ldap3.core package¶
Submodules¶
ldap3.core.connection module¶
-
class
ldap3.core.connection.
Connection
(server, user=None, password=None, auto_bind='DEFAULT', version=3, authentication=None, client_strategy='SYNC', auto_referrals=True, auto_range=True, sasl_mechanism=None, sasl_credentials=None, check_names=True, collect_usage=False, read_only=False, lazy=False, raise_exceptions=False, pool_name=None, pool_size=None, pool_lifetime=None, cred_store=None, fast_decoder=True, receive_timeout=None, return_empty_attributes=True, use_referral_cache=False, auto_escape=True, auto_encode=True, pool_keepalive=None)[source]¶ Bases:
object
Main ldap connection class.
Controls, if used, must be a list of tuples. Each tuple must have 3 elements, the control OID, a boolean meaning if the control is critical, a value.
If the boolean is set to True the server must honor the control or refuse the operation
Mixing controls must be defined in controls specification (as per RFC 4511)
Parameters: - server (Server, str) – the Server object to connect to
- user (str) – the user name for simple authentication
- password (str) – the password for simple authentication
- auto_bind (int, can be one of AUTO_BIND_DEFAULT, AUTO_BIND_NONE, AUTO_BIND_NO_TLS, AUTO_BIND_TLS_BEFORE_BIND, AUTO_BIND_TLS_AFTER_BIND as specified in ldap3) – specify if the bind will be performed automatically when defining the Connection object
- version (int) – LDAP version, default to 3
- authentication (int, can be one of AUTH_ANONYMOUS, AUTH_SIMPLE or AUTH_SASL, as specified in ldap3) – type of authentication
- client_strategy (can be one of STRATEGY_SYNC, STRATEGY_ASYNC_THREADED, STRATEGY_LDIF_PRODUCER, STRATEGY_SYNC_RESTARTABLE, STRATEGY_REUSABLE_THREADED as specified in ldap3) – communication strategy used in the Connection
- auto_referrals (bool) – specify if the connection object must automatically follow referrals
- sasl_mechanism (str) – mechanism for SASL authentication, can be one of ‘EXTERNAL’, ‘DIGEST-MD5’, ‘GSSAPI’, ‘PLAIN’
- sasl_credentials (tuple) – credentials for SASL mechanism
- check_names (bool) – if True the library will check names of attributes and object classes against the schema. Also values found in entries will be formatted as indicated by the schema
- collect_usage (bool) – collect usage metrics in the usage attribute
- read_only (bool) – disable operations that modify data in the LDAP server
- lazy (bool) – open and bind the connection only when an actual operation is performed
- raise_exceptions (bool) – raise exceptions when operations are not successful, if False operations return False if not successful but not raise exceptions
- pool_name (str) – pool name for pooled strategies
- pool_size (int) – pool size for pooled strategies
- pool_lifetime (int) – pool lifetime for pooled strategies
- cred_store (dict) – credential store for gssapi
- use_referral_cache (bool) – keep referral connections open and reuse them
- auto_escape – automatic escaping of filter values
- auto_encode – automatic encoding of attribute values
-
add
(dn, object_class=None, attributes=None, controls=None)[source]¶ Add dn to the DIT, object_class is None, a class name or a list of class names.
Attributes is a dictionary in the form ‘attr’: ‘val’ or ‘attr’: [‘val1’, ‘val2’, …] for multivalued attributes
-
bind
(read_server_info=True, controls=None)[source]¶ Bind to ldap Server with the authentication method and the user defined in the connection
Parameters: - read_server_info – reads info from server
- controls (list of tuple) – LDAP controls to send along with the bind operation
Returns: bool
-
entries
¶
-
extended
(request_name, request_value=None, controls=None, no_encode=None)[source]¶ Performs an extended operation
-
modify
(dn, changes, controls=None)[source]¶ Modify attributes of entry
- changes is a dictionary in the form {‘attribute1’: change), ‘attribute2’: [change, change, …], …}
- change is (operation, [value1, value2, …])
- operation is 0 (MODIFY_ADD), 1 (MODIFY_DELETE), 2 (MODIFY_REPLACE), 3 (MODIFY_INCREMENT)
-
modify_dn
(dn, relative_dn, delete_old_dn=True, new_superior=None, controls=None)[source]¶ Modify DN of the entry or performs a move of the entry in the DIT.
