PLOW stands for python-ldap object wrapper. As the name implies, it provides an object wrapper around the python-ldap lib for simpler usage.
Features:
- Results paging
- Attribute ranges handled for large attribute lists
- Automatic reconnection
- Atomic changes (deletes old value explicitely)
- Smarter modlist generation than ldap.modlist.modifyModlist. Much more efficient when updating group membership or other attributes that could have large number of values.
from plow.ldapadaptor import LdapAdaptor
from plow.ldapclass import LdapType
srv = LdapAdaptor(
'ldaps://localhost',
base_dn='dc=example,dc=com',
bind_user='cn=manager,dc=example,dc=com',
bind_password='password',
)
User = LdapType.from_config("User", {
"rdn" : "uid",
"uid" : "uid",
"objectClass" : "inetOrgPerson",
"attributes" : {
"name" : {
"attribute" : "givenName",
}
}
})
Group = LdapType.from_config("Group", {
"rdn" : "cn",
"uid" : "cn",
"objectClass" : "posixGroup",
"attributes" : {
"members" : {
"relation" : "member",
"attribute" : "memberUid",
"remote_attribute" : "uid",
}
}
})
OU = LdapType.fromConfig("OU", {
"rdn" : "ou",
"objectClass" : "organizationalUnit",
"structural" : True,
"attributes" : {},
})
user = User.get(uid='veloutin', la=srv)
print "What's my name?", user.name
group = Group.get(uid='employees', la=srv)
if user not in group.members:
group.members.add(user)
group.save()
base = OU.get("ou=People", la=srv, addbase=True)
print user in base