Table Of Contents

Previous topic

6.3. CredentialStore

Next topic

6.5. UserList

6.4. LDAPServer

The LDAPServer service implements retrieving a user attribute from preconfigured AD or unix LDAP servers.

6.4.1. Configuration example

[ldap_server]
# Name of the LDAP Server policy configured in SPS
; name = <ldap-server-policy-name>

# The LDAP attribute name which should be used.
# Note that this may be different from the displayed name of the
# attribute, especially in Microsoft Windows, for example
# "Office" attribute is encoded in "physicalDeliveryOfficeName".
user_attribute = description

6.4.1.1. Acquiring a user attribute

In this example we’ll use the following configuration to fetch the description attribute of the user administrator.

[ldap_server]
# Name of the LDAP Server policy configured in SPS
name = my_ad_policy

# The LDAP attribute name which should be used.
# Note that this may be different from the displayed name of the
# attribute, especially in Microsoft Windows, where for example
# "Office" attribute is encoded in "physicalDeliveryOfficeName".
user_attribute = description
from safeguard.sessions.plugin import PluginConfiguration
from safeguard.sessions.plugin import LDAPServer

class Plugin:
   def __init__(self, configuration):
       self.__config = PluginConfiguration(configuration)
       self.__ldap = LDAPServer.from_config(self.__config)
       attribute = self.__ldap.get_user_attribute('administrator')
class safeguard.sessions.plugin.ldap_server.LDAPServer(ldap_service, user_attribute_factory, user_groups_factory)

The LDAPServer represent access to the LDAP Server configured in SPS.

Do not instantiate LDAPServer service with its constructor, rather use the from_config() method.

Parameters:
  • plugin_configuration – configuration to use
  • section (str) – the section to get configuration options from
  • ldap_service – reference to internal implementation
classmethod from_config(plugin_configuration, section='ldap_server', name=None)

The from_config() class method creates an LDAPServer instance from a given plugin configuration.

Parameters:
  • plugin_configuration (PluginConfiguration) – plugin configuration object
  • section (str) – name of the section where the LDAP parameters are stored
  • name (str) – name of the LDAP server policy
Returns:

LDAPServer instance

Return type:

LDAPServer

Raises:

RequiredConfigurationSettingNotFound if there is no such section or “name” option in the section defined in the configuration.

get_user_string_attribute(username, attribute=None)

The get_user_string_attribute() method can retrieve a user’s string attribute from LDAP. Any string or numeric value that can be converted to a UTF-8 string will be returned. On the other hand binary data will trigger an error, for example a JPEG photo cannot be fetched this way.

Parameters:
  • username (str) –
  • attribute (str) –
Returns:

list of values in the attribute

Raises:

RequiredConfigurationSettingNotFound if the attribute parameter is None but there is no “user_attribute” defined in the configuration.

Raises:

LDAPUserNotFound if the user is not found in LDAP database.

Raises:

LDAPOperationError on other LDAP related errors.

filter_user_groups(username, groups=None)

The filter_user_groups() method can check whether a user is member of a list of predefined groups.

Parameters:
  • username (str) –
  • groups (list) –
Returns:

the input groups reduced to those groups that the user is actually a member of

Return type:

list

Raises:

RequiredConfigurationSettingNotFound if the groups parameter is None but there is no “user_groups” defined in the configuration.

Raises:

LDAPUserNotFound if the user is not found in LDAP database.

Raises:

LDAPOperationError on other LDAP related errors.

6.4.2. Exceptions

exception safeguard.sessions.plugin.ldap_server_exceptions.LDAPOperationError(message, variables=None)

The LDAPOperationError exception is raised when an LDAP error is detected.

exception safeguard.sessions.plugin.ldap_server_exceptions.LDAPUserNotFound(variables)

The LDAPUserNotFound exception is raised when a user is not found in the LDAP server.