ipaserver.plugins.ldap2.ldap2¶
- class ipaserver.plugins.ldap2.ldap2(api)[source]¶
Bases:
ipalib.crud.CrudBackend
,ipapython.ipaldap.LDAPCache
LDAP Backend Take 2.
Public Data Attributes:
Convert a string or number to a floating point number, if possible.
int([x]) -> integer int(x, base=10) -> integer
Inherited from
Connectible
Return thread-local connection.
Inherited from
Plugin
Return API instance passed to __init__().
Inherited from
LDAPCache
Inherited from
LDAPClient
Convert a string or number to a floating point number, if possible.
int([x]) -> integer int(x, base=10) -> integer
Return thread-local connection.
schema associated with this LDAP server
Public Methods:
__init__
(api)close
()Close the connection.
__str__
()Return str(self).
create_connection
([ccache, bind_dn, ...])Connect to LDAP server.
Disconnect from LDAP server.
get_ipa_config
([attrs_list])Returns the IPA configuration entry (dn, entry_attrs).
has_upg
()Returns True/False whether User-Private Groups are enabled.
get_effective_rights
(dn, attrs_list)Returns the rights the currently bound user has for the given DN.
can_write
(dn, attr)Returns True/False if the currently bound user has write permissions on the attribute.
can_read
(dn, attr)Returns True/False if the currently bound user has read permissions on the attribute.
can_delete
(dn)Returns True/False if the currently bound user has delete permissions on the entry.
can_add
(parent_dn, objectclass)Returns True/False if the currently bound user has permission to add an entry with the given objectclass immediately below the entry with the given DN.
modify_password
(dn, new_pass[, old_pass, ...])Set user password.
add_entry_to_group
(dn, group_dn[, ...])Add entry designaed by dn to group group_dn in the member attribute member_attr.
remove_entry_from_group
(dn, group_dn[, ...])Remove entry from group.
set_entry_active
(dn, active)Mark entry active/inactive.
activate_entry
(dn)Mark entry active.
deactivate_entry
(dn)Mark entry inactive.
Remove a kerberos principal key.
create
(**kw)Create a new entry and return it as one dict (DN included).
retrieve
(primary_key, attributes)Get entry by primary_key (DN) as one dict (DN included).
update
(primary_key, **kw)Update entry's attributes and return it as one dict (DN included).
delete
(primary_key)Delete entry by primary_key (DN).
search
(**kw)Return a list of entries (each entry is one dict, DN included) matching the specified criteria.
Inherited from
CrudBackend
create
(**kw)Create a new entry and return it as one dict (DN included).
retrieve
(primary_key, attributes)Get entry by primary_key (DN) as one dict (DN included).
update
(primary_key, **kw)Update entry's attributes and return it as one dict (DN included).
delete
(primary_key)Delete entry by primary_key (DN).
search
(**kw)Return a list of entries (each entry is one dict, DN included) matching the specified criteria.
Inherited from
Connectible
__init__
(api)connect
(*args, **kw)Create thread-local connection.
create_connection
([ccache, bind_dn, ...])Connect to LDAP server.
Disconnect from LDAP server.
Return
True
if thread-local connection on request.context exists.Inherited from
Plugin
__init__
(api)finalize
()Finalize plugin initialization.
Finalize plugin initialization if it has not yet been finalized.
__repr__
()Return 'module_name.class_name()' representation.
Inherited from
ReadOnly
__lock__
()Put this instance into a read-only state.
Return True if instance is locked, otherwise False.
__setattr__
(name, value)If unlocked, set attribute named
name
tovalue
.__delattr__
(name)If unlocked, delete attribute named
name
.Inherited from
LDAPCache
__init__
(api)emit
(msg, *args, **kwargs)copy_entry
(dn, entry[, attrs])add_cache_entry
(dn[, attrs_list, get_all, ...])cache_status
(type)add_entry
(entry)Create a new entry.
update_entry
(entry)Update entry's attributes.
delete_entry
(entry_or_dn)Delete an entry given either the DN or the entry itself
move_entry
(dn, new_dn[, del_old])Move an entry (either to a new superior or/and changing relative distinguished name)
modify_s
(dn, modlist)get_entry
(dn[, attrs_list, time_limit, ...])Get entry (dn, entry_attrs) by dn.
