6.3. CredentialStore
6.5. UserList
The LDAPServer service implements retrieving a user attribute from preconfigured AD or unix LDAP servers.
[ldap_server] # Name of the LDAP Server policy configured in SPS ; name = <ldap-server-policy-name> # The LDAP attribute name which should be used. # Note that this may be different from the displayed name of the # attribute, especially in Microsoft Windows, for example # "Office" attribute is encoded in "physicalDeliveryOfficeName". user_attribute = description
In this example we’ll use the following configuration to fetch the description attribute of the user administrator.
[ldap_server] # Name of the LDAP Server policy configured in SPS name = my_ad_policy # The LDAP attribute name which should be used. # Note that this may be different from the displayed name of the # attribute, especially in Microsoft Windows, where for example # "Office" attribute is encoded in "physicalDeliveryOfficeName". user_attribute = description
from safeguard.sessions.plugin import PluginConfiguration from safeguard.sessions.plugin import LDAPServer class Plugin: def __init__(self, configuration): self.__config = PluginConfiguration(configuration) self.__ldap = LDAPServer.from_config(self.__config) attribute = self.__ldap.get_user_attribute('administrator')
safeguard.sessions.plugin.ldap_server.
LDAPServer
The LDAPServer represent access to the LDAP Server configured in SPS.
Do not instantiate LDAPServer service with its constructor, rather use the from_config() method.
from_config()
from_config
The from_config() class method creates an LDAPServer instance from a given plugin configuration.
PluginConfiguration
LDAPServer instance
RequiredConfigurationSettingNotFound if there is no such section or “name” option in the section defined in the configuration.
RequiredConfigurationSettingNotFound
get_user_string_attribute
The get_user_string_attribute() method can retrieve a user’s string attribute from LDAP. Any string or numeric value that can be converted to a UTF-8 string will be returned. On the other hand binary data will trigger an error, for example a JPEG photo cannot be fetched this way.
get_user_string_attribute()
list of values in the attribute
RequiredConfigurationSettingNotFound if the attribute parameter is None but there is no “user_attribute” defined in the configuration.
LDAPUserNotFound if the user is not found in LDAP database.
LDAPUserNotFound
LDAPOperationError on other LDAP related errors.
LDAPOperationError
filter_user_groups
The filter_user_groups() method can check whether a user is member of a list of predefined groups.
filter_user_groups()
the input groups reduced to those groups that the user is actually a member of
list
RequiredConfigurationSettingNotFound if the groups parameter is None but there is no “user_groups” defined in the configuration.
safeguard.sessions.plugin.ldap_server_exceptions.
The LDAPOperationError exception is raised when an LDAP error is detected.
The LDAPUserNotFound exception is raised when a user is not found in the LDAP server.