#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    1
    Rep Power
    0

    LDAP Scripting Question


    Team,

    I am by no means a programmer but I am trying to learn how to use Python at my current job. We have a DLP solution that receives network traffic from our web proxies and presents us with incidents that consist of a sender IP address and other things. User authentication is not being passed by the proxies so I need to determine a way to convert the sender IP address to a hostname and then through LDAP, pull back custom attributes (First Name, Last Name, Manager).

    Our systems are running on RHEL 5.9 and have Python 2.4 installed. I've created the following script so far but it's only presenting me with the hostname of the server that the script is installed on. Afterwards, I still have no idea how to even query Active Directory for additional LDAP attributes.

    Code:
    #hostlookup.py
     ## This is a simple Python script to convert an incoming argument into a Fully-qualified hostname
     ## Modified for specific Vontu-DLP use to strip out incoming sender-ip= argument
    
    import sys, socket, string
     
    for args in [item.strip('sender-ip=') for item in sys.argv[1:]]:
      #this takes the passed arguments and performs the IP -> FQDN lookup
      fullhostname_dc = socket.getfqdn(args)
      #If you prefer/need Shortname over FQDN, comment out the next line and uncomment out the last two lines
      #print 'host-name={}'%s(fullhostname_dc)
      
      #Now we take the Full hostname and break it down into segments for shortname and output the short hostname
      hostname_dc = fullhostname_dc.split('.', 1)[0]
      print 'host-name={}'%s(hostname_dc)
    I am still researching how to further build this script but does anyone have any input on the current code as well as how to tie into Active Directory/LDAP?

    Thank you all in advance
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2013
    Location
    Usually Japan when not on contract
    Posts
    240
    Rep Power
    12
    I'm not sure how current this is (looks like most recent activity was this year, though), but you might want to check out [Python-LDAP]. Parsing the output of an LDAP directory sort of sucks to do manually, so its easier to use a library like this that already returns the entries as a list of entry objects and can query the server's schema to form itself properly.

    Here is a link to[the docs].
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2010
    Posts
    153
    Rep Power
    5
    Yes, python-ldap works great (apart from that it's not python3 compatible yet). I've used it to authenticate users against eDirectory and Active Directory. It takes some fiddling, but it's not terribly difficult, and you can find a lot of example code online if you search "python-ldap active directory". The only difficult part is learning some ldap syntax and concepts, which AD hides behind a curtain somewhat (though less now than it used to).
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    9
    Rep Power
    0
    Originally Posted by admoore
    Yes, python-ldap works great.
    Agree!

IMN logo majestic logo threadwatch logo seochat tools logo