-
rebind
(user=None, password=None, authentication=None, sasl_mechanism=None, sasl_credentials=None, read_server_info=True, controls=None)[source]¶
-
response_to_json
(raw=False, search_result=None, indent=4, sort=True, stream=None, checked_attributes=True, include_empty=True)[source]¶
-
response_to_ldif
(search_result=None, all_base64=False, line_separator=None, sort_order=None, stream=None)[source]¶
-
search
(search_base, search_filter, search_scope='SUBTREE', dereference_aliases='ALWAYS', attributes=None, size_limit=0, time_limit=0, types_only=False, get_operational_attributes=False, controls=None, paged_size=None, paged_criticality=False, paged_cookie=None, auto_escape=None)[source]¶ Perform an ldap search:
- If attributes is empty noRFC2696 with the specified size
- If paged is 0 and cookie is present the search is abandoned on server attribute is returned
- If attributes is ALL_ATTRIBUTES all attributes are returned
- If paged_size is an int greater than 0 a simple paged search is tried as described in
- Cookie is an opaque string received in the last paged search and must be used on the next paged search response
- If lazy == True open and bind will be deferred until another LDAP operation is performed
- If mssing_attributes == True then an attribute not returned by the server is set to None
- If auto_escape is set it overrides the Connection auto_escape
-
stream
¶ Used by the LDIFProducer strategy to accumulate the ldif-change operations with a single LDIF header :return: reference to the response stream if defined in the strategy.
-
unbind
(controls=None)[source]¶ Unbind the connected user. Unbind implies closing session as per RFC4511 (4.3)
Parameters: controls – LDAP controls to send along with the bind operation
-
usage
¶ Usage statistics for the connection. :return: Usage object
ldap3.core.exceptions module¶
-
exception
ldap3.core.exceptions.
LDAPAdminLimitExceededResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPAffectMultipleDSASResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPAliasDereferencingProblemResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPAliasProblemResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPAssertionFailedResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPAttributeError
[source]¶ Bases:
ldap3.core.exceptions.LDAPExceptionError
,exceptions.ValueError
,exceptions.TypeError
-
exception
ldap3.core.exceptions.
LDAPAttributeOrValueExistsResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPAuthMethodNotSupportedResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPAuthorizationDeniedResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPBusyResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPCanceledResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPCannotCancelResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPChangeError
[source]¶ Bases:
ldap3.core.exceptions.LDAPExceptionError
,exceptions.ValueError
-
exception
ldap3.core.exceptions.
LDAPConfidentialityRequiredResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPConstraintViolationResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPControlError
[source]¶ Bases:
ldap3.core.exceptions.LDAPExceptionError
,exceptions.ValueError
-
exception
ldap3.core.exceptions.
LDAPESyncRefreshRequiredResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPEntryAlreadyExistsResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPExtensionError
[source]¶ Bases:
ldap3.core.exceptions.LDAPExceptionError
,exceptions.ValueError
-
exception
ldap3.core.exceptions.
LDAPInappropriateAuthenticationResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPInappropriateMatchingResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPInsufficientAccessRightsResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPInvalidAttributeSyntaxResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPInvalidCredentialsResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPInvalidDNSyntaxResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPInvalidDereferenceAliasesError
[source]¶ Bases:
ldap3.core.exceptions.LDAPExceptionError
,exceptions.ValueError
-
exception
ldap3.core.exceptions.
LDAPInvalidHashAlgorithmError
[source]¶ Bases:
ldap3.core.exceptions.LDAPExceptionError
,exceptions.ValueError
-
exception
ldap3.core.exceptions.
LDAPInvalidScopeError
[source]¶ Bases:
ldap3.core.exceptions.LDAPExceptionError
,exceptions.ValueError
-
exception
ldap3.core.exceptions.
LDAPInvalidValueError
[source]¶ Bases:
ldap3.core.exceptions.LDAPExceptionError
,exceptions.ValueError
-
exception
ldap3.core.exceptions.
LDAPKeyError
[source]¶ Bases:
ldap3.core.exceptions.LDAPExceptionError
,exceptions.KeyError
,exceptions.AttributeError
-
exception
ldap3.core.exceptions.
LDAPLCUPInvalidDataResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPLCUPReloadRequiredResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPLCUPResourcesExhaustedResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPLCUPSecurityViolationResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPLCUPUnsupportedSchemeResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPLoopDetectedResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPNamingViolationResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPNoSuchAttributeResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPNoSuchObjectResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPNoSuchOperationResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPNotAllowedOnNotLeafResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPNotAllowedOnRDNResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPObjectClassModsProhibitedResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPObjectClassViolationResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPObjectError
[source]¶ Bases:
ldap3.core.exceptions.LDAPExceptionError
,exceptions.ValueError
-
exception
ldap3.core.exceptions.
LDAPOperationResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPOperationsErrorResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPOtherResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
Bases:
ldap3.core.exceptions.LDAPConfigurationError
,exceptions.ImportError
-
exception
ldap3.core.exceptions.
LDAPProtocolErrorResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPReferralResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPSASLBindInProgressResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPSSLNotSupportedError
[source]¶ Bases:
ldap3.core.exceptions.LDAPExceptionError
,exceptions.ImportError
-
exception
ldap3.core.exceptions.
LDAPSizeLimitExceededResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPSocketReceiveError
[source]¶ Bases:
ldap3.core.exceptions.LDAPCommunicationError
,socket.error
-
exception
ldap3.core.exceptions.
LDAPSocketSendError
[source]¶ Bases:
ldap3.core.exceptions.LDAPCommunicationError
,socket.error
-
exception
ldap3.core.exceptions.
LDAPStrongerAuthRequiredResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPTimeLimitExceededResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPTooLateResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPUndefinedAttributeTypeResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
-
exception
ldap3.core.exceptions.
LDAPUnwillingToPerformResult
(result=None, description=None, dn=None, message=None, response_type=None, response=None)[source]¶
ldap3.core.pooling module¶
-
class
ldap3.core.pooling.
ServerPool
(servers=None, pool_strategy='ROUND_ROBIN', active=True, exhaust=False)[source]¶ Bases:
object
ldap3.core.results module¶
ldap3.core.server module¶
-
class
ldap3.core.server.
Server
(host, port=None, use_ssl=False, allowed_referral_hosts=None, get_info='SCHEMA', tls=None, formatter=None, connect_timeout=None, mode='IP_V6_PREFERRED', validator=None)[source]¶ Bases:
object
LDAP Server definition class
Allowed_referral_hosts can be None (default), or a list of tuples of allowed servers ip address or names to contact while redirecting search to referrals.
The second element of the tuple is a boolean to indicate if authentication to that server is allowed; if False only anonymous bind will be used.
Per RFC 4516. Use [(‘*’, False)] to allow any host with anonymous bind, use [(‘*’, True)] to allow any host with same authentication of Server.
-
address_info
¶
-
check_availability
()[source]¶ Tries to open, connect and close a socket to specified address and port to check availability. Timeout in seconds is specified in CHECK_AVAILABITY_TIMEOUT if not specified in the Server object
-
static
from_definition
(host, dsa_info, dsa_schema, port=None, use_ssl=False, formatter=None, validator=None)[source]¶ Define a dummy server with preloaded schema and info :param host: host name :param dsa_info: DsaInfo preloaded object or a json formatted string or a file name :param dsa_schema: SchemaInfo preloaded object or a json formatted string or a file name :param port: dummy port :param use_ssl: use_ssl :param formatter: custom formatter :return: Server object
-
info
¶
-
schema
¶
-
ldap3.core.timezone module¶
ldap3.core.tls module¶
-
class
ldap3.core.tls.
Tls
(local_private_key_file=None, local_certificate_file=None, validate=0, version=None, ca_certs_file=None, valid_names=None, ca_certs_path=None, ca_certs_data=None, local_private_key_password=None, ciphers=None, sni=None)[source]¶ Bases:
object
tls/ssl configuration for Server object Starting from python 2.7.9 and python 3.4 uses the SSLContext object that tries to read the CAs defined at system level ca_certs_path and ca_certs_data are valid only when using SSLContext local_private_key_password is valid only when using SSLContext sni is the server name for Server Name Indication (when available)