9.4. LDAPServer¶
The LDAPServer service implements retrieving a user attribute from preconfigured AD or unix LDAP servers.
9.4.1. Configuration example¶
[ldap_server]
# Name of the LDAP Server policy configured in SPS
; name = <ldap-server-policy-name>
# The LDAP attribute name which should be used.
# Note that this may be different from the displayed name of the
# attribute, especially in Microsoft Windows, for example
# "Office" attribute is encoded in "physicalDeliveryOfficeName".
user_attribute = description
9.4.1.1. Acquiring a user attribute¶
In this example we’ll use the following configuration to fetch the description attribute of the user administrator.
[ldap_server]
# Name of the LDAP Server policy configured in SPS
name = my_ad_policy
# The LDAP attribute name which should be used.
# Note that this may be different from the displayed name of the
# attribute, especially in Microsoft Windows, where for example
# "Office" attribute is encoded in "physicalDeliveryOfficeName".
user_attribute = description
from safeguard.sessions.plugin import PluginConfiguration
from safeguard.sessions.plugin import LDAPServer
class Plugin:
def __init__(self, configuration):
self.__config = PluginConfiguration(configuration)
self.__ldap = LDAPServer.from_config(self.__config)
attribute = self.__ldap.get_user_attribute('administrator')
-
class
safeguard.sessions.plugin.ldap_server.
LDAPServer
(ldap_service, user_attribute_factory, user_groups_factory)¶ The
LDAPServer
represent access to the LDAP Server configured in SPS.Do not instantiate LDAPServer service with its constructor, rather use the
from_config()
method.- Parameters
plugin_configuration – configuration to use
section (str) – the section to get configuration options from
ldap_service – reference to internal implementation
-
classmethod
from_config
(plugin_configuration, section='ldap_server', name=None)¶ The
from_config()
class method creates anLDAPServer
instance from a given plugin configuration.- Parameters
plugin_configuration (
PluginConfiguration
) – plugin configuration objectsection (str) – name of the section where the LDAP parameters are stored
name (str) – name of the LDAP server policy
- Returns
LDAPServer instance
- Return type
- Raises
RequiredConfigurationSettingNotFound
if there is no such section or “name” option in the section defined in the configuration.
-
get_user_string_attribute
(username, attribute=None)¶ The
get_user_string_attribute()
method can retrieve a user’s string attribute from LDAP. Any string or numeric value that can be converted to a UTF-8 string will be returned. On the other hand binary data will trigger an error, for example a JPEG photo cannot be fetched this way.- Parameters
username (str) –
attribute (str) –
- Returns
list of values in the attribute
- Raises
RequiredConfigurationSettingNotFound
if the attribute parameter is None but there is no “user_attribute” defined in the configuration.- Raises
LDAPUserNotFound
if the user is not found in LDAP database.- Raises
LDAPOperationError
on other LDAP related errors.
-
filter_user_groups
(username, groups=None)¶ The
filter_user_groups()
method can check whether a user is member of a list of predefined groups.- Parameters
username (str) –
groups (list) –
- Returns
the input groups reduced to those groups that the user is actually a member of
- Return type
list
- Raises
RequiredConfigurationSettingNotFound
if the groups parameter is None but there is no “user_groups” defined in the configuration.- Raises
LDAPUserNotFound
if the user is not found in LDAP database.- Raises
LDAPOperationError
on other LDAP related errors.
9.4.2. Exceptions¶
-
exception
safeguard.sessions.plugin.ldap_server_exceptions.
LDAPOperationError
(message, variables=None)¶ The
LDAPOperationError
exception is raised when an LDAP error is detected.
-
exception
safeguard.sessions.plugin.ldap_server_exceptions.
LDAPUserNotFound
(variables)¶ The
LDAPUserNotFound
exception is raised when a user is not found in the LDAP server.