CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

tessl/pypi-ldap3

tessl install tessl/pypi-ldap3@1.4.0

A strictly RFC 4510 conforming LDAP V3 pure Python client library

Agent Success

Agent success rate when using this tile

81%

Improvement

Agent success rate improvement when using this tile compared to baseline

1.08x

Baseline

Agent success rate without this tile

75%

task.mdevals/scenario-4/

Active Directory and eDirectory Vendor Tools

A Python helper module that wraps vendor-specific directory extensions to handle incremental Active Directory syncs and privileged eDirectory operations without falling back to generic LDAP primitives.

Capabilities

Incremental Active Directory sync

  • A first sync over a subtree returns all matching entries along with a continuation token that can be reused on the next call. @test
  • A follow-up sync that supplies a previous token yields only entries changed after that token and returns an updated token for the next run. @test

Active Directory password rotation

  • Changing a user's password through the vendor-specific password change extension succeeds for an admin caller and for a self-service caller when the current password is provided. @test

eDirectory universal password maintenance

  • Setting a user's universal password through the vendor-specific extension succeeds and the stored value can be retrieved for verification by a privileged caller. @test

eDirectory bulk group membership repair

  • Adding multiple users to multiple groups in one operation succeeds, repairs missing backlinks when asked to fix inconsistencies, and reports the per-group status. @test

Implementation

@generates

API

from typing import Dict, List, Optional, Tuple

def fetch_ad_changes(
    server_uri: str,
    bind_dn: str,
    password: str,
    base_dn: str,
    filter: str,
    attributes: Optional[List[str]] = None,
    continuation_token: Optional[bytes] = None,
    include_security: bool = False,
    parents_first: bool = True,
) -> Dict[str, object]:
    """
    Perform an incremental Active Directory sync using the server's vendor-specific delta sync extension.

    Returns a mapping with:
    - 'entries': list of records shaped as {'dn': str, 'attributes': dict, 'change_type': 'add'|'modify'|'delete'}
    - 'token': opaque bytes continuation token (or None when no further pages exist)
    """

def rotate_ad_password(
    server_uri: str,
    caller_dn: str,
    caller_password: str,
    target_dn: str,
    new_password: str,
    current_password: Optional[str] = None,
) -> bool:
    """
    Change an Active Directory user's password through the vendor-specific password change extension.
    Supports both administrative resets and self-service changes when the current password is supplied.
    """

def set_edirectory_universal_password(
    server_uri: str,
    admin_dn: str,
    admin_password: str,
    user_dn: str,
    new_password: str,
) -> bool:
    """
    Set a user's universal password using the eDirectory-specific extension.
    """

def bulk_add_edirectory_group_members(
    server_uri: str,
    admin_dn: str,
    admin_password: str,
    members: List[str],
    groups: List[str],
    fix_inconsistencies: bool = True,
    transactional: bool = True,
) -> Dict[str, object]:
    """
    Add multiple members to multiple groups through the eDirectory bulk membership extension.
    Returns a mapping shaped as {'groups': {group_dn: {'added': [members], 'skipped': [members]}}, 'fixed_inconsistencies': bool}.
    """

Dependencies { .dependencies }

ldap3 { .dependency }

Provides vendor-specific Active Directory and eDirectory operations.

Version

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
pypipkg:pypi/ldap3@1.4.x

evals

scenario-4

rubric.jsontask.md
tile.json