blzzua/active_directory_ldap_auth_example.py

## active_directory_ldap_auth_example.py
import ldap
login, password = 'login', 'password'

ctx = {}
ctx['action'] = 'initializing LDAP connection'
ldap_obj = ldap.initialize('ldap://active.directory.local')
ldap_obj.protocol_version=ldap.VERSION3
ldap_obj.set_option(ldap.OPT_REFERRALS, 0)  # ????
ldap_obj.bind_s('ldap_bind_user', 'ldap_bind_password', ldap.AUTH_SIMPLE)
searchfilter = '(sAMAccountName=%(username)s)' % {'username': login}

results = ldap_obj.search_s('ou=SubtreeName,dc=domain,dc=local', ldap.SCOPE_SUBTREE, searchfilter, ['objectclass'], 1)
nres = len(results)
if nres < 1:
    print('login not found')
else:
    try:
        user_entry = results[0]
        ldap_dn = user_entry[0]
        ldap_obj.bind_s(who=ldap_dn, cred=password, method=ldap.AUTH_SIMPLE)
        print("SUCCESS", ldap_obj)
    except ldap.INVALID_CREDENTIALS:
        print("INVALID_CREDENTIALS")
	import ldap
	login, password = 'login', 'password'

	ctx = {}
	ctx['action'] = 'initializing LDAP connection'
	ldap_obj = ldap.initialize('ldap://active.directory.local')
	ldap_obj.protocol_version=ldap.VERSION3
	ldap_obj.set_option(ldap.OPT_REFERRALS, 0) # ????
	ldap_obj.bind_s('ldap_bind_user', 'ldap_bind_password', ldap.AUTH_SIMPLE)
	searchfilter = '(sAMAccountName=%(username)s)' % {'username': login}

	results = ldap_obj.search_s('ou=SubtreeName,dc=domain,dc=local', ldap.SCOPE_SUBTREE, searchfilter, ['objectclass'], 1)
	nres = len(results)
	if nres < 1:
	print('login not found')
	else:
	try:
	user_entry = results[0]
	ldap_dn = user_entry[0]
	ldap_obj.bind_s(who=ldap_dn, cred=password, method=ldap.AUTH_SIMPLE)
	print("SUCCESS", ldap_obj)
	except ldap.INVALID_CREDENTIALS:
	print("INVALID_CREDENTIALS")