How It Works

The LDIF format (LDAP Data Interchange Format) is defined in RFC 2849 and is the standard text-based format for defining data and dumping data to and from LDAP databases — and even specifying other arbitrary data changes, such as changes to and deletions of records. An LDIF file is divided into records by blank lines, and the first line of each record gives the distinguishing name (the DN, or the key) of the record affected. The default operation is addition, and the file defined previously simply adds a few test records to an otherwise empty database. Use this test database for the rest of the examples.

The ldapadd utility is used to interpret LDIF files and make the LDAP API calls appropriate to carry out the instructions they contain. In addition, the ldapsearch utility can be used to search the database from the command line and format the results in a more or less LDIF format. These are handy tools to have at your disposal when you're working with LDAP, but to do any more involved work, you'll want to write your own code in Python, and that's what the next example is all about.

Try It Out Simple LDAP Search

OK, now that you either have an LDAP server installed or one already available in your organization, try some basic LDAP accesses from Python so you can see how it all works. When this book went to press, it was difficult to get python-ldap working under Windows, so this presumes you're scripting on a Linux machine:

1. Create a file named simpleldap.py and enter the following:

import ldap l = ldap.open('127.0.0.1') l.simple_bind_s ('', '')

print "Search for everything:"

ldap_result = l.search_s("dc=vivtek,dc=com", ldap.SCOPE_SUBTREE, "cn=*", None)

print ldap_result print print "Search for objects with names containing 'Michael':"

ldap_result = l.search_s("dc=vivtek,dc=com", ldap.SCOPE_SUBTREE, "cn=*Michael*", None)

print ldap_result print print "Retrieve organizational role 'wfstarter':"

ldap_result = l.search_s("dc=vivtek,dc=com", ldap.SCOPE_SUBTREE, "cn=wfstarter", ["organizationalRole"]) print ldap_result print print "Search for everything again, but this time with an asynchronous search:" ldap_result_id = l.search("dc=wftk,dc=org", ldap.SCOPE_SUBTREE, "cn=*", None) while 1:

result_type, result_data = l.result(ldap_result_id, 0) if (result_data == []):

break else:

if result_type == ldap.RES_SEARCH_ENTRY: print result_data

[[email protected] michael]$ python simpleldap.py Search for everything:

[('cn=Different Person,dc=vivtek,dc=com', {'objectClass': ['person'], 'sn': ['Different Person'], 'cn': ['Different Person']}), ('cn=Michael Roberts,dc=vivtek,dc=com', {'objectClass': ['person'], 'sn': ['Roberts'], 'cn': ['Michael Roberts']}), ('cn=wfstarter,dc=vivtek,dc=com', {'objectClass': ['organizationalRole'], 'roleOccupant': ['cn=Michael Roberts', 'cn=Different Person'], 'cn': ['wfstarter']})]

Search for objects with names containing 'Michael':

[('cn=Michael Roberts,dc=vivtek,dc=com', {'objectClass': ['person'], 'sn': ['Roberts'], 'cn': ['Michael Roberts']})]

Retrieve organizational role 'wfstarter':

[('cn=wfstarter,dc=vivtek,dc=com', {'objectClass': ['organizationalRole'], 'roleOccupant': ['cn=Michael Roberts', 'cn=Different Person'], 'cn': ['wfstarter']})]

Search for everything again, but this time with an asynchronous search: [('cn=Different Person,dc=vivtek,dc=com', {'objectClass': ['person'], 'sn': ['Different Person'], 'cn': ['Different Person']})]

[('cn=Michael Roberts,dc=vivtek,dc=com', {'objectClass': ['person'], 'sn': ['Roberts'], 'cn': ['Michael Roberts']})]

[('cn=wfstarter,dc=vivtek,dc=com', {'objectClass': ['organizationalRole'], 'roleOccupant': ['cn=Michael Roberts', 'cn=Different Person'], 'cn': ['wfstarter']})]

Was this article helpful?

0 0

Post a comment