Inherited from
LDAPClient
__init__
(api)from_realm
(realm_name, **kwargs)Create a LDAPI connection to local 389-DS instance
from_hostname_secure
(hostname[, cacert, ...])Create LDAP or LDAPS connection to a remote 389-DS instance
from_hostname_plain
(hostname, **kwargs)Create a plain LDAP connection with TLS/SSL
__str__
()Return str(self).
modify_s
(dn, modlist)get_attribute_type
(name_or_oid)has_dn_syntax
(name_or_oid)Check the schema to see if the attribute uses DN syntax.
get_attribute_single_value
(name_or_oid)Check the schema to see if the attribute is single-valued.
encode
(val)Encode attribute value to LDAP representation (str/bytes).
decode
(val, attr)Decode attribute value from LDAP representation (str/bytes).
error_handler
([arg_desc])Context manager that handles LDAPErrors
handle_truncated_result
(truncated)get_allowed_attributes
(objectclasses[, ...])__exit__
(exc_type, exc_value, traceback)close
()Close the connection.
simple_bind
(bind_dn, bind_password[, ...])Perform simple bind operation.
external_bind
([server_controls, client_controls])Perform SASL bind operation using the SASL EXTERNAL mechanism.
gssapi_bind
([server_controls, client_controls])Perform SASL bind operation using the SASL GSSAPI mechanism.
unbind
()Perform unbind operation.
make_dn_from_attr
(attr, value[, parent_dn])Make distinguished name from attribute.
make_dn
(entry_attrs[, primary_key, parent_dn])Make distinguished name from entry attributes.
make_entry
([_dn, _obj])combine_filters
(filters[, rules])Combine filters into one for ldap2.find_entries.
make_filter_from_attr
(attr, value[, rules, ...])Make filter for ldap2.find_entries from attribute.
make_filter
(entry_attrs[, attrs_list, ...])Make filter for ldap2.find_entries from entry attributes.
get_entries
(base_dn[, scope, filter, ...])Return a list of matching entries.
find_entries
([filter, attrs_list, base_dn, ...])Return a list of entries and indication of whether the results were truncated ([(dn, entry_attrs)], truncated) matching specified search parameters followed by truncated flag.
find_entry_by_attr
(attr, value, object_class)Find entry (dn, entry_attrs) by attribute and object class.
get_entry
(dn[, attrs_list, time_limit, ...])Get entry (dn, entry_attrs) by dn.
add_entry
(entry)Create a new entry.
move_entry
(dn, new_dn[, del_old])Move an entry (either to a new superior or/and changing relative distinguished name)
update_entry
(entry)Update entry's attributes.
delete_entry
(entry_or_dn)Delete an entry given either the DN or the entry itself
entry_exists
(dn)Test whether the given object exists in LDAP.
Private Data Attributes:
Inherited from
ReadOnly
_ReadOnly__locked
Inherited from
LDAPClient
Private Methods:
_connect
()_get_normalized_entry_for_crud
(dn[, attrs_list])Inherited from
Connectible
_Connectible__get_conn
()Return thread-local connection.
Inherited from
Plugin
_Plugin__name_getter
()_Plugin__full_name_getter
()_Plugin__bases_getter
()_Plugin__doc_getter
()_Plugin__summary_getter
()Do custom finalization.
Inherited from
LDAPClient
Force this instance to forget it's cached schema and reacquire it from the schema cache.
_convert_result
(result)result is a python-ldap result tuple of the form (dn, attrs), where dn is a string containing the dn (distinguished name) of the entry, and attrs is a dictionary containing the attributes associated with the entry.
_connect
()_LDAPClient__get_effective_rights_control
()Construct a GetEffectiveRights control for current user.
