Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Python-LDAP: find the groups a user is a member of.
LDAP_SERVER = "ldaps://my-ldap-server.com/"
LDAP_BASE = "dc=my-ldap-server,dc=com"
def users_ldap_groups(uid):
""" Returns a list of the groups that the uid is a member of.
Returns False if it can't find the uid or throws an exception.
It's up to the caller to ensure that the UID they're using exists!
"""
logger.debug("uid: ", uid)
# ignore certificate errors
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
l = ldap.initialize(LDAP_SERVER)
# this search for all objectClasses that user is in.
# change this to suit your LDAP schema
search_filter='(|(&(objectClass=*)(member=uid=%s,cn=users,cn=accounts,dc=my-ldap-server,dc=com)))' % uid
try:
# this returns the groups!
results = l.search_s(LDAP_BASE, ldap.SCOPE_SUBTREE, search_filter, ['cn',])
logger.debug('%s groups: %s' % (uid, results) )
return results
except ldap.NO_SUCH_OBJECT as e:
logger.error("{}:{}unable to lookup uid {} on LDAP server {}: {}".format(__file__, sys._getframe().f_code.co_name, uid, LDAP_SERVER, e))
return False
except Exception as e: # some other error occured
logger.error("{}:{}: other error occurred looking up {} in LDAP: {}".format(__file__, sys._getframe().f_code.co_name,uid,e))
return False
# shouldn't get here, but if we do, we don't have any results!
return False
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment