Login

LDAP to Django Synchronization

Author:
Mogga
Posted:
July 18, 2008
Language:
Python
Version:
.96
Tags:
user auth ldap group
Score:
0 (after 0 ratings)

I needed to be able to synchronize my LDAP users and groups to the Django database. This may not be as efficient as some might like but it works like a charm. It returns a list of messages that I pipe into request.user.messages in my template.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
#!/usr/bin/env python
import ldap
from django.contrib.auth.models import User, Group

AUTH_LDAP_SERVER = 'ldap.server.com'
AUTH_LDAP_BASE_USER = "cn=Manager,dc=ldap,dc=server,dc=com"
AUTH_LDAP_BASE_PASS = "Manager Password"
AUTH_LDAP_BASE = "dc=ldap,dc=server,dc=com"
AUTH_LDAP_SCOPE = ldap.SCOPE_SUBTREE

def get_ldap_groups():
	scope = AUTH_LDAP_SCOPE
	filter = "(&(objectclass=posixGroup))"
	values = ['cn', 'memberUid']
	l = ldap.open(AUTH_LDAP_SERVER)
	l.protocol_version = ldap.VERSION3
	l.simple_bind_s(AUTH_LDAP_BASE_USER,AUTH_LDAP_BASE_PASS)
	result_id = l.search('ou=Groups,'+AUTH_LDAP_BASE, scope, filter, values)
	result_type, result_data = l.result(result_id, 1)
	l.unbind()
	return result_data
	
def sync_groups():
	messages = []
	ldap_groups = get_ldap_groups()
	for ldap_group in ldap_groups:
		try: group_name = ldap_group[1]['cn'][0]
		except: pass
		else:
			try: group = Group.objects.get(name=group_name)
			except Group.DoesNotExist:
				group = Group(name=group_name)
				group.save()
				message = "Group '%s' created." % group_name
				messages.append(message)
	message = "Groups are synchronized."
	messages.append(message)
	return messages

def get_ldap_users():
	scope = AUTH_LDAP_SCOPE
	filter = "(&(objectclass=posixAccount)(employeeType=active))"
	values = ['uid', 'mail', 'givenName', 'sn', ]
	l = ldap.open(AUTH_LDAP_SERVER)
	l.protocol_version = ldap.VERSION3
	l.simple_bind_s(AUTH_LDAP_BASE_USER,AUTH_LDAP_BASE_PASS)
	result_id = l.search('ou=Users,'+AUTH_LDAP_BASE, scope, filter, values)
	result_type, result_data = l.result(result_id, 1)
	l.unbind()
	return result_data
	
def sync_users():
	messages = sync_groups()
	ldap_users = get_ldap_users()
	ldap_groups = get_ldap_groups()
	for ldap_user in ldap_users:
		try: username = ldap_user[1]['uid'][0]
		except: pass
		else:
			try: email = ldap_user[1]['mail'][0]
			except: email = ''
			try: first_name = ldap_user[1]['givenName'][0]
			except: first_name = username
			try: last_name = ldap_user[1]['sn'][0]
			except: last_name = ''
			try: user = User.objects.get(username=username)
			except User.DoesNotExist:
				user = User.objects.create_user(username, email, username)
				user.first_name = first_name
				user.last_name = last_name
				message = "User '%s' created." % username
				messages.append(message)
			else:
				if not user.email == email:
					user.email = email
					message = "User '%s' email updated." % username
					messages.append(message)
				if not user.first_name == first_name:
					user.first_name = first_name
					message = "User '%s' first name updated." % username
					messages.append(message)
				if not user.last_name == last_name:
					user.last_name = last_name
					message = "User '%s' last name updated." % username
					messages.append(message)
			user.save()
			for ldap_group in ldap_groups:
				group_name = ldap_group[1]['cn'][0]
				group_members =	ldap_group[1]['memberUid']
				try:
					group = Group.objects.get(name=group_name)
				except:
					pass
				else:
					if not user.username in group_members:
						if group in user.groups.all():
							user.groups.remove(group)
							message = "User '%s' removed from group '%s'." % (user.username, group.name)
							messages.append(message)
					else:
						if not group in user.groups.all():
							user.groups.add(group)
							message = "User '%s' added to group '%s'." % (user.username, group.name)
							messages.append(message)
	message = "Users are synchronized."
	messages.append(message)
	return messages

More like this

  1. Authentication Against Active Directory (LDAP) over SSL by mary 6 years, 9 months ago
  2. Authenticate against Active Directory by jfray2 7 years, 4 months ago
  3. Unusable passwords for LDAP users by rob.ward 6 years, 3 months ago
  4. Authenticate against Active Directory - LDAP (my version) by trebor74hr 6 years, 1 month ago
  5. Trigger a user password change by jedie 7 years, 8 months ago

Comments

Please login first before commenting.