-2

Env:

python - 3.6.6
django - 2.x.x
django-auth-ldap - 2.0.0         
python-ldap - 3.2.0

Code:

import ldap
from django_auth_ldap.backend import LDAPBackend, _LDAPUser, LDAPSearch

user = _LDAPUser(LDAPBackend(), "any")  # just for getting root connection to LDAP
search = LDAPSearch(
    "ou=Some,dc=some,dc=some,dc=some",
    ldap.SCOPE_SUBTREE,
    "???? what should be here ???"  # criteria, I guess
)

# list of users is expected, or at least user's names
result = search.execute(user.connection)

Question:

How to construct correct criteria(or how it should be called correctly) for getting list of users? (links would be great)
Is it possible at all?

Solution(not for production, just working sketch):

# based on https://medium.com/@alpolishchuk/pagination-of-ldap-search-results-with-python-ldap-845de60b90d2
import ldap
from ldap.controls import SimplePagedResultsControl
from django_auth_ldap.backend import LDAPBackend, _LDAPUser


user = _LDAPUser(LDAPBackend(), "any")
connect = user.connection
page_control = SimplePagedResultsControl(True, size=2, cookie='')

result = []
fuse = 2
while True:
    fuse -= 1
    if fuse < 0:
        break
    response = connect.search_ext(
        "ou=some,dc=some,dc=some,dc=some",
        ldap.SCOPE_SUBTREE,
        "(objectClass=inetorgperson)",
        [],
        serverctrls=[page_control]
    )
    rtype, rdata, rmsgid, serverctrls = connect.result3(response)
    result.extend(rdata)
    controls = [control for control in serverctrls
                if control.controlType == SimplePagedResultsControl.controlType]
    if not controls:
        print("The server ignores RFC 2696 control")
        break
    if not controls[0].cookie:
        break
    page_control.cookie = controls[0].cookie
Yuriy Leonov
  • 536
  • 1
  • 9
  • 33

1 Answers1

1

There are a lot of different scenarios that may be involved in your environment.

  • How many users in LDAP?
  • Which LDAP server implementation? (Microsoft Active Directory?)
  • You may need to use the Simple Paged Results control.

As for the Filter, there are some examples for Microsoft Active Directory

For (NOT AD) something simple like 

(objectClass=inetorgperson)

Should be sufficient.

jwilleke
  • 10,467
  • 1
  • 30
  • 51
  • Good questions! There is no information related to that :) Based on your answer I could assume, that my question is not correct, due to different implementations of LDAP and therefore different available search criteria. – Yuriy Leonov Sep 25 '19 at 10:18
  • Based on your clue - i found this article https://medium.com/@alpolishchuk/pagination-of-ldap-search-results-with-python-ldap-845de60b90d2 And I'll update my question with current solution – Yuriy Leonov Sep 25 '19 at 10:56