stanford.green.ldap¶

Useful LDAP functions.

Overview¶

LDAP functions useful for Stanford-based applications. Currently the only authentication method supported when connecting to an LDAP server is GSSAPI (Kerberos).

Examples¶

Determine if a Stanford attribute is single- or multi-valued:

>>> from stanford.green.ldap import attribute_is_multi_valued
>>> attribute_is_multi_valued('uid')
False
>>> attribute_is_multi_valued('suMailDrop')
True

Connect to the main Stanford LDAP server and get a user’s accounts-tree information (this assumes you have a valid Kerberos context):

from stanford.green.ldap import LDAP

ldap1 = LDAP()
results = ldap1.sunetid_account_info('jstanford')  # Get account tree LDAP information for user 'jstanford'
results = ldap1.sunetid_people_info('jstanford')   # Get people tree LDAP information for user 'jstanford'
results = ldap1.sunetid_info('jstanford')          # Get BOTH account and people tree LDAP information for user 'jstanford'

exception stanford.green.ldap.GreenLDAPNoResultsException¶: Used when no LDAP results are found

exception stanford.green.ldap.GreenUnknownLDAPAttribute¶: Used when an unrecognized attribute found

class stanford.green.ldap.LDAP(host: str = 'ldap.stanford.edu', connect_on_init: bool = True)¶

The LDAP class.

Parameters:

host – the LDAP host name, defaults to ldap.stanford.edu
connect_on_init – set to True to connect host on object creation, False otherwise, defaults to True.

connect() → Any¶

Create a connected ldap object.

Currently, the only connection method is using GSSAPI. That is, there must be a valid Kerberos context.

search(basedn: str, filterstr: str = '(objectClass=*)', attrlist: list[str] | None = None, scope: str = 'sub') → dict[str, dict[str, dict[str, str | list[str]]]]¶

Perform an LDAP search.

Parameters:

basedn (str) – base DN on which to search
filterstr (str) – a valid LDAP filter clause (e.g., (uid=jstanford))
attrlist (list[str]) – a list of attributes to return
scope (str) – the search scope; must be one “sub”, “base”, or “one”.

This method is a thin wrapper around the ldap package’s search method. The difference is in how it behaves when there are no results and the format of the returned value.

The returned result is a dict where each key is the dn of some tree result. Each key maps to another dict containing the attributes. This is most easily explained with an example:

basedn = "dc=stanford,dc=edu"
filterstr = "uid=jstanford"
results = search(basdn, filterstr=filterstr)
#
# results will look something like
# {
#   'suRegID=f0d08565850320613717ebf068585447,cn=people,dc=stanford,dc=edu':
#     {'suMailCode': '4321', 'suGwAffilCode1': 'stanford:staff', ... }
#   'uid=jstanford,cn=accounts,dc=stanford,dc=edu':
#     { 'uid': 'jstanford', 'suSeasSunetID': ['jstanford', 'jane.stanford'], ... }
# }
#
# There are two keys in the above: the "suRegID=f0..." one and the "uid=jstanford,..." one.

Note that the attributes are returned as either a string (for single-valued attributes) or a list (for multi-valued attributes). Furthermore, LDAP returns vaules as byte-strings so this method converts these byte-strings into regular utf8 strings.

If no results are returned this method raises the GreenLDAPNoResultsException exception.

sunetid_account_info(sunetid: str, attrlist: list[str] | None = None) → dict[str, dict[str, dict[str, str | list[str]]]]¶

Return the account tree information for user with uid equal to sunetid.

Parameters:

sunetid (str) – sunetid of user whose information you seek
attrlist (list[str]) – a list of attributes to return

Raises:

GreenLDAPNoResultsException – if there are no results.

Example:

# results = LDAP.sunetid_account_info('jstanford')
#
# results will look something like
# {
#   'uid=jstanford,cn=accounts,dc=stanford,dc=edu':
#     { 'uid': 'jstanford', 'suSeasSunetID': ['jstanford', 'jane.stanford'], ... }
# }
#

This method (like search()) raises the GreenLDAPNoResultsException exception if no results are returned, so be sure to trap that error if your code is OK with getting no results.

sunetid_info(sunetid: str, attrlist: list[str] | None = None) → dict[str, dict[str, dict[str, str | list[str]]]]¶

Return the people and accounts tree information for user with uid equal to sunetid.

