Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #8294 > unrolled thread
| Started by | sajuptpm <sajuptpm@gmail.com> |
|---|---|
| First post | 2011-06-23 06:14 -0700 |
| Last post | 2011-06-25 12:20 +0200 |
| Articles | 10 — 4 participants |
Back to article view | Back to comp.lang.python
LDAP: How get all users belongs to a group. sajuptpm <sajuptpm@gmail.com> - 2011-06-23 06:14 -0700
Re: LDAP: How get all users belongs to a group. Ken Watford <kwatford+python@gmail.com> - 2011-06-23 09:59 -0400
Re: LDAP: How get all users belongs to a group. Michael Ströder <michael@stroeder.com> - 2011-06-24 11:14 +0200
Re: LDAP: How get all users belongs to a group. sajuptpm <sajuptpm@gmail.com> - 2011-06-24 02:58 -0700
Re: LDAP: How get all users belongs to a group. sajuptpm <sajuptpm@gmail.com> - 2011-06-24 03:06 -0700
Re: LDAP: How get all users belongs to a group. sajuptpm <sajuptpm@gmail.com> - 2011-06-24 03:16 -0700
Re: LDAP: How get all users belongs to a group. Michael Ströder <michael@stroeder.com> - 2011-06-24 13:02 +0200
Re: LDAP: How get all users belongs to a group. John Gordon <gordon@panix.com> - 2011-06-24 14:57 +0000
Re: LDAP: How get all users belongs to a group. sajuptpm <sajuptpm@gmail.com> - 2011-06-25 00:08 -0700
Re: LDAP: How get all users belongs to a group. Michael Ströder <michael@stroeder.com> - 2011-06-25 12:20 +0200
| From | sajuptpm <sajuptpm@gmail.com> |
|---|---|
| Date | 2011-06-23 06:14 -0700 |
| Subject | LDAP: How get all users belongs to a group. |
| Message-ID | <542151da-ebfb-4cfb-b83d-14f2ba641bf4@x38g2000pri.googlegroups.com> |
Hi, How get all users belongs to a group using python ldap module.
[toc] | [next] | [standalone]
| From | Ken Watford <kwatford+python@gmail.com> |
|---|---|
| Date | 2011-06-23 09:59 -0400 |
| Message-ID | <mailman.322.1308837607.1164.python-list@python.org> |
| In reply to | #8294 |
On Thu, Jun 23, 2011 at 9:14 AM, sajuptpm <sajuptpm@gmail.com> wrote:
> Hi,
> How get all users belongs to a group using python ldap module.
Depends on what you mean by "users" and "group", what information you
already have, and what information you want to get. I'll assume you
mean posix accounts and groups, and that you already know how to
connect to the LDAP server.
If you already know the distinguished name of the group, you can get a
list of the member names like so (ignoring error handling):
dn, entry = connection.search_s(group_dn, ldap.SCOPE_BASE)[0]
member_list = entry['memberUid']
That will only get you the usernames. If you need to get the user's
entry (or don't know the group_dn above), then you'll have to do a bit
more searching.
To find a user's entry given their uid:
results = connection.search_s(base_dn, ldap.SCOPE_SUBTREE, "(uid=*)")
for dn, entry in results:
if uid in entry['uid']:
# this is your guy. return, or break, or whatever
The "(uid=*)" filter just means to only find entries that have user id
fields. If you wanted to be more specific about it, you could limit it
to only posixAccount objects with "(objectClass=posixAccount)". This
would probably be necessary if you wanted to search for groups (via
"(objectClass=posixGroup)" ), since those don't have a special field
for their name - they usually just use the cn (common name) field for
that. A slightly more complex filter could be written to avoid the
python loop.
If your groups are not posixGroup objects but instead groupOfNames,
then the appropriate attribute is "member" rather than "memberUid",
and the values there are user DNs instead of uids. In that case, if
you need the uid you'll have to look up those users and pull it out.
[toc] | [prev] | [next] | [standalone]
| From | Michael Ströder <michael@stroeder.com> |
|---|---|
| Date | 2011-06-24 11:14 +0200 |
| Message-ID | <iu1ki7$9lt$2@dont-email.me> |
| In reply to | #8294 |
sajuptpm wrote: > How get all users belongs to a group using python ldap module. There are several ways of storing grouping information in a LDAP server. I assume the groups are normal group entries of object class 'groupOfNames' which is most commonly used. Such an entry has the attribute 'member' which contains DNs of all member entries which you would have to read yourself. This can be quite annoying for large group entries since you would have to send a search request for each group member. Therefore on some servers you can search for a back-link attribute in the user entries. Most times it's called 'memberOf' or 'isMemberOf'. But this depends on the server's implemented features and configuration. Which LDAP server are you using? Ciao, Michael.
