Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.albasani.net!news2.arglkargh.de!news.wiretrip.org!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <kwatford@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.009
X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'python': 0.08; 'attribute': 0.09; 'ldap': 0.09; 'loop.': 0.09; 'received:mail- bw0-f46.google.com': 0.09; 'return,': 0.09; 'am,': 0.13; 'wrote:': 0.15; '"member"': 0.16; '(via': 0.16; 'name)': 0.16; 'posix': 0.16; 'received:209.85.214.46': 0.16; 'entries': 0.16; 'written': 0.17; 'have,': 0.17; 'subject:users': 0.19; 'slightly': 0.19; 'appropriate': 0.20; 'filter': 0.22; 'header:In-Reply-To:1': 0.22; 'assume': 0.23; "user's": 0.23; 'server.': 0.25; '(or': 0.25; 'sender:addr:gmail.com': 0.26; 'objects': 0.28; 'received:209.85.214': 0.28; 'message-id:@mail.gmail.com': 0.28; 'depends': 0.28; 'thu,': 0.28; 'bit': 0.28; 'get.': 0.30; 'hi,': 0.30; 'values': 0.31; "i'll": 0.31; 'error': 0.33; 'list': 0.33; 'rather': 0.33; 'skip:" 20': 0.33; 'usually': 0.33; 'entry': 0.33; 'instead': 0.34; 'there': 0.34; 'to:addr:python-list': 0.34; 'dns': 0.35; 'module.': 0.35; 'probably': 0.35; 'subject:How': 0.36; 'group,': 0.36; 'pull': 0.37; 'received:google.com': 0.37; 'but': 0.37; 'using': 0.38; 'received:209.85': 0.38; 'could': 0.38; 'user': 0.38; 'subject:: ': 0.38; 'case,': 0.38; 'to:addr:python.org': 0.39; 'received:209': 0.39; 'would': 0.40; 'more': 0.60; 'your': 0.61; 'results': 0.62; 'accounts': 0.63; 'limit': 0.66; 'jun': 0.67; 'special': 0.68; '(common': 0.84; 'above),': 0.84; 'handling):': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:from :date:x-google-sender-auth:message-id:subject:to:content-type; bh=mWWpeNYanjywzyneqRG496NqUEjSPJ6F7VHzv9A+Yrg=; b=AREQjZ47ZrSMXsriHXSpxTLUOZIfW7pG7S6Rr2zKl4Jlj+k4f64z4zDAcFayskHVYa 99wgCM5yO6DVtglxwDQDGbX6JxXbH6R5p+XQz4XAQF8Bqex7UUDmRlz+7eO3E+qGxSj9 7jtqGe44N8SWXdbWLxl3sc+0dmBID5IeEmOX8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type; b=MWRCS28HSVgPB/1HMvABqqmAzo6WZ1MEvoXB+LYMGibiFfo0a8j/enk/Mj/VcBJ3wR 7bRuR+MJWwrdY9OsCXTgG6ZZ7YOXut/qGZAJFdlZrkRk9VXqb6k8F76fDp6+B2wzeceV qVM5uXTqWxd/PO9Q7Ilw5LZgpUm4mkDPjLcXE=
MIME-Version: 1.0
Sender: kwatford@gmail.com
In-Reply-To: <542151da-ebfb-4cfb-b83d-14f2ba641bf4@x38g2000pri.googlegroups.com>
References: <542151da-ebfb-4cfb-b83d-14f2ba641bf4@x38g2000pri.googlegroups.com>
From: Ken Watford <kwatford+python@gmail.com>
Date: Thu, 23 Jun 2011 09:59:46 -0400
X-Google-Sender-Auth: 5b3H-cUk7UPHvibcxVWEVtMVol0
Subject: Re: LDAP: How get all users belongs to a group.
To: python-list@python.org
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.322.1308837607.1164.python-list@python.org>
Lines: 39
NNTP-Posting-Host: 82.94.164.166
X-Trace: 1308837608 news.xs4all.nl 14142 [::ffff:82.94.164.166]:38358
X-Complaints-To: abuse@xs4all.nl
Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:8299

On Thu, Jun 23, 2011 at 9:14 AM, sajuptpm <sajuptpm@gmail.com> wrote:
> Hi,
> How get all users belongs to a group using python ldap module.

Depends on what you mean by "users" and "group", what information you
already have, and what information you want to get. I'll assume you
mean posix accounts and groups, and that you already know how to
connect to the LDAP server.

If you already know the distinguished name of the group, you can get a
list of the member names like so (ignoring error handling):

dn, entry = connection.search_s(group_dn, ldap.SCOPE_BASE)[0]
member_list = entry['memberUid']

That will only get you the usernames. If you need to get the user's
entry (or don't know the group_dn above), then you'll have to do a bit
more searching.

To find a user's entry given their uid:

results = connection.search_s(base_dn, ldap.SCOPE_SUBTREE, "(uid=*)")
for dn, entry in results:
     if uid in entry['uid']:
         # this is your guy. return, or break, or whatever

The "(uid=*)" filter just means to only find entries that have user id
fields. If you wanted to be more specific about it, you could limit it
to only posixAccount objects with "(objectClass=posixAccount)". This
would probably be necessary if you wanted to search for groups (via
"(objectClass=posixGroup)" ), since those don't have a special field
for their name - they usually just use the cn (common name) field for
that. A slightly more complex filter could be written to avoid the
python loop.

If your groups are not posixGroup objects but instead groupOfNames,
then the appropriate attribute is "member" rather than "memberUid",
and the values there are user DNs instead of uids. In that case, if
you need the uid you'll have to look up those users and pull it out.