ldap服务器搭建——python认证接口

搭建好openldap服务器之后，编写python接口进行认证

1、支持用户名、邮箱、用户ID三种认证方式

2、代码如下：

import ldap
import re


LDAP_PATH = "ldap://localhost:389"
LDAP_BASE_DN = "dc=openldap,dc=xx,dc=com"
LDAP_USER = "cn=Manager,dc=openldap,dc=xx,dc=com"
LDAP_PASSWORD = "xxx"


class Ldap:

    def __init__(self, ldap_path=LDAP_PATH, ldap_user=LDAP_USER,
                 ldap_password=LDAP_PASSWORD, ldap_base_dn=LDAP_BASE_DN):
        self.ldap_path = LDAP_PATH
        self.ldap_user = LDAP_USER
        self.ldap_password = LDAP_PASSWORD
        self.ldap_base_dn = LDAP_BASE_DN
        try:
            self.ldap_conn = ldap.initialize(ldap_path)
            self.ldap_conn.simple_bind(ldap_user, ldap_password)
        except ldap.LDAPError, e:
            raise e

    def __ldap_search_user(self, attr_type, value):
        conn = self.ldap_conn
        conn.protocol_version = ldap.VERSION3
        search_scope = ldap.SCOPE_SUBTREE
        retrieve_attributes = None
        search_filter = attr_type+"=" + str(value)
        try:
            ldap_result_id = conn.search(self.ldap_base_dn, search_scope, search_filter, retrieve_attributes)
            result_type, result_data = conn.result(ldap_result_id, 0)
            # print(result_type, result_data)
            if result_type == ldap.RES_SEARCH_ENTRY:
                dn = result_data[0][0]
                user_info = result_data[0][1]
                # get cn
                if 'cn' in user_info:
                    login = user_info['cn'][0]
                else:
                    login = None
                # get user_id
                if 'uid' in user_info:
                    user_id = user_info['uid'][0]
                else:
                    user_id = None
                # get email
                if 'mail' in user_info:
                    email = user_info['mail'][0]
                else:
                    email = None
                # get title
                if 'title' in user_info:
                    title = user_info['title'][0]
                else:
                    title = None
                user = {'login': login, 'user_id': user_id,
                         'email': email, 'title': title}
                return dn, user
            else:
                return None, result_type
        except ldap.LDAPError, e:
            raise e

    # user_name
    def get_user_by_cn(self, cn):
        return self.__ldap_search_user('cn', cn)

    # user_id
    def get_user_by_uid(self, uid):
        return self.__ldap_search_user('uid', uid)

    # email
    def get_user_by_email(self, email):
        return self.__ldap_search_user('mail', email)

    def validate(self, user, password):
        conn = self.ldap_conn
        user = str(user)
        password = str(password)
        if user.isdigit():
            dn, user_info = self.get_user_by_uid(user)
        elif is_email(user):
            dn, user_info = self.get_user_by_email(user)
        else:
            dn, user_info = self.get_user_by_cn(user)
        if not dn:
            return False, 'search return code: ' + str(user_info)+'(maybe user is not existed)'
        try:
            if conn.simple_bind_s(dn, password):
                return True, user_info
            else:
                return False, "validate failed"
        except ldap.LDAPError as e:
            return False, "validate failed"


def is_email(s):
    p = re.compile('[^\._-][\w\.-]+@(?:[A-Za-z0-9]+\.)+[A-Za-z]+$|^0\d{2,3}\d{7,8}$|^1[358]\d{9}$|^147\d{8}')
    match = p.match(s)
    if match:
        return True
    else:
        return False