[toc] | [prev] | [next] | [standalone]
| From | sajuptpm <sajuptpm@gmail.com> |
|---|---|
| Date | 2011-06-24 02:58 -0700 |
| Message-ID | <34110eed-96bc-499f-9a4e-068f2720fc8b@h12g2000pro.googlegroups.com> |
| In reply to | #8363 |
Hi, Thanks for reply. dn: cn=My-Group-1, ou=Groups, o=CUST equivalentToMe: cn=TDS7034,ou=Internal PCA,o=CUST objectClass: groupOfNames <------------ objectClass: top objectClass: swarePointers ACL: 2#entry#[Root]#member cn: My-Group-1 member: cn=AJP2203,ou=Internal PCA,o=CUST member: cn=AZE9632,ou=Internal PCA,o=CUST member: cn=BTC4979,ou=Internal PCA,o=CUST * I have group definition in LDAP server as above. * How fetch all members from this perticular group 'My-Group-1' using python-ldap module. * I tried, but i don't know how do it. * I want to get those 3 members from group 'My-Group-'
[toc] | [prev] | [next] | [standalone]
| From | sajuptpm <sajuptpm@gmail.com> |
|---|---|
| Date | 2011-06-24 03:06 -0700 |
| Message-ID | <190db415-dae5-4c4d-97ea-6a7d42fb6d6e@j13g2000pro.googlegroups.com> |
| In reply to | #8364 |
I am using Openldap (openldap 2.3.43-12.el5_5.2 and openldap.i386 0:2.3.43_2.2.29-12.el5_6.7)
[toc] | [prev] | [next] | [standalone]
| From | sajuptpm <sajuptpm@gmail.com> |
|---|---|
| Date | 2011-06-24 03:16 -0700 |
| Message-ID | <7eae157c-fb4e-4fe9-a9b2-0b989452d8ae@l2g2000prg.googlegroups.com> |
| In reply to | #8364 |
------------------------------------------- User cn=AJP2203,ou=Internal PCA,o=CUST has group memberships to the following Groups: groupMembership: cn=My-Group-1,ou=Groups,o=CUST groupMembership: cn=My-Group-2,u=Groups,o=CUST groupMembership: cn=My-Group-3,ou=Groups,o=CUST ------------------------------------------- Group dn: cn=My-Group-1, ou=Groups, o=CUST equivalentToMe: cn=TDS7034,ou=Internal PCA,o=CUST objectClass: groupOfNames <------------ objectClass: top objectClass: swarePointers ACL: 2#entry#[Root]#member cn: My-Group-1 member: cn=AJP2203,ou=Internal PCA,o=CUST member: cn=AZE9632,ou=Internal PCA,o=CUST member: cn=BTC4979,ou=Internal PCA,o=CUST ----------------- * We will get groups of a member from member record, using key 'groupMembership'. * But i want to get members belogs to a particular group Eg:'My- Group-1' * Have any method in python-ldap model for this ???
[toc] | [prev] | [next] | [standalone]
| From | Michael Ströder <michael@stroeder.com> |
|---|---|
| Date | 2011-06-24 13:02 +0200 |
| Message-ID | <iu1qsa$eea$3@dont-email.me> |
| In reply to | #8367 |
sajuptpm wrote: > ------------------------------------------- User > > cn=AJP2203,ou=Internal PCA,o=CUST has group memberships > to the following Groups: > groupMembership: cn=My-Group-1,ou=Groups,o=CUST > groupMembership: cn=My-Group-2,u=Groups,o=CUST > groupMembership: cn=My-Group-3,ou=Groups,o=CUST > > ------------------------------------------- Group > > dn: cn=My-Group-1, ou=Groups, o=CUST > equivalentToMe: cn=TDS7034,ou=Internal PCA,o=CUST > objectClass: groupOfNames <------------ > objectClass: top > objectClass: swarePointers > ACL: 2#entry#[Root]#member > cn: My-Group-1 > member: cn=AJP2203,ou=Internal PCA,o=CUST > member: cn=AZE9632,ou=Internal PCA,o=CUST > member: cn=BTC4979,ou=Internal PCA,o=CUST > > ----------------- > > * We will get groups of a member from member record, using key > 'groupMembership'. > * But i want to get members belogs to a particular group Eg:'My- > Group-1' If this is the server's data the LDAP server seems to be Novell eDirectory not OpenLDAP. I'd try member search with this filter: (groupMembership=cn=My-Group-1,ou=Groups,o=CUST) Ciao, Michael.