- property Backend¶
- property Command¶
- MATCH_ALL = '&'¶
- MATCH_ANY = '|'¶
- MATCH_NONE = '!'¶
- SCOPE_BASE = 0¶
- SCOPE_ONELEVEL = 1¶
- SCOPE_SUBTREE = 2¶
- _SINGLE_VALUE_OVERRIDE = {'nsslapd-anonlimitsdn': True, 'nsslapd-db-locks': True, 'nsslapd-enable-upgrade-hash': True, 'nsslapd-idlistscanlimit': True, 'nsslapd-ldapidnmappingbase': True, 'nsslapd-ldapientrysearchbase': True, 'nsslapd-logging-hr-timestamps-enabled': True, 'nsslapd-lookthroughlimit': True, 'nsslapd-minssf-exclude-rootdse': True, 'nsslapd-sizelimit': True, 'nsslapd-ssl-check-hostname': True}¶
- _SYNTAX_MAPPING = {'1.3.6.1.4.1.1466.115.121.1.1': <class 'bytes'>, '1.3.6.1.4.1.1466.115.121.1.10': <class 'bytes'>, '1.3.6.1.4.1.1466.115.121.1.12': <class 'ipapython.dn.DN'>, '1.3.6.1.4.1.1466.115.121.1.23': <class 'bytes'>, '1.3.6.1.4.1.1466.115.121.1.24': <class 'datetime.datetime'>, '1.3.6.1.4.1.1466.115.121.1.28': <class 'bytes'>, '1.3.6.1.4.1.1466.115.121.1.4': <class 'bytes'>, '1.3.6.1.4.1.1466.115.121.1.40': <class 'bytes'>, '1.3.6.1.4.1.1466.115.121.1.49': <class 'bytes'>, '1.3.6.1.4.1.1466.115.121.1.5': <class 'bytes'>, '1.3.6.1.4.1.1466.115.121.1.51': <class 'bytes'>, '1.3.6.1.4.1.1466.115.121.1.7': <class 'bool'>, '1.3.6.1.4.1.1466.115.121.1.8': <class 'bytes'>, '1.3.6.1.4.1.1466.115.121.1.9': <class 'bytes'>, '2.16.840.1.113719.1.301.4.14.1': <class 'ipapython.dn.DN'>, '2.16.840.1.113719.1.301.4.17.1': <class 'ipapython.dn.DN'>, '2.16.840.1.113719.1.301.4.18.1': <class 'ipapython.dn.DN'>, '2.16.840.1.113719.1.301.4.26.1': <class 'ipapython.dn.DN'>, '2.16.840.1.113719.1.301.4.29.1': <class 'ipapython.dn.DN'>, '2.16.840.1.113719.1.301.4.36.1': <class 'ipapython.dn.DN'>, '2.16.840.1.113719.1.301.4.40.1': <class 'ipapython.dn.DN'>, '2.16.840.1.113719.1.301.4.41.1': <class 'ipapython.dn.DN'>, '2.16.840.1.113719.1.301.4.52.1': <class 'ipapython.dn.DN'>, '2.16.840.1.113719.1.301.4.53.1': <class 'ipapython.dn.DN'>, '2.16.840.1.113730.3.8.11.21': <class 'ipapython.dn.DN'>, '2.16.840.1.113730.3.8.11.22': <class 'ipapython.dn.DN'>, '2.16.840.1.113730.3.8.11.4': <class 'ipapython.dn.DN'>, '2.16.840.1.113730.3.8.3.18': <class 'ipapython.dn.DN'>, '2.16.840.1.113730.3.8.3.20': <class 'ipapython.dn.DN'>, '2.16.840.1.113730.3.8.3.3': <class 'ipapython.dn.DN'>, '2.16.840.1.113730.3.8.3.5': <class 'ipapython.dn.DN'>, '2.16.840.1.113730.3.8.3.7': <class 'ipapython.dn.DN'>, '2.16.840.1.113730.3.8.7.1': <class 'ipapython.dn.DN'>, '2.16.840.1.113730.3.8.7.2': <class 'ipapython.dn.DN'>}¶
- _SYNTAX_OVERRIDE = {'cACertificate': <class 'cryptography.x509.base.Certificate'>, 'cACertificate;binary': <class 'cryptography.x509.base.Certificate'>, 'dnszoneidnsname': <class 'ipapython.dnsutil.DNSName'>, 'idnsname': <class 'ipapython.dnsutil.DNSName'>, 'idnssoamname': <class 'ipapython.dnsutil.DNSName'>, 'idnssoarname': <class 'ipapython.dnsutil.DNSName'>, 'krbcanonicalname': <class 'ipapython.kerberos.Principal'>, 'krbprincipalname': <class 'ipapython.kerberos.Principal'>, 'managedbase': <class 'ipapython.dn.DN'>, 'managedtemplate': <class 'ipapython.dn.DN'>, 'memberindirect': <class 'ipapython.dn.DN'>, 'memberofindirect': <class 'ipapython.dn.DN'>, 'nsds5replicalastinitend': <class 'str'>, 'nsds5replicalastinitstart': <class 'str'>, 'nsds5replicalastupdateend': <class 'str'>, 'nsds5replicalastupdatestart': <class 'str'>, 'originscope': <class 'ipapython.dn.DN'>, 'usercertificate': <class 'cryptography.x509.base.Certificate'>, 'usercertificate;binary': <class 'cryptography.x509.base.Certificate'>}¶
- __annotations__ = {}¶
- __delattr__(name)¶
If unlocked, delete attribute named
name
.If this instance is locked, an AttributeError will be raised.
