Python使用ldap3认证

一、安装ldap3模块（python版本为python3以上，Django=1.11.8）
pip install ldap3

二、相关代码

from ldap3 import Server, Connection, ALL, SUBTREE, ServerPool,ALL_ATTRIBUTES

LDAP_SERVER_POOL = ["AD_IP1", "AD_IP2"]
LDAP_SERVER_PORT = 389
ADMIN_DN = "administrator@domainname.com"
ADMIN_PASSWORD = "xxxxxxx"
SEARCH_BASE = "ou=Users,dc=domainname,dc=com"


def ldap_auth(username, password):
    ldap_server_pool = ServerPool(LDAP_SERVER_POOL)
    conn = Connection(ldap_server_pool, user=ADMIN_DN, password=ADMIN_PASSWORD, check_names=True, lazy=False, raise_exceptions=False)
    conn.open()
    conn.bind()

    res = conn.search(
        search_base = SEARCH_BASE,
        search_filter = '(sAMAccountName={})'.format(username),
        search_scope = SUBTREE,
        attributes = ['cn', 'givenName', 'mail', 'sAMAccountName','department','manager'],
        #ALL_ATTRIBUTES：获取所有属性值
        # attributes=ALL_ATTRIBUTES,
        paged_size = 5
    )

    if res:
        entry = conn.response[0]
        # print(entry)
        dn = entry['dn']
        attr_dict = entry['attributes']

        # check password by dn
        try:
            conn2 = Connection(ldap_server_pool, user=dn, password=password, check_names=True, lazy=False, raise_exceptions=False)
            conn2.bind()
            if conn2.result["description"] == "success":
                print((True,attr_dict["sAMAccountName"],password, attr_dict["mail"], attr_dict["cn"],attr_dict["department"], attr_dict["givenName"]))
                return (True, attr_dict["sAMAccountName"],password, attr_dict["mail"],attr_dict["cn"],attr_dict["department"],attr_dict["givenName"])
            else:
                print("auth fail")
                return (False, None, None, None)
        except Exception as e:
            print("auth fail")
            return (False, None, None, None)
    else:
        return (False, None, None, None)


if __name__ == "__main__":
    ldap_auth("administrator", "xxxxxxxx")

官方文档链接：
        https://ldap3.readthedocs.io/index.html