python-libldap API reference¶
LDAP¶
-
class
libldap.core.
LDAP
(uri, bind_user=None, bind_password=None, options=[], start_tls=False)¶ LDAP is libldap wrapper class
Parameters: - uri (str, list or tuple) – LDAP URI (e.g. ‘ldap://localhost’, ‘ldaps://localhost’, ‘ldapi:///’)
- bind_user (str or None) – LDAP BIND user. This parameter is used only context manager (the default is None, which implies BIND operation is not done)
- bind_password (str or None) – LDAP BIND password. This parameter is used only context manager (the default is None, which implies BIND operation is not done)
- options ([(option, value, is_global)]) – LDAP options. If this is set, set_option() method is called. (the default is [], which implies no options are set)
- start_tls (bool) – Flag for start_tls() will be executed or not (the default is False, which implies start_tls() is not done)
Raises: LDAPError
-
bind
(who, password, controls=None, async=False)¶ Parameters: - who (str) – Who bind to
- password (str) – Password
- controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
- async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously)
Returns: Nothing or message ID
Return type: None or int
Raises: LDAPError
-
unbind
()¶ Returns: Nothing Return type: None Raises: LDAPError
-
search
(base, scope=0, filter='(objectClass=*)', attributes=None, attrsonly=False, timeout=0, sizelimit=0, controls=None, ordered_attributes=False, async=False)¶ Parameters: - base (str) – DN of the entry at which to start the search.
- scope (int) – Scope of the search. it must be LDAP_SCOPE_BASE, LDAP_SCOPE_ONE, LDAP_SCOPE_SUB or LDAP_SCOPE_CHILDREN (the default is LDAP_SCOPE_BASE).
- filter (str) – LDAP filter (the default is ‘(objectClass=*)’)
- attributes ([str] or None) – Attributes for fetching from LDAP server (the default is None, which implies ‘*’)
- attrsonly (bool) – Flag for gettting value or not (the default is False)
- timeout (int) – Timeout for search operation (the default is 0, which implies unlimited)
- sizelimit (int) – Sizelimit for search operation (the default is 0, which implies unlimited)
- controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
- ordered_attributes (bool) – Flag for attributes order is fixed or not (the default is False, which implies attributes order in entry is not remembered)
- async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously) Synchronous operation returns LDAP responses immediately
Returns: List of entries or message ID
Return type: list or int
Raises: LDAPError
-
paged_search
(base, scope=0, filter='(objectClass=*)', attributes=None, attrsonly=False, timeout=0, sizelimit=0, pagesize=100, ordered_attributes=False)¶ Parameters: - base (str) – DN of the entry at which to start the search.
- scope (int) – Scope of the search. it must be LDAP_SCOPE_BASE, LDAP_SCOPE_ONE, LDAP_SCOPE_SUB or LDAP_SCOPE_CHILDREN (the default is LDAP_SCOPE_BASE).
- filter (str) – LDAP filter (the default is ‘(objectClass=*)’)
- attributes ([str] or None) – Attributes for fetching from LDAP server (the default is None, which implies ‘*’)
- attrsonly (bool) – Flag for gettting value or not (the default is False)
- timeout (int) – Timeout for search operation (the default is 0, which implies unlimited)
- sizelimit (int) – Sizelimit for search operation (the default is 0, which implies unlimited)
- pagesize (int) – LDAP page size (the default is 100, which implies LDAP search request is done by 100 LDAP entries)
- ordered_attributes (bool) – Flag for attributes order is fixed or not (the default is False, which implies attributes order in entry is not remembered)
Yield: LDAP entries (each item is dict)
Raises: LDAPError
-
add
(dn, attributes, controls=None, async=False)¶ Parameters: - dn (str) – DN
- attributes ([(str, [str])] or [(str, [bytes])]) –
List of tuple. tuple has two items:
- attr - Attribute name
- values - List of value
- controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
- async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously)
Returns: If operation is succeeded, None object is returned. If async is True, return message ID.
Return type: None or int
Raises: LDAPError
-
modify
(dn, changes, controls=None, async=False)¶ Parameters: - dn (str) – DN
- changes ([(str, [str], int)] or [(str, [bytes], int)]) –
List of tuple. tuple has three items:
- attr - Attribute name
- values - List of value
- mod_op - Modify operation (e.g.: LDAP_MOD_REPLACE)
- controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
- async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously)
Returns: If operation is succeeded, None object is returned. If async is True, return message ID.
