang xin
@Software : PyCharm
@Description :
"""
import json
import random
import requests
from ldap3 import Server, Connection, ALL, MODIFY_REPLACE
class LdapOp(object):
"""
对接ldap
Operation Dcouments: http://ldap3.readthedocs.io/
"""
def __init__(self, ip, port, user, passwd):
self._ip = ip
self._port = port
self._user = user
self._passwd = passwd
self.dn = self._user.split(',', 1)[1]
self.s = Server(self._ip, self._port, get_info=ALL)
self.conn = Connection(self.s, self._user, self._passwd, auto_bind=True)
# 查询用户
def search_users(self, keyword, search_filter):
# True or False
return self.conn.search(search_base=keyword, search_filter=search_filter)
# 添加用户
def add_user(self, dn, object_class, attributes):
return self.conn.add(dn=dn, object_class=object_class, attributes=attributes)
# 修改用户
def modify_user(self, dn, changes):
return self.conn.modify(dn, changes)
# 删除用户
def delete_user(self, dn):
self.conn.delete(dn=dn)
# 用户认证
def auth_user(username, password):
kwargs = {
"userName": username,
"password": password,
}
uri = ""
headers = {'Content-Type': 'application/json'}
res = requests.post(uri, data=json.dumps(kwargs), verify=False, headers=headers).json()
if res.get("success"):
return True, res.get("token")
return False, None
# 获取用户列表
def get_userlist(username, password):
ok, token = auth_user(username, password)
if not ok:
return False, "user auth failed"
uri = ""
headers = {'Content-Type': 'application/json',
"token": token}
res = requests.post(uri, verify=False, headers=headers).json()
if res.get("success"):
return True, res.get("data")
return False, "get user list failed"
# 初始化ldap
def init_ldap():
ldap = LdapOp(ip="",
port=389,
user="",
passwd=""
)
return ldap
def salt(length=8):
"""
生成长度为length 的随机字符串
"""
aplhabet = "0123456789"
return "".join(map(lambda _: random.choice(aplhabet), range(length)))
# 用户同步
def sync_user(username, password):
ok, users_or_err = get_userlist(username, password)
if not ok:
return False, users_or_err
ldap = init_ldap()
dn = "ou=eoms,dc=boco,dc=com"
inetorgperson = "inetOrgPerson"
search_filter = "(objectClass=%s)" % inetorgperson
for userinfo in users_or_err:
cn = "cn=%s" % userinfo['username']
search_base = dn_ = "{cn},{dn}".format(cn=cn, dn=dn)
# 用户不存在,执行添加
if not ldap.search_users(search_base, search_filter):
object_class = inetorgperson
attributes = {
"cn": userinfo['username'],
"sn": userinfo['username'],
"displayname": userinfo["companyName"],
"mail": "%s@qq.com" % salt(),
"telephonenumber": "1840829%s" % salt(4),
"userpassword": "{MD5}%s" % salt(),
"title": "engineer"
}
if not ldap.add_user(dn=dn_, object_class=object_class, attributes=attributes):
return False, "add user failed"
# 存在,修改
else:
# 只修改公司名字,用户名不能修改, 其他字段可不必修改
changes = {
"displayname": (MODIFY_REPLACE, [userinfo["companyName"]])
}
if not ldap.modify_user(dn=dn_, changes=changes):
return False, "modify user failed"
return True, "sync user success"
USERNAME = ""
PASSWORD = ""
sync_user(USERNAME, PASSWORD)