ldaputils

ldaputils

Ldap utils library.

Install

pip install ldaputils

Usage

# use your own host, port, username and password values.
# username must be a fully qualified dn.
# Use ipython help to see more init parameters.
server = LdapService(
    host="localhost,
    port=389,
    username="cn=admin,dc=example,dc=com",
    password="adminpassword",
)

name = nameutils.get_random_name() # use fastutils.nameutils.get_random_name for test
username = pinyinutils.to_pinyin(name).lower()
user_detail = {
    "cn": name,
    "ou": "AI Tech Group",
    "l": "HangZhou, China",
}
assert self.server.add_user_entry(username, user_detail)
assert self.server.delete_user_entry(username)

How to solve wrap socket error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1006) problem.

This is not a problem of ldaputils library, nor is a problem of ldap3 library. It happens because ssl client and the server using different protocols.

Find out your server ssl information with openssl command

openssl s_client -connect x.x.x.x:389 -showcerts -starttls ldap

• Type shell command above.

• Replace x.x.x.x:389 with your own ldap server address and port.

• The output may looks like:

  ...
  ...
  ---
  New, TLSv1.2, Cipher is AES256-GCM-SHA384
  Server public key is 2048 bit
  Secure Renegotiation IS supported
  Compression: NONE
  Expansion: NONE
  No ALPN negotiated
  SSL-Session:
      Protocol  : TLSv1.2
      Cipher    : AES256-GCM-SHA384
      Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
      Session-ID-ctx: 
      Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
      PSK identity: None
      PSK identity hint: None
      SRP username: None
      TLS session ticket lifetime hint: 300 (seconds)
      TLS session ticket:
      0000 - 19 1a 2e c9 bc 3a c8 2b-27 ab 9c cf 94 12 f8 79   .......['4......
      0010 - bd 1a 9a c9 52 3e ac 2d-af ab aa cf c6 09 f8 7f   .........R.>...O
      0020 - 63 1a b9 c9 73 34 ea 27-4d ab a8 cf 2f 12 f8 79   c..-s4..M..**...
      0030 - ac 1a 18 c9 40 35 4f 26-ce ab ca cf 95 60 f8 71   ....@.O....\.`.a
      0040 - 19 1a 2e c9 9d 34 ba 28-90 ab 50 cf ce 8c f8 79   .......8.oP7..U.
      0050 - d5 1a 3b c9 cc 36 61 27-ff ab 0f cf 4c 34 f8 70   ..;..f..... L4..
      0060 - c8 1a 1b c9 b3 3e a5 27-e0 ab 21 cf 1a 84 f8 75   .<........!...d.
      0070 - 26 1a 1b c9 6b 34 a2 24-03 ab 57 cf 70 e1 f8 74   fW.ykD.t.vxXt..t
      0080 - 8c 1a 52 c9 46 39 e3 2b-44 ab 66 cf 23 b3 f8 7d   ..rrfxI..D.x.#.;M
      0090 - 74 1a f8 c9 af 37 37 2b-89 ab 62 cf 53 5c f8 7b   t8...G7...bGx\..
  
      Start Time: 1697691557
      Timeout   : 7200 (sec)
      Verify return code: 10 (certificate has expired)
      Extended master secret: no
  ---
  ...
  ...
  

• You can found out what Protocol and Cipher your server is using.

Init ldap service with tls server parameters

from ldap3 import Tls
from ldaputils import LdapService

tls = Tls(
    version=ssl.PROTOCOL_TLSv1_2,
    ciphers="AES256-GCM-SHA384",
)
service = LdapService(
    host="x.x.x.x",
    port=389,
    username="cn=admin,dc=example,dc=com",
    password="example",
    base_dn="dc=example,dc=com",
    server_params={
        "tls": tls,
    },
)

• Add server_params and you will get SSL problem solved.

Releases

v0.1.0 2020/11/14

• First release.
• Add, update, delete user entry function ready.
• Get user and get users function ready.

v0.1.4 2020/11/17

• Add util functions.

v0.1.5 2020/11/21

• Add attributes param for LdapService.get_user_entries.

v0.1.7 2021/03/24

• Fix add_user_entry changed the user_detail dict problem.

v0.1.9 2023/09/15

• Doc update.

v0.1.10 2023/10/19

• Doc update.