Return type: None or int
Raises: LDAPError
-
delete
(dn, controls=None, async=False)¶ Parameters: - dn (str) – DN
- controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
- async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously)
Returns: If operation is succeeded, None object is returned. If async is True, return message ID.
Return type: None or int
Raises: LDAPError
-
rename
(dn, newrdn, newparent=None, deleteoldrdn=False, controls=None, async=False)¶ Parameters: - dn (str) – DN
- newrdn (str) – New RDN
- newparent (str or None) – New Parent DN (ths default is None, which implies same parent with old dn is set)
- deleteoldrdn (bool) – Flag for deleting old rdn attribute or not (the default is True, which implies oldrdn is not deleted after renaming)
- controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
- async (bool) – Flag for asynchronous or not (the default is False, which implies operation will done synchronously)
Returns: If operation is succeeded, None object is returned. If async is True, return message ID.
Return type: None or int
Raises: LDAPError
-
compare
(dn, attribute, value, controls=None)¶ Parameters: - dn (str) – DN
- attribute (str) – Attribute for comparing
- value (str) – Value for comparing
- controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
Returns: Attribute and value found in specified DN or not
Return type: bool
Raises: LDAPError
Note
This method operates synchronously.
-
whoami
(controls=None)¶ Parameters: controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set) Returns: If operation is succeeded, DN is returned. Return type: str Raises: LDAPError Note
This method operates synchronously.
-
passwd
(user, oldpw=None, newpw=None, controls=None)¶ Parameters: - user (str) – DN of user
- oldpw (str or None) – Old password of user (the default is None, which implies authentication will be skipped)
- newpw (str or None) – New password of user (the default is None, which implies password will be created by randomly)
- controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
Returns: If operation is succeeded, New password is returned.
Return type: str
Raises: LDAPError
Note
This method operates synchronously.
-
start_tls
(controls=None)¶ Parameters: controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set) Returns: If operation is succeeded, None object is returned. Return type: None Raises: LDAPError
-
set_option
(option, value, is_global=False)¶ Parameters: - option (int) – LDAP option. Available options are located in libldap.constants
- value (object) – LDAP option value
- is_global (bool) – Flag for LDAP option is set globally or not (the default is False, which implies LDAP option is set in this context)
Returns: If operation is succeeded, None object is returned.
Return type: None
Raises: LDAPError
Tip
These option parameters expect value parameter to be bool.
- LDAP_OPT_CONNECT_ASYNC
- LDAP_OPT_REFERRALS
- LDAP_OPT_RESTART
These option parameters expect value parameter to be int.
- LDAP_OPT_DEBUG_LEVEL
- LDAP_OPT_DEREF
- LDAP_OPT_PROTOCOL_VERSION
- LDAP_OPT_RESULT_CODE
- LDAP_OPT_SIZELIMIT
- LDAP_OPT_TIMELIMIT
- LDAP_OPT_X_KEEPALIVE_IDLE
- LDAP_OPT_X_KEEPALIVE_PROBES
- LDAP_OPT_X_KEEPALIVE_INTERVAL
- LDAP_OPT_X_TLS_CRLCHECK
- LDAP_OPT_X_TLS_PROTOCOL_MIN
- LDAP_OPT_X_TLS_REQUIRE_CERT
- LDAP_OPT_X_SASL_NOCANON
- LDAP_OPT_X_SASL_MAXBUFSIZE
- LDAP_OPT_X_SASL_SSF_EXTERNAL
- LDAP_OPT_X_SASL_SSF_MAX
- LDAP_OPT_X_SASL_SSF_MIN
These option parameters expect value parameter to be float or int.
- LDAP_OPT_NETWORK_TIMEOUT
- LDAP_OPT_TIMEOUT
These option parameters expect value parameter to be str.
- LDAP_OPT_DEFBASE
- LDAP_OPT_DIAGNOSTIC_MESSAGE
- LDAP_OPT_MATCHED_DN
- LDAP_OPT_URI
- LDAP_OPT_X_TLS_CACERTDIR
- LDAP_OPT_X_TLS_CACERTFILE
- LDAP_OPT_X_TLS_CERTFILE
- LDAP_OPT_X_TLS_CIPHER_SUITE
- LDAP_OPT_X_TLS_CRLFILE
- LDAP_OPT_X_TLS_DHFILE
- LDAP_OPT_X_TLS_KEYFILE
- LDAP_OPT_X_TLS_RANDOM_FILE
- LDAP_OPT_X_SASL_SECPROPS
LDAP_OPT_REFERRAL_URLS option expects value parameter to be [str].
Other options are not supported.