[toc] | [prev] | [next] | [standalone]
| From | John Gordon <gordon@panix.com> |
|---|---|
| Date | 2011-06-24 14:57 +0000 |
| Message-ID | <iu28l1$5ob$1@reader1.panix.com> |
| In reply to | #8364 |
In <34110eed-96bc-499f-9a4e-068f2720fc8b@h12g2000pro.googlegroups.com> sajuptpm <sajuptpm@gmail.com> writes:
> dn: cn=My-Group-1,ou=Groups,o=CUST
> member: cn=AJP2203,ou=Internal PCA,o=CUST
> member: cn=AZE9632,ou=Internal PCA,o=CUST
> member: cn=BTC4979,ou=Internal PCA,o=CUST
> * I have group definition in LDAP server as above.
> * How fetch all members from this perticular group 'My-Group-1' using
> python-ldap module.
> * I tried, but i don't know how do it.
> * I want to get those 3 members from group 'My-Group-'
This code should work, although I haven't tested it:
import ldap
uri = "my hostname and port"
user = "my username"
password = "my password"
ldapClient = ldap.initialize(uri)
ldapClient.set_option(ldap.OPT_REFERRALS, 0)
ldapClient.bind(user, password)
results = ldapClient.search_s("cn=My-Group-1,ou=Groups,o=CUST", ldap.SCOPE_BASE)
for result in results:
result_dn = result[0]
result_attrs = result[1]
if "member" in result_attrs:
for member in result_attrs["member"]:
print member
ldapClient.unbind_s()
--
John Gordon A is for Amy, who fell down the stairs
gordon@panix.com B is for Basil, assaulted by bears
-- Edward Gorey, "The Gashlycrumb Tinies"
[toc] | [prev] | [next] | [standalone]
| From | sajuptpm <sajuptpm@gmail.com> |
|---|---|
| Date | 2011-06-25 00:08 -0700 |
| Message-ID | <5a279799-c8cd-4efc-aeea-509dda0a2212@v11g2000prn.googlegroups.com> |
| In reply to | #8383 |
results = ldapClient.search_s("cn=My-Group-1,ou=Groups,o=CUST",
ldap.SCOPE_BASE)
Is this method work for all types of groups (groupOfNames,
posixGroup) ???
have to implement user search/fetch separately for each groups ???
[toc] | [prev] | [next] | [standalone]
| From | Michael Ströder <michael@stroeder.com> |
|---|---|
| Date | 2011-06-25 12:20 +0200 |
| Message-ID | <iu4cqa$tgj$2@dont-email.me> |
| In reply to | #8437 |
sajuptpm wrote:
> results = ldapClient.search_s("cn=My-Group-1,ou=Groups,o=CUST",
> ldap.SCOPE_BASE)
>
> Is this method work for all types of groups (groupOfNames,
> posixGroup) ???
Yes, but the member attribute differs.
'member' in entries of object class 'groupOfNames' contains the DN of the
member's entry.
'memberUID' in entries of object class 'posixGroup' contains the 'uid' of the
member's entry if the original RFC 2307 is used. If the LDAP server uses a
draft-howard-rfc2307bis it behaves like groupOfNames.
Also there's object class 'groupOfUniqueNames' used most times on Sun DS which
contains the DN of the member's entry in attribute 'uniqueMember'.
Additionally organizationalRole -> roleOccupant contains DN of the member's
entry...
The default config of my web2ldap contains even more:
--------------------------------- snip ---------------------------------
# The definitions for group entry administration
groupadm_defs={
'groupOfNames': ('member',None),
'groupOfUniqueNames': ('uniqueMember',None),
'organizationalRole': ('roleOccupant',None),
'rfc822MailGroup': ('mail','mail'),
'nisMailAlias': ('rfc822MailMember','mail'),
'mailGroup': ('mgrprfc822mailmember','mail'),
# Found on IBM SecureWay Directory
'accessGroup': ('member',None),
# RFC2370
'posixGroup': ('memberUid','uid'),
'nisNetgroup': ('memberNisNetgroup','uid'),
# Samba 3.0
'sambaGroupMapping': ('sambaSIDList','sambaSID'),
# Active Directory
'group': ('member',None),
# draft-findlay-ldap-groupofentries
'groupOfEntries': ('member',None),
# Apple MAC OS X
'apple-group': ('apple-group-memberguid','apple-generateduid'),
},
--------------------------------- snip ---------------------------------
Ciao, Michael.
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web