- Parameters
name – Name of attribute to delete.
- __dict__ = mappingproxy({'__module__': 'ipaserver.plugins.ldap2', '__doc__': '\n LDAP Backend Take 2.\n ', '__init__': <function ldap2.__init__>, 'ldap_uri': <property object>, 'time_limit': <property object>, 'size_limit': <property object>, '_connect': <function ldap2._connect>, 'close': <function ldap2.close>, '__str__': <function ldap2.__str__>, 'create_connection': <function ldap2.create_connection>, 'destroy_connection': <function ldap2.destroy_connection>, 'get_ipa_config': <function ldap2.get_ipa_config>, 'has_upg': <function ldap2.has_upg>, 'get_effective_rights': <function ldap2.get_effective_rights>, 'can_write': <function ldap2.can_write>, 'can_read': <function ldap2.can_read>, 'can_delete': <function ldap2.can_delete>, 'can_add': <function ldap2.can_add>, 'modify_password': <function ldap2.modify_password>, 'add_entry_to_group': <function ldap2.add_entry_to_group>, 'remove_entry_from_group': <function ldap2.remove_entry_from_group>, 'set_entry_active': <function ldap2.set_entry_active>, 'activate_entry': <function ldap2.activate_entry>, 'deactivate_entry': <function ldap2.deactivate_entry>, 'remove_principal_key': <function ldap2.remove_principal_key>, '_get_normalized_entry_for_crud': <function ldap2._get_normalized_entry_for_crud>, 'create': <function ldap2.create>, 'retrieve': <function ldap2.retrieve>, 'update': <function ldap2.update>, 'delete': <function ldap2.delete>, 'search': <function ldap2.search>, '__annotations__': {}})¶
- __enter__()¶
- __exit__(exc_type, exc_value, traceback)¶
- __islocked__()¶
Return True if instance is locked, otherwise False.
- __lock__()¶
Put this instance into a read-only state.
After the instance has been locked, attempting to set or delete an attribute will raise an AttributeError.
- __module__ = 'ipaserver.plugins.ldap2'¶
- __repr__()¶
Return ‘module_name.class_name()’ representation.
This representation could be used to instantiate this Plugin instance given the appropriate environment.
- __setattr__(name, value)¶
If unlocked, set attribute named
name
tovalue
.If this instance is locked, an AttributeError will be raised.
- Parameters
name – Name of attribute to set.
value – Value to assign to attribute.
- __weakref__¶
list of weak references to the object (if defined)
- _convert_result(result)¶
result is a python-ldap result tuple of the form (dn, attrs), where dn is a string containing the dn (distinguished name) of the entry, and attrs is a dictionary containing the attributes associated with the entry. The keys of attrs are strings, and the associated values are lists of strings.
We convert the tuple to an LDAPEntry object.
- _flush_schema()¶
Force this instance to forget it’s cached schema and reacquire it from the schema cache.
- _get_schema()¶
- _on_finalize()¶
Do custom finalization.
This method is called from finalize(). Subclasses can override this method in order to add custom finalization.
