0

What I should I do to get users uid number, mail, employeenumber?

 from ldap3 import Server, Connection
            # clear connection
            my_server = 'XXX'
            my_user = 'uid=idmsa,ou=People,ou=auth,o=csun'
            my_password = 'password'
            
            s0 = Server(my_server)
            c0 = Connection(s0, my_user, my_password)
            c0.bind()
            c0.search("o=csun", "(cn=*)")
            print(c0.entries)

OUTPUT

    DN: uid=aa22342,ou=People,ou=Auth,o=CSUN - STATUS: Read - READ TIME: 2021-06-24T10:27:10.169992
EsmaeelE
  • 2,331
  • 6
  • 22
  • 31
Robin Malhotra
  • 15
  • 5

2 Answers2

0

You can pass in the list of attributes to be returned :

c0.search("o=csun", "(cn=*)", attributes=['uid', 'uidNumber', 'mail'])

And then you can iterate over the results with :

for entry in c0.response:
    print(entry['dn'])
    print(entry['attributes'])
    # ...
EricLavault
  • 12,130
  • 3
  • 23
  • 45
  • It's a burden to the directory because you will request every data of every result selected, instead of only the data you need. It's the same as doing a `SELECT * FROM users` when you only need the id, mail and employee number on each row instead of the complete row. – Esteban Feb 17 '22 at 08:42
  • @Esteban It depends which/howmany non-operational attributes are returned by default by the server when the client doesn't specify it. LDAP servers never return _all_ attributes (user+operational) if not explicitly requested. Secondly, even if the post is titled "_This script gives all the users data [...] but I want to fetch specific user's [attributes]_", the main issue for Robin was that `print(c0.entries)` does not output the entries, but `DN: uid=aa22342,ou=People,ou=Auth,o=CSUN - STATUS: Read - READ TIME: 2021-06-24T10:27:10.169992`. – EricLavault Feb 17 '22 at 15:31
  • I'm sorry to refute you, but the LDAP protocol states clearly how an empty request should be handled, and it's to return all the "users attributes". https://datatracker.ietf.org/doc/html/rfc4511#section-4.5.1.8 . It can easily be quite verbose and double the amount of data returned. As far as not replying to the question but to the problem, I see your point and I'm guilty of literally answering the question and not take enough time to understand the underlying problem. – Esteban Feb 18 '22 at 16:32
  • My point is _LDAP servers never return all attributes (user+operational) if not explicitly requested._ For the user attributes taken alone, you are right, I'm just saying "all" doesn't necessarily mean "a lot", it can be verbose as you said, but it depends which entries are requested (or what type) and how many attributes have been populated so far for these entries, and this is not the case for operational attributes. That said, it's always better to specify explicitly what should be returned. – EricLavault Feb 19 '22 at 14:58
0

You can specify on the search which attributes you want to be returned, default is none.

For example :

c0.search(search_base = 'o=csun',
     search_filter = '(cn=*)',
     search_scope = SUBTREE,
     attributes = ['uid', 'uidNumber', 'mail', 'employeeNumber'])

You can find all the parameters of the search function here : https://ldap3.readthedocs.io/en/latest/searches.html

Esteban
  • 1,752
  • 1
  • 8
  • 17
  • Thanks its done can you tell me how do I search a uid number greater than a particular number. For example if I wanna search a uid number greater than 2147483647 how do I write it in a script? – Robin Malhotra Jul 02 '21 at 18:55
  • @RobinMalhotra You have to filter the results on the `search_filter` : `search_filter = '(uidNumber>2147483647)'` . Check this documentation on how to build search filter : https://ldap.com/ldap-filters/ – Esteban Jul 05 '21 at 11:32