LDAP Class
Properties Methods Events Configuration Settings Errors
The LDAP Class is used to search, manage, and maintain Internet Directory (LDAP) servers.
Syntax
class ipworksauth.LDAP
Remarks
The LDAP Class supports both plaintext and SSL/TLS connections. When connecting over SSL/TLS the on_ssl_server_authentication event allows you to check the server identity and other security attributes. The on_ssl_status event provides information about the SSL handshake. Additional SSL related settings are also supported via the config method.
The LDAP Class implements a standard LDAP client as specified in RFC 1777, 2251, and other LDAP RFCs. Support for both LDAP v2 and v3 is provided.
The first step in using the class is specifying the server_name, a dn (Distinguished Name) to bind as, and optionally a password. Then you can call one or more of the class methods to act upon the server. Server responses are normally received through the on_result event. The only exceptions are search requests which result in one or more on_search_result events, followed by a final on_search_complete event.
Attributes are set and returned through the attributes properties. Other command arguments are specified through other properties. These are specified in detail in each method.
Search filters are to be specified as string arguments to the search method. The format must be a standard LDAP search string as specified in RFC 1558. Other search attributes are set in properties such as search_scope, search_time_limit, search_size_limit, search_return_values, and search_deref_aliases.
The class operates synchronously by default (waits for a response before returning control to the caller), however, the class may also operate asynchronously (return control immediately), by setting timeout to 0. Please refer to the timeout property for more information.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| accept_data | Enables or disables data reception from the server. |
| attr_count | The number of records in the Attr arrays. |
| attr_type | Attribute type for the current entry. |
| attr_mod_op | An operation to apply on attributes during an LDAP modify operation. |
| attr_value | Attribute value for the current entry. |
| auth_mechanism | The authentication mechanism to be used when connecting to the LDAP server. |
| connected | Shows whether the class is connected. |
| delete_old_rdn | Controls whether the old RDN (Relative Distinguished Name) should be deleted. |
| dn | The Distinguished Name used as the base for LDAP operations. |
| firewall_auto_detect | This property tells the class whether or not to automatically detect and use firewall system settings, if available. |
| firewall_type | This property determines the type of firewall to connect through. |
| firewall_host | This property contains the name or IP address of firewall (optional). |
| firewall_password | This property contains a password if authentication is to be used when connecting through the firewall. |
| firewall_port | This property contains the TCP port for the firewall Host . |
| firewall_user | This property contains a user name if authentication is to be used connecting through a firewall. |
| idle | The current status of the class. |
| ldap_version | The version of LDAP used. |
| local_host | The name of the local host or user-assigned IP interface through which connections are initiated or accepted. |
| message_id | The message identifier for the next LDAP request. |
| page_size | The maximum number of results per page for the Search method. |
| password | The password used to authenticate to the LDAP server. |
| reference_count | The number of records in the Reference arrays. |
| reference_url | The url of the LDAP reference. |
| result_code | The result code returned in the last server response. |
| result_description | The descriptive text returned in the last server response (if any). |
| result_dn | The Distinguished Name returned in the last server response (if any). |
| search_deref_aliases | Controls alias dereferencing during searching. |
| search_return_values | Controls whether the search operation returns values of attributes, or only types. |
| search_scope | Controls the scope of LDAP search operations. |
| search_size_limit | Maximum number of entries that can be returned by the next search operation. |
| search_time_limit | A time limit for the next search operation (in seconds). |
| server_name | The name or address of the LDAP server. |
| server_port | The server port for the LDAP connection (default is 389). |
| sort_attributes | A string of attribute names to sort on with optional relative matching rules. |
| ssl_accept_server_cert_encoded | The certificate (PEM/base64 encoded). |
| ssl_cert_encoded | The certificate (PEM/base64 encoded). |
| ssl_cert_store | The name of the certificate store for the client certificate. |
| ssl_cert_store_password | If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. |
| ssl_cert_store_type | The type of certificate store for this certificate. |
| ssl_cert_subject | The subject of the certificate used for client authentication. |
| ssl_enabled | Whether TLS/SSL is enabled. |
| ssl_server_cert_encoded | The certificate (PEM/base64 encoded). |
| ssl_start_mode | Determines how the class starts the SSL negotiation. |
| timeout | A timeout for the class. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| abandon | Asks the server to abandon a request. |