- add_cache_entry(dn, attrs_list=None, get_all=False, entry=None, exception=None)¶
- add_entry(entry)¶
Create a new entry.
This should be called as add_entry(entry).
- add_entry_to_group(dn, group_dn, member_attr='member', allow_same=False)[source]¶
Add entry designaed by dn to group group_dn in the member attribute member_attr.
Adding a group as a member of itself is not allowed unless allow_same is True.
- property api¶
Return API instance passed to __init__().
- bases = (<class 'ipalib.crud.CrudBackend'>, <class 'ipapython.ipaldap.LDAPCache'>)¶
- cache_status(type)¶
- can_add(parent_dn, objectclass)[source]¶
Returns True/False if the currently bound user has permission to add an entry with the given objectclass immediately below the entry with the given DN.
For example, to check if an entry with objectclass=ipaca can be added under cn=cas,cn=ca,{basedn}, you should call
can_add(DN('cn=cas,...'), 'ipaca')
.
- can_delete(dn)[source]¶
Returns True/False if the currently bound user has delete permissions on the entry.
- can_read(dn, attr)[source]¶
Returns True/False if the currently bound user has read permissions on the attribute. This only operates on a single attribute at a time.
- can_write(dn, attr)[source]¶
Returns True/False if the currently bound user has write permissions on the attribute. This only operates on a single attribute at a time.
- clear_cache()¶
- classmethod combine_filters(filters, rules='|')¶
Combine filters into one for ldap2.find_entries.
Keyword arguments: rules – see ldap2.make_filter
- property conn¶
Return thread-local connection.
- connect(*args, **kw)¶
Create thread-local connection.
- copy_entry(dn, entry, attrs=[])¶
- create(**kw)[source]¶
Create a new entry and return it as one dict (DN included).
Extends CrudBackend.create.
- create_connection(ccache=None, bind_dn=None, bind_pw='', cacert=None, autobind=1, serverctrls=None, clientctrls=None, time_limit=<object object>, size_limit=<object object>)[source]¶
Connect to LDAP server.
Keyword arguments: ldapuri – the LDAP server to connect to ccache – Kerberos ccache name bind_dn – dn used to bind to the server bind_pw – password used to bind to the server debug_level – LDAP debug level option cacert – TLS CA certificate filename autobind - autobind as the current user time_limit, size_limit – maximum time and size limit for LDAP
- possible options:
value - sets the given value
None - reads value from ipaconfig
- _missing - keeps previously configured settings
(unlimited set by default in constructor)
Extends backend.Connectible.create_connection.
- decode(val, attr)¶
Decode attribute value from LDAP representation (str/bytes).
- delete_entry(entry_or_dn)¶
Delete an entry given either the DN or the entry itself
- disconnect()¶
- doc = '\n LDAP Backend Take 2.\n '¶
- emit(msg, *args, **kwargs)¶
- encode(val)¶
Encode attribute value to LDAP representation (str/bytes).
- ensure_finalized()¶
Finalize plugin initialization if it has not yet been finalized.
- entry_exists(dn)¶
Test whether the given object exists in LDAP.
- property env¶
- error_handler(arg_desc=None)¶
Context manager that handles LDAPErrors
- external_bind(server_controls=None, client_controls=None)¶
Perform SASL bind operation using the SASL EXTERNAL mechanism.
- finalize()¶
Finalize plugin initialization.
This method calls _on_finalize() and locks the plugin object.
Subclasses should not override this method. Custom finalization is done in _on_finalize().
- class finalize_attr(name, value=None)¶
Bases:
object
Create a stub object for plugin attribute that isn’t set until the finalization of the plugin initialization.
When the stub object is accessed, it calls ensure_finalized() to make sure the plugin initialization is finalized. The stub object is expected to be replaced with the actual attribute value during the finalization (preferably in _on_finalize()), otherwise an AttributeError is raised.
This is used to implement on-demand finalization of plugin initialization.
