tessl/pypi-ldap3
A strictly RFC 4510 conforming LDAP V3 pure Python client library
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-ldap3@1.4.0index.mddocs/
LDAP3
A strictly RFC 4510 conforming LDAP V3 pure Python client library that works across Python 2, Python 3, PyPy, PyPy3, and Nuikta. LDAP3 provides comprehensive LDAP directory services interaction capabilities with support for synchronous and asynchronous operations, various authentication methods, server pooling, and an abstraction layer for simplified programming.
Package Information
- Package Name: ldap3
- Language: Python
- Installation:
pip install ldap3 - Version: 1.4.0
- License: LGPL v3
Core Imports
import ldap3Common import patterns:
from ldap3 import Server, Connection, ALL, SUBTREEImport authentication and strategy constants:
from ldap3 import SIMPLE, SASL, SYNC, ASYNC, AUTO_BIND_NO_TLSImport additional classes and utilities:
from ldap3 import Tls, ServerPool, DsaInfo, SchemaInfo
from ldap3 import ObjectDef, AttrDef, Entry, Reader, Attribute, OperationalAttributeImport exceptions for error handling:
from ldap3 import (LDAPException, LDAPBindError, LDAPInvalidCredentialsResult,
LDAPInsufficientAccessRightsResult, LDAPCommunicationError)Basic Usage
import ldap3
# Create server and connection
server = ldap3.Server('ldap://ldap.example.com', get_info=ldap3.ALL)
conn = ldap3.Connection(server, 'cn=admin,dc=example,dc=com', 'password', auto_bind=True)
# Perform a search
conn.search('dc=example,dc=com', '(objectClass=person)', attributes=['cn', 'mail'])
# Access results
for entry in conn.entries:
print(f"Name: {entry.cn}, Email: {entry.mail}")
# Add an entry
conn.add('cn=newuser,dc=example,dc=com',
object_class=['inetOrgPerson'],
attributes={'cn': 'New User', 'sn': 'User', 'mail': 'newuser@example.com'})
# Modify an entry
conn.modify('cn=newuser,dc=example,dc=com', {'mail': [(ldap3.MODIFY_REPLACE, 'updated@example.com')]})
# Delete an entry
conn.delete('cn=newuser,dc=example,dc=com')
# Close connection
conn.unbind()Architecture
LDAP3 provides a layered architecture:
- Connection Layer: Server definitions, connection management, pooling, and TLS/SSL support
- Operation Layer: Core LDAP operations (bind, search, add, modify, delete) with multiple client strategies
- Protocol Layer: RFC-compliant LDAP protocol implementation with extensible controls and operations
- Abstract Layer: High-level ORM-like interface for easier entry and attribute manipulation
- Extension Layer: Extended operations for specific LDAP server implementations (Microsoft AD, Novell eDirectory)
This design enables both low-level protocol control and high-level abstraction, making it suitable for everything from simple directory queries to complex enterprise LDAP applications.
Capabilities
Core Connection and Server Management
Server definition, connection establishment, authentication methods, TLS/SSL configuration, server pooling for high availability, and connection strategies for different use cases.
class Server:
def __init__(self, host, port=None, use_ssl=False, allowed_referral_hosts=None,
get_info=NONE, tls=None, formatter=None, connect_timeout=None,
mode=IP_V6_PREFERRED): ...
class Connection:
def __init__(self, server, user=None, password=None, auto_bind=AUTO_BIND_NONE,
version=3, authentication=None, client_strategy=SYNC,
auto_referrals=True, auto_range=False, sasl_mechanism=None,
sasl_credentials=None, check_names=True, collect_usage=False,
read_only=False, lazy=False, raise_exceptions=False,
pool_name=None, pool_size=None, pool_lifetime=None,
fast_decoder=True, receive_timeout=None,
return_empty_attributes=False): ...
def bind(self, user=None, password=None, sasl_mechanism=None, sasl_credentials=None): ...
def unbind(self, controls=None): ...
def rebind(self, user=None, password=None, authentication=None, sasl_mechanism=None, sasl_credentials=None): ...
def extended(self, request_name, request_value=None, controls=None, no_encode=None): ...
@property
def entries(self): ...
@property
def stream(self): ...
class ServerPool:
def __init__(self, servers=None, pool_strategy=ROUND_ROBIN, active=True, exhaust=False): ...Core Connection and Server Management
LDAP Operations
All standard LDAP operations including search, add, modify, delete, compare, and abandon operations with full control support and multiple response formats.
