Re: Reading groups from LDAP

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Wed, Jun 18, 2008 at 7:17 PM, Michael Ströder <mi...@st...>
wrote:

> Michael Ströder wrote:
>
>> The user enters some user name. During login you have to use a
>> configurable search filter for searching the user's entry.
>>
>> Something like:
>> user_search_filter_template = '(|(uid=%s)(sAMAccountName=%s))'
>>
>> An then replace %s with what the user entered as user name.
>>
>
> Furthermore:
>
> 1. You have to check whether exactly *one* entry is returned in the search
> results. search_ext_s(..,sizelimit=2)
> 2. You MUST only accept non-empty passwords when checking the user's
> password with a bind request. If you send a simple bind request with an
> empty password the bind is ok because it's only treated as anonymous bind by
> most LDAP servers.
>
> Ciao, Michael.

Ok,
Probably we didn't understand.I will use uid=userid_name ( %s =
userid_name).
I have a test that I want to succeed:

    def testMemberOfGroup(self):
        """Authenticate to LDAP and read all groups that user with uid usera
        is a member of.
        """
        server_uri = self.ldap_env.slapd.url
        base_dn = self.ldap_env.basedn
        lo = ldap.initialize(server_uri)
        ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
        lo.simple_bind_s('', '')
        search_filter='(|(&(objectClass=*)(member=uid=usera,ou=Unit
A,ou=Users,ou=testing,dc=example,dc=org)))'' # ths one was just for checking
if this works
        search_groups = lo.search_st(base_dn, ldap.SCOPE_SUBTREE,
search_filter)

(yes this works but I don't want to need to know all those stuff after the
uid=usera)

I know you said it's a bad thing to search for substring nut this is the
only way how I can say something is a grop -> for me in ma definition,
something is a group if has a member (or a type containing word member-
there is wher it will be grat to use substrings) and in the member part of
the record it has uid, the rest of the groups I don't want to know about
them.

And I have a part of record record:
'member': ['cn=dummy', 'uid=usera,ou=Unit
A,ou=Users,ou=testing,dc=example,dc=org']

And I only want to search for uid=usera, not the rest of the record. This is
only for test and for the real search I will use it more configurable.

-- 
Melita MIhaljevic|melita.mihaljevic at gmail.com| melita.mihaljevic at
fer.hr
ICQ: 201278527 | Gtalk: melita.mihaljevic |
http://mihaljevicmelita.blogspot.com/
PGP: 0xDB17A80C | http://fly.srk.fer.hr/~gizmo
http://www.last.fm/user/maligizmo/ | http://www.linkedin.com/in/mmihaljevic