7.0 KiB
7.0 KiB
Hackspace LDAP examples
Introduction
LDAP is a direcotry service that is often used to authenticate users, it has support in a lot of apps so we maintain a ldap server to provided authentication.
setup
Setup an ldap server inside docker
docker run --name hackspace-ldap --restart=always --env LDAP_ORGANISATION="Maidstone Hackspace" --env LDAP_DOMAIN="maidstone-hackspace.org.uk" --env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.2.0Add Objects
Add Organizational Units
from ldap3 import Server, Connection, ObjectDef, AttrDef, Reader, Writer, ALL
LDAP_PASSWORD = 'secretldappassword'
LDAP_ROOT = 'dc=maidstone-hackspace, dc=org, dc=uk'
LDAP_SERVER = '172.18.0.2'
server = Server(LDAP_SERVER)
conn = Connection(server, 'cn=admin, %s' % LDAP_ROOT, LDAP_PASSWORD, auto_bind=True)
conn.add('ou=users,dc=maidstone-hackspace, dc=org, dc=uk', 'organizationalUnit')
conn.add('ou=groups,dc=maidstone-hackspace, dc=org, dc=uk', 'organizationalUnit')
return conn.result| result | : | 0 | description | : | success | dn | : | message | : | referrals | : | hline | type | : | addResponse |
Add Groups
from ldap3 import Server, Connection, ObjectDef, AttrDef, Reader, Writer, ALL
LDAP_PASSWORD = 'secretldappassword'
LDAP_ROOT = 'dc=maidstone-hackspace, dc=org, dc=uk'
LDAP_SERVER = '172.18.0.2'
server = Server(LDAP_SERVER)
conn = Connection(server, 'cn=admin, %s' % LDAP_ROOT, LDAP_PASSWORD, auto_bind=True)
g = {'objectClass': ['groupOfNames', 'top'], 'cn': 'g1', 'member': ['cn=admin',]}
conn.add('cn=g1, ou=groups,dc=maidstone-hackspace, dc=org, dc=uk', attributes=g)
conn.add('cn=g2, ou=groups,dc=maidstone-hackspace, dc=org, dc=uk', attributes=g)
return conn.result| result | : | 0 | description | : | success | dn | : | message | : | referrals | : | hline | type | : | addResponse |
Add Users
from ldap3 import Server, Connection, ObjectDef, AttrDef, Reader, Writer, ALL
LDAP_PASSWORD = 'secretldappassword'
LDAP_ROOT = 'dc=maidstone-hackspace, dc=org, dc=uk'
LDAP_SERVER = '172.18.0.2'
server = Server(LDAP_SERVER)
conn = Connection(server, 'cn=admin, %s' % LDAP_ROOT, LDAP_PASSWORD, auto_bind=True)
u = {'objectClass': ['inetOrgPerson', 'person', 'top'], 'sn': 'user_sn', 'cn': 'First Last', 'userPassword': ''}
conn.add('cn=user2,ou=users,dc=maidstone-hackspace, dc=org, dc=uk', attributes=u)
return conn.result| result | : | 0 | description | : | success | dn | : | message | : | referrals | : | hline | type | : | addResponse |
Modify objects
Modify groups
from ldap3 import Server, Connection, ObjectDef, AttrDef, Reader, Writer, ALL, MODIFY_REPLACE, MODIFY_DELETE
server = Server('172.17.0.2')
conn = Connection(server, 'cn=admin, dc=maidstone-hackspace, dc=org, dc=uk', 'JonSn0w', auto_bind=True)
print(conn.bind())
conn.modify(
'cn=g1, ou=groups,dc=maidstone-hackspace, dc=org, dc=uk',
{'member': [
(MODIFY_REPLACE, ['cn=admin','cn=user1'])]})
return conn.result{'result': 0, 'description': 'success', 'dn': '', 'message': '', 'referrals': None, 'type': 'modifyResponse'}
Search objects
Check group exists
