python-libldap API reference

LDAP

class libldap.core.LDAP(uri, bind_user=None, bind_password=None, options=[], start_tls=False)

LDAP is libldap wrapper class

Parameters:
  • uri (str, list or tuple) – LDAP URI (e.g. ‘ldap://localhost’, ‘ldaps://localhost’, ‘ldapi:///’)
  • bind_user (str or None) – LDAP BIND user. This parameter is used only context manager (the default is None, which implies BIND operation is not done)
  • bind_password (str or None) – LDAP BIND password. This parameter is used only context manager (the default is None, which implies BIND operation is not done)
  • options ([(option, value, is_global)]) – LDAP options. If this is set, set_option() method is called. (the default is [], which implies no options are set)
  • start_tls (bool) – Flag for start_tls() will be executed or not (the default is False, which implies start_tls() is not done)
Raises:

LDAPError
bind(who, password, controls=None, async=False)
Parameters:
  • who (str) – Who bind to
  • password (str) – Password
  • controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
  • async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously)
Returns:

Nothing or message ID
Return type:

None or int
Raises:

LDAPError
unbind()
Returns:Nothing
Return type:None
Raises:LDAPError
search(base, scope=0, filter='(objectClass=*)', attributes=None, attrsonly=False, timeout=0, sizelimit=0, controls=None, ordered_attributes=False, async=False)
Parameters:
  • base (str) – DN of the entry at which to start the search.
  • scope (int) – Scope of the search. it must be LDAP_SCOPE_BASE, LDAP_SCOPE_ONE, LDAP_SCOPE_SUB or LDAP_SCOPE_CHILDREN (the default is LDAP_SCOPE_BASE).
  • filter (str) – LDAP filter (the default is ‘(objectClass=*)’)
  • attributes ([str] or None) – Attributes for fetching from LDAP server (the default is None, which implies ‘*’)
  • attrsonly (bool) – Flag for gettting value or not (the default is False)
  • timeout (int) – Timeout for search operation (the default is 0, which implies unlimited)
  • sizelimit (int) – Sizelimit for search operation (the default is 0, which implies unlimited)
  • controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
  • ordered_attributes (bool) – Flag for attributes order is fixed or not (the default is False, which implies attributes order in entry is not remembered)
  • async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously) Synchronous operation returns LDAP responses immediately
Returns:

List of entries or message ID
Return type:

list or int
Raises:

LDAPError
Parameters:
  • base (str) – DN of the entry at which to start the search.
  • scope (int) – Scope of the search. it must be LDAP_SCOPE_BASE, LDAP_SCOPE_ONE, LDAP_SCOPE_SUB or LDAP_SCOPE_CHILDREN (the default is LDAP_SCOPE_BASE).
  • filter (str) – LDAP filter (the default is ‘(objectClass=*)’)
  • attributes ([str] or None) – Attributes for fetching from LDAP server (the default is None, which implies ‘*’)
  • attrsonly (bool) – Flag for gettting value or not (the default is False)
  • timeout (int) – Timeout for search operation (the default is 0, which implies unlimited)
  • sizelimit (int) – Sizelimit for search operation (the default is 0, which implies unlimited)
  • pagesize (int) – LDAP page size (the default is 100, which implies LDAP search request is done by 100 LDAP entries)
  • ordered_attributes (bool) – Flag for attributes order is fixed or not (the default is False, which implies attributes order in entry is not remembered)
Yield:

LDAP entries (each item is dict)
Raises:

LDAPError
add(dn, attributes, controls=None, async=False)
Parameters:
  • dn (str) – DN
  • attributes ([(str, [str])] or [(str, [bytes])]) –

    List of tuple. tuple has two items:

    • attr - Attribute name
    • values - List of value
  • controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
  • async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously)
Returns:

If operation is succeeded, None object is returned. If async is True, return message ID.
Return type:

None or int
Raises:

LDAPError
modify(dn, changes, controls=None, async=False)
Parameters:
  • dn (str) – DN
  • changes ([(str, [str], int)] or [(str, [bytes], int)]) –

    List of tuple. tuple has three items:

    • attr - Attribute name
    • values - List of value
    • mod_op - Modify operation (e.g.: LDAP_MOD_REPLACE)
  • controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
  • async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously)
Returns:

If operation is succeeded, None object is returned. If async is True, return message ID.
Return type:

None or int
Raises:

LDAPError
delete(dn, controls=None, async=False)
Parameters:
  • dn (str) – DN
  • controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
  • async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously)
Returns:

If operation is succeeded, None object is returned. If async is True, return message ID.
Return type:

None or int
Raises:

LDAPError
rename(dn, newrdn, newparent=None, deleteoldrdn=False, controls=None, async=False)
Parameters:
  • dn (str) – DN
  • newrdn (str) – New RDN
  • newparent (str or None) – New Parent DN (ths default is None, which implies same parent with old dn is set)
  • deleteoldrdn (bool) – Flag for deleting old rdn attribute or not (the default is True, which implies oldrdn is not deleted after renaming)
  • controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
  • async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously)
Returns:

If operation is succeeded, None object is returned. If async is True, return message ID.
Return type:

None or int
Raises:

LDAPError
compare(dn, attribute, value, controls=None)
Parameters:
  • dn (str) – DN
  • attribute (str) – Attribute for comparing
  • value (str) – Value for comparing
  • controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
Returns:

Attribute and value found in specified DN or not
Return type:

bool
Raises:

LDAPError

Note

This method operates synchronously.

whoami(controls=None)
Parameters:controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
Returns:If operation is succeeded, DN is returned.
Return type:str
Raises:LDAPError

Note

This method operates synchronously.

passwd(user, oldpw=None, newpw=None, controls=None)
Parameters:
  • user (str) – DN of user
  • oldpw (str or None) – Old password of user (the default is None, which implies authentication will be skipped)
  • newpw (str or None) – New password of user (the default is None, which implies password will be created by randomly)
  • controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
Returns:

If operation is succeeded, New password is returned.
Return type:

str
Raises:

LDAPError

Note

This method operates synchronously.

start_tls(controls=None)
Parameters:controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
Returns:If operation is succeeded, None object is returned.
Return type:None
Raises:LDAPError
set_option(option, value, is_global=False)
Parameters:
  • option (int) – LDAP option. Available options are located in libldap.constants
  • value (object) – LDAP option value
  • is_global (bool) – Flag for LDAP option is set globally or not (the default is False, which implies LDAP option is set in this context)
Returns:

If operation is succeeded, None object is returned.
Return type:

None
Raises:

LDAPError

Tip

These option parameters expect value parameter to be bool.

  • LDAP_OPT_CONNECT_ASYNC
  • LDAP_OPT_REFERRALS
  • LDAP_OPT_RESTART

These option parameters expect value parameter to be int.

  • LDAP_OPT_DEBUG_LEVEL
  • LDAP_OPT_DEREF
  • LDAP_OPT_PROTOCOL_VERSION
  • LDAP_OPT_RESULT_CODE
  • LDAP_OPT_SIZELIMIT
  • LDAP_OPT_TIMELIMIT
  • LDAP_OPT_X_KEEPALIVE_IDLE
  • LDAP_OPT_X_KEEPALIVE_PROBES
  • LDAP_OPT_X_KEEPALIVE_INTERVAL
  • LDAP_OPT_X_TLS_CRLCHECK
  • LDAP_OPT_X_TLS_PROTOCOL_MIN
  • LDAP_OPT_X_TLS_REQUIRE_CERT
  • LDAP_OPT_X_SASL_NOCANON
  • LDAP_OPT_X_SASL_MAXBUFSIZE
  • LDAP_OPT_X_SASL_SSF_EXTERNAL
  • LDAP_OPT_X_SASL_SSF_MAX
  • LDAP_OPT_X_SASL_SSF_MIN

These option parameters expect value parameter to be float or int.

  • LDAP_OPT_NETWORK_TIMEOUT
  • LDAP_OPT_TIMEOUT

These option parameters expect value parameter to be str.

  • LDAP_OPT_DEFBASE
  • LDAP_OPT_DIAGNOSTIC_MESSAGE
  • LDAP_OPT_MATCHED_DN
  • LDAP_OPT_URI
  • LDAP_OPT_X_TLS_CACERTDIR
  • LDAP_OPT_X_TLS_CACERTFILE
  • LDAP_OPT_X_TLS_CERTFILE
  • LDAP_OPT_X_TLS_CIPHER_SUITE
  • LDAP_OPT_X_TLS_CRLFILE
  • LDAP_OPT_X_TLS_DHFILE
  • LDAP_OPT_X_TLS_KEYFILE
  • LDAP_OPT_X_TLS_RANDOM_FILE
  • LDAP_OPT_X_SASL_SECPROPS

LDAP_OPT_REFERRAL_URLS option expects value parameter to be [str].

Other options are not supported.

get_option(option, is_global=False)
Parameters:
  • option (int) – LDAP option. Available options are located in libldap.constants
  • is_global (bool) – Flag for LDAP option is set globally or not (the default is False, which implies LDAP option is set in this context)
Returns:

Return value varies by option parameter of get_option().
Return type:

int, str, [str] or None
Raises:

LDAPError

Tip

These option parameters return bool value.

