Analytics Vidhya
Published in

Analytics Vidhya

OpenLDAP CRUD Operations in python

CRUD operations for openLDAP using python ldap3

Add, search, delete, modify operations in openLDAP server using python

Photo by Paul Hanaoka on Unsplash


OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol developed by the OpenLDAP Project.Many of the organizations that require OpenLDAP need it for mostly technical solutions. Due to its flexibility, IT and DevOps engineers are free to use it in a variety of ways

I have provided the steps for installation of openLDAP server and phpLDAPAdmin here.

LDAP directory service is based on a client-server model. One or more LDAP servers contain the data making up the directory information tree (DIT). The client connects to servers and asks it a question. The server responds with an answer and/or with a pointer to where the client can get additional information (typically, another LDAP server). No matter which LDAP server a client connects to, it sees the same view of the directory; a name presented to one LDAP server references the same entry it would at another LDAP server. This is an important feature of a global directory service, like LDAP.

ldap3 is a pure Python LDAP 3 client library strictly conforming to RFC4510 and is released under the LGPL v3 open source license. RFC4510 is the current LDAP specification (June 2006) from IETF and obsoletes the previous LDAP RFCs 2251, 2830, 3771 (December 1997).

ldap3 can be used with any Python version starting from 2.6, including all Python 3 versions. It also works with PyPy and PyPy3.

We will discuss how to create, read, update and delete users/groups from an openLDAP server using python’s ldap3 library

Install ldap3 library using pip

pip install ldap3

Bind a connection to LDAP server

The Bind operation allows credentials to be exchanged between the client and server to establish a new authorization state.

Search user/group data from open LDAP

The Search operation is used to request a server to return, subject to access controls and other restrictions, a set of entries matching a search filter. This can be used to read attributes from a single entry, from entries immediately subordinate to a particular entry, or from a whole subtree of entries

Create a new group in the openLDAP server

The Add operation allows a client to request the addition of an entry into the LDAP directory. The Add operation is used only for new entries, that is the dn must reference a non-existent object, but the parent objects must exist.

Add new user to the openLDAP server

Delete user from LDAP server

The Delete operation allows a client to request the removal of an entry from the LDAP directory.To perform a Delete operation you must specify the dn of the entry.

Update existing values of a user

The Modify operation allows a client to request the modification of an entry already present in the LDAP directory.To perform a Modify operation you must specify the dn of the entry and the kind of changes requested.

Add users to existing ldap groups or add multiple groups to existing users

For adding existing users to a ldap group, I found ldap v2 much easier than ldap3. Therefore publishing the code for ldapv2. ldapv2 accepts bytes as input values and all values are converted to bytes before calling add_s(synchronous call).




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store