Python LDAP Search

Question

I've been reading on how to search LDAP servers using Python, but Ive been stuck for hours and Im not sure why. This is my first time trying to use this sort of API.

Heres how I open the connection and try to search:

aims_server = '#####.com'
base_dn = 'cn=EMPLOYEES,cn=portal,cn=Groups,dc=Company,dc=com'
username = 'cn=admin,cn=users,dc=Company,dc=com'
password='#####'
directory=ldap.open(aims_server)
directory.simple_bind_s(username, password)

#retrieve the current members from group
old = {'uniquemember':attr['uniquemember']}

Then I purposely break the code so I can use the debugger and search using this:

>>> searchFilter = "cn=*"
>>> directory.search_s(base_dn,ldap.SCOPE_SUBTREE,searchFilter, retrieveAttributes)

Results:

[('cn=EMPLOYEES,cn=portal,cn=groups,dc=Company,dc=com', {'displayname': ['Employees'], 'description': ['Members of this group are employees. '], 'objectclass': ['top', 'groupOfUniqueNames', 'orclGroup'], 'orclisvisible': ['true'], 'owner': ['cn=portal_admin ,cn=users,dc=Company,dc=com', 'cn=portal,cn=users, dc=Company,dc=com'], 'uniquemember': ['cn=alan,cn=users,dc=Company,dc=com', 'cn=alan_r,cn=users,dc=Company,dc=com', ....

If I have a filter of "cn=*", it will bring back the dictionary above, but if I actually put anything in the searchFilter it will not bring back any results.

Does anybody have any insight? I'm wondering if I'm not searching deep enough in the directories?

EDIT

The best I can seem to get out of this is to change the settings to:

searchFilter = "cn=*"
retrieveAttributes = ["uniquemember"]

Then:

(cn, attr) = searcher.pop()

Returns:

{'uniquemember': ['cn=alan_t,cn=users,dc=company,dc=com','cn=alan_r,cn=users,dc=company....

It seems like it is trying to search a level too high, how would I go down another level to be searching the unique members?

I just want to search for their names!

Answer 1

I finally did it and it only took me over 5 hours.

Every time I messed around with a configuration I learnt a bit more but I basically had to try every combination to get it to work.

It turns out that I was probably being too specific with the base_dn, so I changed that to a higher level

base_dn = 'cn=users,dc=company,dc=com'

Then I realised that I couldnt search any lower than uniquemember, so that had to be the attribute I was returning

retrieveAttributes = ["uniquemember"]

This way, the filter works

searchFilter = "cn=aaron*"

It will then return:

[('[email protected],cn=Users,dc=company,dc=com', {})]

Although it does contain an empty object at the end, this still gives me the result Im looking for.

I hope this helps someone else when they are new to LDAP