Parameters:

sunetid (str) – sunetid of user whose information you seek
attrlist (list[str]) – a list of attributes to return

Raises:

GreenLDAPNoResultsException – if there are no results.

Example:

# results = LDAP.sunetid_info('jstanford')
#
# results will look something like
# {
#   'uid=jstanford,cn=accounts,dc=stanford,dc=edu':
#     { 'uid': 'jstanford', 'suSeasSunetID': ['jstanford', 'jane.stanford'], ... },
#   'suRegID=f0d08565850320613717ebf068585447,cn=people,dc=stanford,dc=edu':
#     {'suMailCode': '4321', 'suGwAffilCode1': 'stanford:staff', ... }
# }
#

This method (like search()) raises the GreenLDAPNoResultsException exception if no results are returned, so be sure to trap that error if your code is OK with getting no results.

sunetid_people_info(sunetid: str, attrlist: list[str] | None = None) → dict[str, dict[str, dict[str, str | list[str]]]]¶

Return the people tree information for user with uid equal to sunetid.

Parameters:

sunetid (str) – sunetid of user whose information you seek
attrlist (list[str]) – a list of attributes to return

Raises:

GreenLDAPNoResultsException – if there are no results.

Example:

# results = LDAP.sunetid_people_info('jstanford')
#
# results will look something like
# {
#   'suRegID=f0d08565850320613717ebf068585447,cn=people,dc=stanford,dc=edu':
#     {'suMailCode': '4321', 'suGwAffilCode1': 'stanford:staff', ... }
# }
#

This method (like search()) raises the GreenLDAPNoResultsException exception if no results are returned, so be sure to trap that error if your code is OK with getting no results.

stanford.green.ldap.account_attribute_is_multi_valued(attribute_name: str) → bool¶

Return True if attribute_name is multi-valued account-tree, False otherwise.

Parameters:: attribute_name – a string
Returns:: True if attribute_name is a valid account-tree attribute and is multi-valued, False otherwise.
Raises:: GreenUnknownLDAPAttribute – if attribute_name is not a valid account-tree attribute name.

stanford.green.ldap.account_attribute_is_single_valued(attribute_name: str) → bool¶

Return True if attribute_name is a single-valued account-tree attribute, False otherwise.

Parameters:: attribute_name – a string
Returns:: True if attribute_name is single-valued and a valid account-tree attribute, False otherwise.
Raises:: GreenUnknownLDAPAttribute – if attribute_name is not a valid account-tree attribute name.

stanford.green.ldap.attribute_is_multi_valued(attribute_name: str) → bool¶

Return True if attribute_name is multi-valued, False otherwise.

Parameters:: attribute_name – a string
Returns:: True if attribute_name is multi-valued, False otherwise.
Raises:: GreenUnknownLDAPAttribute – if attribute_name is not a valid attribute name.

stanford.green.ldap.attribute_is_single_valued(attribute_name: str) → bool¶

Return True if attribute_name is single-valued, False otherwise.

Parameters:: attribute_name – a string
Returns:: True if attribute_name is single-valued, False otherwise.
Raises:: GreenUnknownLDAPAttribute – if attribute_name is not a valid attribute name.

stanford.green.ldap.people_attribute_is_multi_valued(attribute_name: str) → bool¶

Return True if attribute_name is single-valued, False otherwise.

Parameters:: attribute_name – a string
Returns:: True if attribute_name is single-valued, False otherwise.
Raises:: GreenUnknownLDAPAttribute – if attribute_name is not a valid people-tree attribute name.

stanford.green.ldap.people_attribute_is_single_valued(attribute_name: str) → bool¶

Return True if attribute_name is single-valued people-tree, False otherwise.

Parameters:: attribute_name – a string
Returns:: True if attribute_name is single-valued, False otherwise.
Raises:: GreenUnknownLDAPAttribute – if attribute_name is not a valid people-tree attribute name.

stanford.green.ldap¶

Overview¶

Examples¶

stanford-green

Navigation

Related Topics