LDAP Login Authentication Using Python LDAP

-
About 2 days ago, I have to create an app for internal company use. I'm using EmeraldBox to develop it. At first I created the user model to save user credentials and using it during the login process.

However, the boss came with an idea that I should use LDAP login since we have it and it provides a single sign-on solution, which is better.

So, I googled around and found python-ldap.

You can easily install it by running:
pip install python-ldap
and it's ready to use.

The question is, how can I use it?

Check out the code I use below for references. The steps should be the same. However, you need to adjust some values accordingly to the LDAP settings in the server.

# to be able to import ldap run pip install python-ldap
import ldap
if __name__ == "__main__":
ldap_server="x.x.x.x"
username = "someuser"
password= "somepassword"
# the following is the user_dn format provided by the ldap server
user_dn = "uid="+username+",ou=someou,dc=somedc,dc=local"
# adjust this to your base dn for searching
base_dn = "dc=somedc,dc=local"
connect = ldap.open(ldap_server)
search_filter = "uid="+username
try:
#if authentication successful, get the full user data
connect.bind_s(user_dn,password)
result = connect.search_s(base_dn,ldap.SCOPE_SUBTREE,search_filter)
# return all user data results
connect.unbind_s()
print result
except ldap.LDAPError:
connect.unbind_s()
print "authentication error"
view raw authenticate.py hosted with ❤ by GitHub
It's as easy as that and you can perform login and get the user credentials. In my app, I use Flask's session to put the user credentials so I can fetch it whenever I need to.

Feel free to use my code.

Happy hacking!!!


regards

-E-

Comments

  1. John MuddAugust 17, 2013 at 4:25 AM

    import ldap
    conn = ldap.open("ldap.company.com")
    conn.simple_bind_s("myuser@company.com", "mypassword")

    ReplyDelete
  2. AnonymousApril 29, 2014 at 3:20 PM

    i tried ur code but its throwing me the following error

    ldap.LDAPError: (2, 'No such file or directory')

    ReplyDelete
  3. AnonymousApril 29, 2014 at 3:28 PM

    here username and password means either ldap credentials or credentials of the user who logged in??????

    ReplyDelete
  4. AnonymousMay 5, 2014 at 6:33 PM

    It's as easy as that and you can perform login and get the user credentials. In my app, I use Flask's session to put the user credentials so I can fetch it whenever I need to.

    ReplyDelete
  5. AnonymousJune 7, 2014 at 5:44 PM

    Thanks, for your blog but i m getting error :
    Exception{'info': '80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc': 'Invalid credentials'}

    ReplyDelete
    Replies
    1. UnknownAugust 23, 2016 at 9:46 AM

      you account or password is error, or you account has a domain

      Delete

Post a Comment

Popular posts from this blog

Customizing Sanic's Logging output on Gunicorn

-
For those of you who didn't know, Sanic is a Python 3.6+ web server and web framework that’s written to go fast. It allows the usage of the async/await syntax added in Python 3.5, which makes your code non-blocking and speedy. Sanic's API is highly influenced by Flask and the API is really good. I worked on a personal project lately and found out that doing custom logging on Sanic is quite hard. You don't get a lot of information from Sanic's logging library and since it's based on the default Python 3 logging library , the information it provides is limited. My initial thought was since I will use Gunicorn, let's use Gunicorn's --access-logformat to get the information I needed. The functionality provided a lot of information and I can make use of it to get what I need. However, when you use Sanic Gunicorn Worker, which you need to use to make it work on Gunicorn, it will only use Sanic's logging output. I did a lot of googling and it seems like a lo...
Read more

Bali: A view from an Indonesian

-
Image
Coming from Indonesia, a question I get asked a lot near summer is always the same: Where should I go in Bali? As an Indonesian, I can tell you that Bali is not the only place you can go to. But if it’s your first time coming and you still want to go to Bali then I’ll share my own recommendation on places to go. I won’t share hotels or restaurants, that you can review yourselves based on the area but I’ll share possible locations and things you can do. What’s a visit to a tropical island without going to the beach? Here are my list of recommended beaches: Virgin/White sand beach, Karangasem. This is a hard to reach beach, you need to ride a boat or walk through the cliff. But it’s a really nice beach. Jimbaran. Beautiful beach with great eating place around. Legian. The beach to spend your lazy days. Seminyak. This is pretty much next to Legian, also good. Pandawa beach. It’s a really nice experience going here going through the cliffs. Lovina beach. A nice beach, not to crowded. If yo...
Read more

5 Takeaways From My Past 5 Years With Coral, Prism, Midtrans and Gojek

-
Image
A little over 5 years ago, I decided to resign from Traveloka and joined hands with my friends to help build Coral. It was an exciting project. I have a big interest in the social commerce space and Coral seemed to be a very good take at it. We built it, launched it, learned from it and in the end decided that the business model will not be sustainable. Our experiment was evidently working. Merchant's conversion rate reached over 20% on our platform but we couldn't monetise it. Then we took the decision to pivot. We took the best part of Coral, the chat-to-buy capability, and breathe life into Prism. The product helped businesses dive head first into the social commerce space with their existing platforms. One thing that a lot of people don't know was that Coral and Prism was part of Midtrans from early on. It was acquired before launch. This enabled us to do the experiment without worrying about funding. Gojek acquired Midtrans during the closing days of 2017 and Prism w...
Read more