from ldap3 import Server, Connection, ObjectDef, AttrDef, Reader, Writer, ALL
server = Server('172.17.0.2')
conn = Connection(server, 'cn=admin, dc=maidstone-hackspace, dc=org, dc=uk', 'JonSn0w', auto_bind=True)
print(conn.bind())
return conn.search('cn=g4, ou=groups, dc=maidstone-hackspace, dc=org, dc=uk', '(objectclass=groupOfNames)')False
List objects
list users
from ldap3 import Server, Connection, ObjectDef, AttrDef, Reader, Writer, ALL
server = Server('172.19.0.6')
conn = Connection(server, 'cn=admin, dc=maidstone-hackspace, dc=org, dc=uk', 'secretldappassword', auto_bind=True)
print(conn.bind())
conn.search('dc=maidstone-hackspace, dc=org, dc=uk', '(objectclass=person)')
return conn.entries| DN: | cn=oly | ou=users | dc=maidstone-hackspace | dc=org | dc=uk | - | STATUS: | Read | - | READ | TIME: | 2018-04-23T21:13:46.919782 | DN: | cn=test | ou=users | dc=maidstone-hackspace | dc=org | dc=uk | - | STATUS: | Read | - | READ | TIME: | 2018-04-23T21:13:46.919828 |
list groups
from ldap3 import Server, Connection, ObjectDef, AttrDef, Reader, Writer, ALL, SUBTREE
server = Server('172.17.0.2')
conn = Connection(server, 'cn=admin, dc=maidstone-hackspace, dc=org, dc=uk', 'JonSn0w', auto_bind=True)
print(conn.bind())
conn.search(
search_base='ou=groups, dc=maidstone-hackspace, dc=org, dc=uk',
search_filter='(objectclass=groupOfNames)',
search_scope=SUBTREE,
attributes=['cn', 'member'])
return conn.entries[0]list organizational units
from ldap3 import Server, Connection, ObjectDef, AttrDef, Reader, Writer, ALL
server = Server('172.17.0.2')
conn = Connection(server, 'cn=admin, dc=maidstone-hackspace, dc=org, dc=uk', 'JonSn0w', auto_bind=True)
print(conn.bind())
conn.search('dc=maidstone-hackspace, dc=org, dc=uk', '(objectclass=organizationalUnit)')
return conn.entries| DN: | ou=users | dc=maidstone-hackspace | dc=org | dc=uk | - | STATUS: | Read | - | READ | TIME: | 2018-04-19T22:29:32.989385 | DN: | ou=groups | dc=maidstone-hackspace | dc=org | dc=uk | - | STATUS: | Read | - | READ | TIME: | 2018-04-19T22:29:32.989433 |
from ldap3 import Server, Connection, ObjectDef, AttrDef, Reader, Writer, ALL
server = Server('172.19.0.3')
conn = Connection(server, 'cn=admin, dc=maidstone-hackspace, dc=org, dc=uk', 'secretldappassword', auto_bind=True)
print(conn.bind())
conn.search('dc=maidstone-hackspace, dc=org, dc=uk', '(objectclass=organizationalUnit)')
return conn.entriesQueries
Testing with elisp
(setq ldap-default-host "test.maidstone-hackspace.org.uk")
(setq ldap-default-base "dc=test, dc=maidstone-hackspace, dc=org, dc=uk")
(setq ldap-host-alist '(("ldap://test.maidstone-hackspace.org.uk"
timelimit "10"
password "password-here"
base "dc=test, dc=maidstone-hackspace, dc=org, dc=uk"
binddn "cn=admin, dc=test, dc=maidstone-hackspace, dc=org, dc=uk")))
(ldap-search "(objectclass=person)")Testing with ldap search
docker exec hackstage_directory_1 ldapsearch -x -H ldap://localhost -b "dc=test, dc=maidstone-hackspace, dc=org, dc=uk" -D "cn=admin, dc=test, dc=maidstone-hackspace, dc=org, dc=uk" -w password-here