-
get_option
(option, is_global=False)¶ Parameters: - option (int) – LDAP option. Available options are located in libldap.constants
- is_global (bool) – Flag for LDAP option is set globally or not (the default is False, which implies LDAP option is set in this context)
Returns: Return value varies by option parameter of get_option().
Return type: int, str, [str] or None
Raises: LDAPError
Tip
These option parameters return bool value.
- LDAP_OPT_CONNECT_ASYNC
- LDAP_OPT_REFERRALS
- LDAP_OPT_RESTART
These option parameters return int value.
- LDAP_OPT_DEBUG_LEVEL
- LDAP_OPT_DEREF
- LDAP_OPT_DESC
- LDAP_OPT_PROTOCOL_VERSION
- LDAP_OPT_RESULT_CODE
- LDAP_OPT_SESSION_REFCNT
- LDAP_OPT_SIZELIMIT
- LDAP_OPT_TIMELIMIT
- LDAP_OPT_X_KEEPALIVE_IDLE
- LDAP_OPT_X_KEEPALIVE_PROBES
- LDAP_OPT_X_KEEPALIVE_INTERVAL
- LDAP_OPT_X_TLS_CRLCHECK
- LDAP_OPT_X_TLS_NEWCTX
- LDAP_OPT_X_TLS_PROTOCOL_MIN
- LDAP_OPT_X_TLS_REQUIRE_CERT
- LDAP_OPT_X_SASL_NOCANON
These option parameters return float value.
- LDAP_OPT_NETWORK_TIMEOUT
- LDAP_OPT_TIMEOUT
These option parameters return str value.
- LDAP_OPT_DEFBASE
- LDAP_OPT_DIAGNOSTIC_MESSAGE
- LDAP_OPT_MATCHED_DN
- LDAP_OPT_URI
- LDAP_OPT_X_TLS_CACERTDIR
- LDAP_OPT_X_TLS_CACERTFILE
- LDAP_OPT_X_TLS_CERTFILE
- LDAP_OPT_X_TLS_CIPHER_SUITE
- LDAP_OPT_X_TLS_CRLFILE
- LDAP_OPT_X_TLS_DHFILE
- LDAP_OPT_X_TLS_KEYFILE
- LDAP_OPT_X_TLS_RANDOM_FILE
- LDAP_OPT_X_SASL_AUTHCID
- LDAP_OPT_X_SASL_AUTHZID
- LDAP_OPT_X_SASL_MECH
- LDAP_OPT_X_SASL_MECHLIST
- LDAP_OPT_X_SASL_REALM
- LDAP_OPT_X_SASL_SECPROPS
- LDAP_OPT_X_SASL_USERNAME
LDAP_OPT_REFERRAL_URLS option parameter returns [str] value.
LDAP_OPT_API_INFO option parameter returns dict value. Return value has following key-value:
- api_info_version: API Info Version
- api_version: API Version
- api_protocol_max: Protocol Max
- api_extensions: Extensions
- api_vendor_name: Vendor Name
- api_vendor_version: Vendor Version
Other options are not supported.
-
abandon
(msgid, controls=None)¶ Parameters: - msgid (int) – Message ID
- controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
Returns: If operation is succeeded, None object is returned.
Return type: None
Raises: LDAPError
-
cancel
(msgid, controls=None)¶ Parameters: - msgid (int) – Message ID
- controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set)
Returns: If operation is succeeded, None object is returned.
Return type: None
Raises: LDAPError
-
result
(msgid, all=True, timeout=3, controls=None)¶ Parameters: - msgid (int) – Message ID
- all (int) – Flag for responsing all responses with msgid or not (the default is True, which implies all responses with msgid is returned)
- timeout (int) – Timeout for result() method. Zero means wait foreve (the default is 3, which implies wait 3 seconds)
- controls (LDAPControl or None) – LDAP Controls (the default is None, which implies no controls are set). If controls is set and LDAP response has control message, return value has control key-value.
Returns: Return result for specified message ID.
Return type: dict or list
Raises: LDAPError
Note
If you have done search() asynchronously, you should use search_result() instead of result(). result() get raw data, raw data has __order__ key, which has attribute order.
-
search_result
(*args, **kwargs)¶ Parameters: - *args (tuple) – Arguments for result()
- **kwargs (dict) –
kwargs can contain following key:
- ordered_attributes : bool (the default is False)
Returns: Return LDAP entries for specified message ID.
Return type: [_DictEntry] or [_OrderedEntry]
_OrderedEntry and _DictEntry are classes which inherit dict or OrderedDict. They have ‘dn’ attribute.
Raises: LDAPError