OpenLDAP CRUD Operations in python
CRUD operations for openLDAP using python ldap3
Add, search, delete, modify operations in openLDAP server using python
OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol developed by the OpenLDAP Project.Many of the organizations that require OpenLDAP need it for mostly technical solutions. Due to its flexibility, IT and DevOps engineers are free to use it in a variety of ways
I have provided the steps for installation of openLDAP server and phpLDAPAdmin here.
LDAP directory service is based on a client-server model. One or more LDAP servers contain the data making up the directory information tree (DIT). The client connects to servers and asks it a question. The server responds with an answer and/or with a pointer to where the client can get additional information (typically, another LDAP server). No matter which LDAP server a client connects to, it sees the same view of the directory; a name presented to one LDAP server references the same entry it would at another LDAP server. This is an important feature of a global directory service, like LDAP.
ldap3 is a pure Python LDAP 3 client library strictly conforming to RFC4510 and is released under the LGPL v3 open source license. RFC4510 is the current LDAP specification (June 2006) from IETF and obsoletes the previous LDAP RFCs 2251, 2830, 3771 (December 1997).
ldap3 can be used with any Python version starting from 2.6, including all Python 3 versions. It also works with PyPy and PyPy3.
We will discuss how to create, read, update and delete users/groups from an openLDAP server using python’s ldap3 library
Install ldap3 library using pip
pip install ldap3
Bind a connection to LDAP server
The Bind operation allows credentials to be exchanged between the client and server to establish a new authorization state.
Search user/group data from open LDAP
The Search operation is used to request a server to return, subject to access controls and other restrictions, a set of entries matching a search filter. This can be used to read attributes from a single entry, from entries immediately subordinate to a particular entry, or from a whole subtree of entries
Create a new group in the openLDAP server
The Add operation allows a client to request the addition of an entry into the LDAP directory. The Add operation is used only for new entries, that is the dn must reference a non-existent object, but the parent objects must exist.
Add new user to the openLDAP server
Delete user from LDAP server
The Delete operation allows a client to request the removal of an entry from the LDAP directory.To perform a Delete operation you must specify the dn of the entry.
Update existing values of a user
The Modify operation allows a client to request the modification of an entry already present in the LDAP directory.To perform a Modify operation you must specify the dn of the entry and the kind of changes requested.
Add users to existing ldap groups or add multiple groups to existing users
For adding existing users to a ldap group, I found ldap v2 much easier than ldap3. Therefore publishing the code for ldapv2. ldapv2 accepts bytes as input values and all values are converted to bytes before calling add_s(synchronous call).