- __annotations__ = {}¶
- __get__(obj, cls)¶
- __init__(name, value=None)¶
- __module__ = 'ipalib.plugable'¶
- __slots__ = ('name', 'value')¶
- name¶
- value¶
- find_entries(filter=None, attrs_list=None, base_dn=None, scope=2, time_limit=None, size_limit=None, paged_search=False, get_effective_rights=False)¶
Return a list of entries and indication of whether the results were truncated ([(dn, entry_attrs)], truncated) matching specified search parameters followed by truncated flag. If the truncated flag is True, search hit a server limit and its results are incomplete.
Keyword arguments: :param attrs_list: list of attributes to return, all if None
(default None)
- Parameters
base_dn – dn of the entry at which to start the search (default ‘’)
scope – search scope, see LDAP docs (default ldap2.SCOPE_SUBTREE)
time_limit – time limit in seconds (default unlimited)
size_limit – size (number of entries returned) limit (default unlimited)
paged_search – search using paged results control
get_effective_rights – use GetEffectiveRights control
- Raises
errors.NotFound if result set is empty or base_dn doesn’t exist
- find_entry_by_attr(attr, value, object_class, attrs_list=None, base_dn=None)¶
Find entry (dn, entry_attrs) by attribute and object class.
Keyword arguments: attrs_list - list of attributes to return, all if None (default None) base_dn - dn of the entry at which to start the search (default ‘’)
- classmethod from_hostname_plain(hostname, **kwargs)¶
Create a plain LDAP connection with TLS/SSL
Note: A plain TLS connection should only be used in combination with GSSAPI bind.
- classmethod from_hostname_secure(hostname, cacert='/etc/ipa/ca.crt', start_tls=True, **kwargs)¶
Create LDAP or LDAPS connection to a remote 389-DS instance
This constructor is opinionated and doesn’t let you shoot yourself in the foot. It always creates a secure connection. By default it returns a LDAP connection to port 389 and performs STARTTLS using the default CA cert. With start_tls=False, it creates a LDAPS connection to port 636 instead.
Note: Microsoft AD does not support SASL encryption and integrity verification with a TLS connection. For AD, use a plain connection with GSSAPI and a MIN_SSF >= 56. SASL GSSAPI and SASL GSS SPNEGO ensure data integrity and confidentiality with SSF > 1. Also see https://msdn.microsoft.com/en-us/library/cc223500.aspx
- classmethod from_realm(realm_name, **kwargs)¶
Create a LDAPI connection to local 389-DS instance
- full_name = 'ldap2/1'¶
- get_allowed_attributes(objectclasses, raise_on_unknown=False)¶
- get_attribute_single_value(name_or_oid)¶
Check the schema to see if the attribute is single-valued.
If the attribute is in the schema then returns True/False
If there is a problem loading the schema or the attribute is not in the schema return None
- get_attribute_type(name_or_oid)¶
- get_effective_rights(dn, attrs_list)[source]¶
Returns the rights the currently bound user has for the given DN.
Returns 2 attributes, the attributeLevelRights for the given list of attributes and the entryLevelRights for the entry itself.
- get_entries(base_dn, scope=2, filter=None, attrs_list=None, get_effective_rights=False, **kwargs)¶
Return a list of matching entries.
- Raises
errors.LimitsExceeded if the list is truncated by the server
- Raises
errors.NotFound if result set is empty or base_dn doesn’t exist
- Parameters
base_dn – dn of the entry at which to start the search
scope – search scope, see LDAP docs (default ldap2.SCOPE_SUBTREE)
filter – LDAP filter to apply
attrs_list – ist of attributes to return, all if None (default)
get_effective_rights – use GetEffectiveRights control
kwargs – additional keyword arguments. See find_entries method
for their description.
- get_entry(dn, attrs_list=None, time_limit=None, size_limit=None, get_effective_rights=False)¶
Get entry (dn, entry_attrs) by dn.
Keyword arguments: attrs_list - list of attributes to return, all if None (default None)
- gssapi_bind(server_controls=None, client_controls=None)¶
Perform SASL bind operation using the SASL GSSAPI mechanism.
- static handle_truncated_result(truncated)¶
- has_dn_syntax(name_or_oid)¶
Check the schema to see if the attribute uses DN syntax.
Returns True/False
- has_upg()[source]¶
Returns True/False whether User-Private Groups are enabled.
