6.4. LDAPServer

The LDAPServer service implements retrieving a user attribute from preconfigured AD or unix LDAP servers.

6.4.1. Configuration example

[ldap_server]
# Name of the LDAP Server policy configured in SPS
; name = <ldap-server-policy-name>

# The LDAP attribute name which should be used.
# Note that this may be different from the displayed name of the
# attribute, especially in Microsoft Windows, for example
# "Office" attribute is encoded in "physicalDeliveryOfficeName".
user_attribute = description

6.4.1.1. Acquiring a user attribute

In this example we’ll use the following configuration to fetch the description attribute of the user administrator.

[ldap_server]
# Name of the LDAP Server policy configured in SPS
name = my_ad_policy

# The LDAP attribute name which should be used.
# Note that this may be different from the displayed name of the
# attribute, especially in Microsoft Windows, where for example
# "Office" attribute is encoded in "physicalDeliveryOfficeName".
user_attribute = description

from safeguard.sessions.plugin import PluginConfiguration
from safeguard.sessions.plugin import LDAPServer

class Plugin:
   def __init__(self, configuration):
       self.__config = PluginConfiguration(configuration)
       self.__ldap = LDAPServer.from_config(self.__config)
       attribute = self.__ldap.get_user_attribute('administrator')

class safeguard.sessions.plugin.ldap_server.LDAPServer(ldap_service, user_attribute_factory, user_groups_factory)

The LDAPServer represent access to the LDAP Server configured in SPS.

Do not instantiate LDAPServer service with its constructor, rather use the from_config() method.

Parameters:

• plugin_configuration – configuration to use
• section (str) – the section to get configuration options from
• ldap_service – reference to internal implementation

classmethod from_config(plugin_configuration, section='ldap_server', name=None)

The from_config() class method creates an LDAPServer instance from a given plugin configuration.

Parameters:

• plugin_configuration (PluginConfiguration) – plugin configuration object
• section (str) – name of the section where the LDAP parameters are stored
• name (str) – name of the LDAP server policy

Returns:

LDAPServer instance

Return type:

LDAPServer

Raises:

RequiredConfigurationSettingNotFound if there is no such section or “name” option in the section defined in the configuration.

get_user_string_attribute(username, attribute=None)

The get_user_string_attribute() method can retrieve a user’s string attribute from LDAP. Any string or numeric value that can be converted to a UTF-8 string will be returned. On the other hand binary data will trigger an error, for example a JPEG photo cannot be fetched this way.

Parameters:

• username (str) –
• attribute (str) –

Returns:

list of values in the attribute

Raises:

RequiredConfigurationSettingNotFound if the attribute parameter is None but there is no “user_attribute” defined in the configuration.

Raises:

LDAPUserNotFound if the user is not found in LDAP database.

Raises:

LDAPOperationError on other LDAP related errors.

filter_user_groups(username, groups=None)

The filter_user_groups() method can check whether a user is member of a list of predefined groups.

Parameters:

• username (str) –
• groups (list) –

Returns:

the input groups reduced to those groups that the user is actually a member of

Return type:

list

Raises:

RequiredConfigurationSettingNotFound if the groups parameter is None but there is no “user_groups” defined in the configuration.

Raises:

LDAPUserNotFound if the user is not found in LDAP database.

Raises:

LDAPOperationError on other LDAP related errors.

6.4.2. Exceptions

exception safeguard.sessions.plugin.ldap_server_exceptions.LDAPOperationError(message, variables=None)

The LDAPOperationError exception is raised when an LDAP error is detected.

exception safeguard.sessions.plugin.ldap_server_exceptions.LDAPUserNotFound(variables)

The LDAPUserNotFound exception is raised when a user is not found in the LDAP server.