| add | Adds an entry specified by DN to the directory server using the type and value attributes defined in the Attributes properties. |
| attr | Returns the value of the specified LDAP attribute. |
| bind | Connects and binds to the directory server. |
| change_password | Changes the password for the specified user. |
| compare | Compares attributes and values with those of the entry specified by DN . |
| config | Sets or retrieves a configuration setting. |
| delete | Deletes an entry specified by DN from the directory server. |
| do_events | Processes events from the internal message queue. |
| extended_request | Performs an LDAP V3 Extended Operation. |
| interrupt | Interrupt the current method. |
| list_computers | Lists all computers in the directory. |
| list_group_members | List all members of a group. |
| list_groups | List all groups in the directory. |
| list_user_groups | Lists all groups a user is a part of. |
| modify | Performs an LDAP 'modify' operation on the entry specified by DN . |
| modify_rdn | Performs an LDAP 'modify RDN' operation an entry specified by DN . |
| move_to_dn | Performs an LDAP 'modify' operation on the entry specified by DN by changing its superior. |
| reset | Reset the class. |
| search | Searches the directory server using the base object specified in DN and the search filter SearchFilter . |
| unbind | Unbinds from the directory server. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| on_computer_list | Fired for each computer entry returned. |
| on_connected | Fired immediately after a connection completes (or fails). |
| on_connection_status | Fired to indicate changes in connection state. |
| on_disconnected | Fired when a connection is closed. |
| on_error | Information about errors during data delivery. |
| on_extended_response | Fired for LDAP V3 Extended Responses. |
| on_group_list | Fired for each group entry returned. |
| on_pi_trail | Provides detailed information about the interaction with the server. |
| on_result | Fired for every server response, except search responses. |
| on_search_complete | Fired upon completion of a search operation. |
| on_search_page | Fired for every page returned from a search operation. |
| on_search_result | Fired for every entry returned from a search operation. |
| on_search_result_reference | Fired for every result reference returned from a search operation. |
| on_ssl_server_authentication | Fired after the server presents its certificate to the client. |
| on_ssl_status | Shows the progress of the secure connection. |
| on_user_list | Fired once for each user entry returned. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| DomainController | Returns the name of the domain controller. |
| FriendlyGUID | Whether to return GUID attribute values in a human readable format. |
| FriendlySID | Whether to return SID attribute values in a human readable format. |
| RequestControls | Controls to include in the request. |
| ResponseControls | Controls present in the response. |
| SingleResultMode | Determines how ResultDN behaves. |
| UseDefaultDC | Whether to connect to the default Domain Controller when calling Bind. |
| ConnectionTimeout | Sets a separate timeout value for establishing a connection. |
| FirewallAutoDetect | Tells the class whether or not to automatically detect and use firewall system settings, if available. |
| FirewallHost | Name or IP address of firewall (optional). |
| FirewallPassword | Password to be used if authentication is to be used when connecting through the firewall. |
| FirewallPort | The TCP port for the FirewallHost;. |
| FirewallType | Determines the type of firewall to connect through. |
| FirewallUser | A user name if authentication is to be used connecting through a firewall. |
| KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
| KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
| Linger | When set to True, connections are terminated gracefully. |
| LingerTime | Time in seconds to have the connection linger. |
| LocalHost | The name of the local host through which connections are initiated or accepted. |
| LocalPort | The port in the local host where the class binds. |
| MaxLineLength | The maximum amount of data to accumulate when no EOL is found. |
| MaxTransferRate | The transfer rate limit in bytes per second. |
| ProxyExceptionsList | A semicolon separated list of hosts and IPs to bypass when using a proxy. |
| TCPKeepAlive | Determines whether or not the keep alive socket option is enabled. |
| TcpNoDelay | Whether or not to delay when sending packets. |
| UseIPv6 | Whether to use IPv6. |
| AbsoluteTimeout | Determines whether timeouts are inactivity timeouts or absolute timeouts. |
| FirewallData | Used to send extra data to the firewall. |
| InBufferSize | The size in bytes of the incoming queue of the socket. |
| OutBufferSize | The size in bytes of the outgoing queue of the socket. |
| BuildInfo | Information about the product's build. |
| CodePage | The system code page used for Unicode to Multibyte translations. |
| LicenseInfo | Information about the current license. |
| ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
| SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
| UseInternalSecurityAPI | Tells the class whether or not to use the system security libraries or an internal implementation. |