# Core LDAP operations on Connection class
def search(self, search_base, search_filter, search_scope=SUBTREE,
dereference_aliases=DEREF_ALWAYS, attributes=None, size_limit=0,
time_limit=0, types_only=False, get_operational_attributes=False,
controls=None, paged_size=None, paged_criticality=False,
paged_cookie=None): ...
def add(self, dn, object_class=None, attributes=None, controls=None): ...
def delete(self, dn, controls=None): ...
def modify(self, dn, changes, controls=None): ...
def modify_dn(self, dn, relative_dn, delete_old_dn=True, new_superior=None, controls=None): ...
def compare(self, dn, attribute, value, controls=None): ...Abstract Layer
High-level ORM-like interface with object definitions, attribute definitions, entry objects, and reader classes for simplified LDAP programming.
class ObjectDef:
def __init__(self, object_class=None): ...
class AttrDef:
def __init__(self, name, key=None, validate=None, pre_query=None, post_query=None,
default=NotImplemented, dereference_dn=None, description=None): ...
class Entry:
def __init__(self, dn, reader): ...
def entry_get_dn(self): ...
def entry_to_json(self): ...
def entry_to_ldif(self): ...
class Reader:
def __init__(self, connection, object_def, query, base, components_in_and=True,
sub_tree=True, get_operational_attributes=False, controls=None): ...
def search(self): ...Extended Operations
Extended operations for specific LDAP server implementations including Microsoft Active Directory, Novell eDirectory, and standard RFC extensions.
# Standard extended operations (connection.extend.standard)
def who_am_i(self, controls=None): ...
def modify_password(self, user, old_password, new_password, hash_algorithm=None,
salt=None, controls=None): ...
# Microsoft AD extended operations (connection.extend.microsoft)
def dir_sync(self, sync_base, sync_filter, sync_attributes=None, cookie=None,
object_security=False, ancestors_first=False, public_data_only=False,
incremental_values=False, max_length=2147483647, hex_guid=False, controls=None): ...
# Novell eDirectory extended operations (connection.extend.novell)
def get_bind_dn(self, controls=None): ...
def start_transaction(self, controls=None): ...
def end_transaction(self, commit=True, controls=None): ...Configuration and Utilities
Configuration parameters, constants, exception handling, utility functions, and protocol information classes.
def get_config_parameter(parameter): ...
def set_config_parameter(parameter, value): ...
class DsaInfo:
def __init__(self, attributes, raw_attributes): ...
@staticmethod
def from_json(json_info): ...
class SchemaInfo:
def __init__(self, schema_dn, attributes, raw_attributes): ...
@staticmethod
def from_json(json_schema): ...Constants
Authentication Methods
ANONYMOUS- Anonymous authenticationSIMPLE- Simple bind authenticationSASL- SASL authenticationNTLM- NTLM authentication
Client Strategies
SYNC- Synchronous strategyASYNC- Asynchronous strategyLDIF- LDIF producer strategyRESTARTABLE- Restartable strategyREUSABLE- Reusable threaded strategy
Search Scopes
BASE- Base object scopeLEVEL- Single level scopeSUBTREE- Whole subtree scope
Modify Operations
MODIFY_ADD- Add attribute valuesMODIFY_DELETE- Delete attribute valuesMODIFY_REPLACE- Replace attribute valuesMODIFY_INCREMENT- Increment attribute values
Auto-bind Options
AUTO_BIND_NONE- No auto-bindingAUTO_BIND_NO_TLS- Auto-bind without TLSAUTO_BIND_TLS_BEFORE_BIND- Start TLS before bindingAUTO_BIND_TLS_AFTER_BIND- Start TLS after binding
Exception Hierarchy
class LDAPException(Exception): ...
# Configuration exceptions
class LDAPConfigurationError(LDAPException): ...
class LDAPDefinitionError(LDAPException): ...
# Connection exceptions
class LDAPBindError(LDAPException): ...
class LDAPInvalidServerError(LDAPException): ...
class LDAPCommunicationError(LDAPException): ...
# Operation result exceptions
class LDAPOperationResult(LDAPException): ...
class LDAPInvalidCredentialsResult(LDAPOperationResult): ...
class LDAPInsufficientAccessRightsResult(LDAPOperationResult): ...