  • LDAP_OPT_CONNECT_ASYNC
  • LDAP_OPT_REFERRALS
  • LDAP_OPT_RESTART

These option parameters return int value.

  • LDAP_OPT_DEBUG_LEVEL
  • LDAP_OPT_DEREF
  • LDAP_OPT_DESC
  • LDAP_OPT_PROTOCOL_VERSION
  • LDAP_OPT_RESULT_CODE
  • LDAP_OPT_SESSION_REFCNT
  • LDAP_OPT_SIZELIMIT
  • LDAP_OPT_TIMELIMIT
  • LDAP_OPT_X_KEEPALIVE_IDLE
  • LDAP_OPT_X_KEEPALIVE_PROBES
  • LDAP_OPT_X_KEEPALIVE_INTERVAL
  • LDAP_OPT_X_TLS_CRLCHECK
  • LDAP_OPT_X_TLS_NEWCTX
  • LDAP_OPT_X_TLS_PROTOCOL_MIN
  • LDAP_OPT_X_TLS_REQUIRE_CERT
  • LDAP_OPT_X_SASL_NOCANON

These option parameters return float value.

  • LDAP_OPT_NETWORK_TIMEOUT
  • LDAP_OPT_TIMEOUT

These option parameters return str value.

  • LDAP_OPT_DEFBASE
  • LDAP_OPT_DIAGNOSTIC_MESSAGE
  • LDAP_OPT_MATCHED_DN
  • LDAP_OPT_URI
  • LDAP_OPT_X_TLS_CACERTDIR
  • LDAP_OPT_X_TLS_CACERTFILE
  • LDAP_OPT_X_TLS_CERTFILE
  • LDAP_OPT_X_TLS_CIPHER_SUITE
  • LDAP_OPT_X_TLS_CRLFILE
  • LDAP_OPT_X_TLS_DHFILE
  • LDAP_OPT_X_TLS_KEYFILE
  • LDAP_OPT_X_TLS_RANDOM_FILE
  • LDAP_OPT_X_SASL_AUTHCID
  • LDAP_OPT_X_SASL_AUTHZID
  • LDAP_OPT_X_SASL_MECH
  • LDAP_OPT_X_SASL_MECHLIST
  • LDAP_OPT_X_SASL_REALM
  • LDAP_OPT_X_SASL_SECPROPS
  • LDAP_OPT_X_SASL_USERNAME

LDAP_OPT_REFERRAL_URLS option parameter returns [str] value.

LDAP_OPT_API_INFO option parameter returns dict value. Return value has following key-value:

  • api_info_version: API Info Version
  • api_version: API Version
  • api_protocol_max: Protocol Max
  • api_extensions: Extensions
  • api_vendor_name: Vendor Name
  • api_vendor_version: Vendor Version

Other options are not supported.

abandon(msgid, controls=None)
Parameters:
  • msgid (int) – Message ID
  • controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
Returns:

If operation is succeeded, None object is returned.
Return type:

None
Raises:

LDAPError
cancel(msgid, controls=None)
Parameters:
  • msgid (int) – Message ID
  • controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
Returns:

If operation is succeeded, None object is returned.
Return type:

None
Raises:

LDAPError
result(msgid, all=True, timeout=3, controls=None)
Parameters:
  • msgid (int) – Message ID
  • all (int) – Flag for responsing all responses with msgid or not (the default is True, which implies all responses with msgid is returned)
  • timeout (int) – Timeout for result() method. Zero means wait foreve (the default is 3, which implies wait 3 seconds)
  • controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set). If controls is set and LDAP response has control message, return value has control key-value.
Returns:

Return result for specified message ID.
Return type:

dict or list
Raises:

LDAPError

Note

If you have done search() asynchronously, you should use search_result() instead of result(). result() get raw data, raw data has __order__ key, which has attribute order.

search_result(*args, **kwargs)
Parameters:
  • *args (tuple) – Arguments for result()
  • **kwargs (dict) –

    kwargs can contain following key:

    • ordered_attributes : bool (the default is False)
Returns:

Return LDAP entries for specified message ID.
Return type:

[_DictEntry] or [_OrderedEntry]

_OrderedEntry and _DictEntry are classes which inherit dict or OrderedDict. They have ‘dn’ attribute.
Raises:

LDAPError

LDAPControl

class libldap.core.LDAPControl

Todo

Hide _LDAPObjectControl methods.