This is determined based on whether the UPG Definition’s originfilter contains “(objectclass=disable)”.
If the UPG Definition or its originfilter is not readable, an ACI error is raised.
- property hit¶
- isconnected()¶
Return
True
if thread-local connection on request.context exists.
- property ldap_uri¶
- make_dn(entry_attrs, primary_key='cn', parent_dn=None)¶
Make distinguished name from entry attributes.
Keyword arguments: primary_key – attribute from which to make RDN (default ‘cn’) parent_dn – DN of the parent entry (default ‘’)
- make_dn_from_attr(attr, value, parent_dn=None)¶
Make distinguished name from attribute.
Keyword arguments: parent_dn – DN of the parent entry (default ‘’)
- make_entry(_dn=None, _obj=None, **kwargs)¶
- classmethod make_filter(entry_attrs, attrs_list=None, rules='|', exact=True, leading_wildcard=True, trailing_wildcard=True)¶
Make filter for ldap2.find_entries from entry attributes.
Keyword arguments: attrs_list – list of attributes to use, all if None (default None) rules – specifies how to determine a match (default ldap2.MATCH_ANY) exact – boolean, True - make filter as (attr=value)
False - make filter as (attr=*value*)
- leading_wildcard – boolean:
True - allow heading filter wildcard when exact=False False - forbid heading filter wildcard when exact=False
- trailing_wildcard – boolean:
True - allow trailing filter wildcard when exact=False False - forbid trailing filter wildcard when exact=False
rules can be one of the following: ldap2.MATCH_NONE - match entries that do not match any attribute ldap2.MATCH_ALL - match entries that match all attributes ldap2.MATCH_ANY - match entries that match any of attribute
- classmethod make_filter_from_attr(attr, value, rules='|', exact=True, leading_wildcard=True, trailing_wildcard=True)¶
Make filter for ldap2.find_entries from attribute.
Keyword arguments: rules – see ldap2.make_filter exact – boolean, True - make filter as (attr=value)
False - make filter as (attr=*value*)
- leading_wildcard – boolean:
True - allow heading filter wildcard when exact=False False - forbid heading filter wildcard when exact=False
- trailing_wildcard – boolean:
True - allow trailing filter wildcard when exact=False False - forbid trailing filter wildcard when exact=False
- property max_entries¶
- property miss¶
- modify_s(dn, modlist)¶
- move_entry(dn, new_dn, del_old=True)¶
Move an entry (either to a new superior or/and changing relative distinguished name)
Keyword arguments: dn: DN of the source entry new_dn: DN of the target entry del_old – delete old RDN value (default True)
- Raises
errors.NotFound if source entry or target superior entry doesn’t exist errors.EmptyModlist if source and target are identical
- name = 'ldap2'¶
- property protocol¶
- remove_cache_entry(dn)¶
- retrieve(primary_key, attributes)[source]¶
Get entry by primary_key (DN) as one dict (DN included).
Extends CrudBackend.retrieve.
- property schema¶
schema associated with this LDAP server
- search(**kw)[source]¶
Return a list of entries (each entry is one dict, DN included) matching the specified criteria.
Keyword arguments: filter – search filter (default: ‘’) attrs_list – list of attributes to return, all if None (default None) base_dn – dn of the entry at which to start the search (default ‘’) scope – search scope, see LDAP docs (default ldap2.SCOPE_SUBTREE)
Extends CrudBackend.search.
- simple_bind(bind_dn, bind_password, server_controls=None, client_controls=None, insecure_bind=False)¶
Perform simple bind operation.
- property size_limit¶
int([x]) -> integer int(x, base=10) -> integer
Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.
If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by ‘+’ or ‘-’ and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int(‘0b100’, base=0) 4
- summary = 'LDAP Backend Take 2.'¶
- property time_limit¶
Convert a string or number to a floating point number, if possible.
- unbind()¶
Perform unbind operation.
- update(primary_key, **kw)[source]¶
Update entry’s attributes and return it as one dict (DN included).
Extends CrudBackend.update.
- update_entry(entry)¶
Update entry’s attributes.
This should be called as update_entry(entry).
- version = '1'¶