AD用户登录验证 遍历OU（LDAP）

先安装python-ldap模块

1.验证AD用户登录是否成功

import sqlite3,ldapdomainname='cmr\\'username='zhangsan'ldapuser = domainname + usernameldappass='password'ldappath='ldap://192.168.200.20:389/'baseDN='OU=ouname,DC=d1,DC=d2,DC=com'l=ldap.initialize(ldappath)l.protocol_version = ldap.VERSION3try:l.simple_bind_s(ldapuser,ldappass)#print l.simple_bind_s(ldapuser,ldappass)except Exception,err: #ldap.LDAPErrorprint err.message['desc'] #DC无法连通，或凭据错误，报错也不同

2.验证用户queryusername是否存在

import ldapdomainname='dname\\'username='authname'queryusername ='queryusername'ldapuser = domainname + usernameldappass='password'ldappath='ldap://192.168.200.20:389/'baseDN='OU=拍,DC=d1,DC=d2,DC=com'try:l = ldap.initialize(ldappath)l.protocol_version = ldap.VERSION3#l.simple_bind(ldapuser,ldappass) l.bind_s(ldapuser,ldappass)searchScope = ldap.SCOPE_SUBTREEsearchFiltername = "sAMAccountName" #通过samaccountname查找用户retrieveAttributes = NonesearchFilter = '(' + searchFiltername + "=" + queryusername +')' #searchFilter = '(' + searchFiltername + "=" + username +'*)' 加星号表示模糊查找ldap_result =l.search_s(baseDN, searchScope, searchFilter, retrieveAttributes) #返回结果为list或None#searchFilter = '(&(objectClass=person)(sAMAccountName=username))'#ldap_result =l.search(baseDN, searchScope, searchFilter, retrieveAttributes)#ldap_result =l.search_ext_s(baseDN, searchScope, searchFilter, retrieveAttributes)#print ldap_resultif len(ldap_result) == 0:print queryusername + ' Doesnot Exist'except ldap.LDAPError, e:print efinally:l.unbind_s() #解除ldap bindingdel l

3.遍历某个OU下所有用户

# -*- coding: UTF-8 -*-import ldapdomainname='umr\\'username='authusername'ldapuser = domainname + usernameldappass='password'ldappath='ldap://192.168.200.20:389/'baseDN='OU=ServerAdmin,DC=umr,DC=uu,DC=com'try:l = ldap.initialize(ldappath)l.protocol_version = ldap.VERSION3#l.simple_bind(ldapuser,ldappass) l.bind_s(ldapuser,ldappass)searchScope = ldap.SCOPE_SUBTREEretrieveAttributes = NonesearchFilter = '(&(objectClass=person))' #遍历该OU下所有用户，包含子OUldap_result =l.search_s(baseDN, searchScope, searchFilter, retrieveAttributes) #返回结果为list或Nonefor pinfor in ldap_result:#pinfor是一个tuple，第一个元素是该用户的CN，第二个元素是一个dict，包含有用户的所有属性if pinfor[1]:p=pinfor[1]sAMAccountName = p['sAMAccountName'][0] #返回值是一个listdisplayName = p['displayName'][0]#如果用户的某个属性为空，则dict中不会包含有相应的keyif 'department' in p:department = p['department'][0]else:department = Noneprint sAMAccountName,displayName,departmentif len(ldap_result) == 0:print queryusername + ' Doesnot Exist'except ldap.LDAPError, e:print efinally:l.unbind_s() #解除ldap bindingdel l

参考：/s/blog_69ac00af01012e0g.html

//11/use-python-ldap-to-create-read-delete-upgrade-ldap-entries/

https://www.python-/doc/html/ldap.html#ldap.LDAPObject.search

如果觉得《AD用户登录验证 遍历OU（LDAP）》对你有帮助，请点赞、收藏，并留下你的观点哦！