Using simpleldap | Connor Johnson

Recently, I thought I needed to use simpleldap–it turned out that I instead needed to reconfigure NGINX. At any rate, this was my experience with simpleldap.

Initially, I had this issue:

Modules/LDAPObject.c:18:10: fatal error: &#039;sasl.h&#039; file not found
#include &lt;sasl.h&gt;
         ^
1 error generated.
error: command &#039;cc&#039; failed with exit status 1

In order to work around that, I used this SO post to do the following:

sudo pip install simpleldap --global-option=build_ext --global-option=&quot;-I$(xcrun --show-sdk-path)/usr/include/sasl&quot;

That did the trick. The next thing to do was create a connection to the LDAP server. The important thing here is to remember to pass the port information separately as an integer, not as a string, and not included in the server host name.

conn = simpleldap.Connection(&quot;some-server.corp.com&quot;,port=389)

Next, you can use the conn object to perform a search or a get. the difference is that a search returns a (possible empty) list, and a get returns either an object, or an error if the thing that you’re looking for does not exist. That means you should either search before you get, or call a get from within a try-except block.

results = conn.search(&quot;uid=c.johnson&quot;,base_dn=&quot;dc=corp,dc=com&quot;)
result = conn.get(&quot;uid=c.johnson&quot;,base_dn=&quot;dc=corp,dc=com&quot;)

Once you have the result(s) for a user or users, you can then try to authenticate some password. You do that by calling the authenticate method on the connection object, conn. You pass the dn attribute of the result as the first argument, and the password string as the second argument. Then authenticate will return True or False.

conn.authenticate( result.dn, somePassword )

Blog about math, programming, and data.