Hi all,
I want to make LDAP queries using the LDAP Helper object. I wanted to use the, already configured, UserSource instance from the Gateway context.
I was trying with something like:
from com.inductiveautomation.ignition.gateway import SRContext
context = SRContext.get()
profile = context.getUserSourceManager().getProfile("profilename")
the profile is an object of the type
com.inductiveautomation.ignition.gateway.authentication.UserSourceWrapper
from there I was hoping to find a LDAPHelper or something that could point to the LDAP client. But I can't find anything information regarding that.
Ignition version:7.9.18
Appreciate any help. Thanks
DNice
March 6, 2023, 6:43pm
2
Did you make any progress on this? I am working down this path as well and looking for some help.
Hey, sorry for the long waiting.
I manage to re-implement a class based on the work done here . You probably need to adapt several parameters to match your config.
Let me know if this works for you.
from com.inductiveautomation.ignition.gateway.authentication.impl import LDAPHelper
from com.inductiveautomation.ignition.common.util import LoggerEx
#work from https://forum.inductiveautomation.com/t/ldap-attributes-access/39754/10
#user is https://docs.oracle.com/javase/7/docs/api/javax/naming/directory/SearchResult.html
# attibute is https://docs.oracle.com/javase/7/docs/api/javax/naming/directory/Attributes.html
class mySearchHandlerClass(LDAPHelper.SearchHandler):
def __init__(self):
self.ctx = None
self.result = None
self.results = []
return
def create(self, ctx, result):
self.ctx = ctx
self.result = result
return self.result
def getNoun(self):
return 'LDAP'
class LDAP(object):
builder = LoggerEx.newBuilder()
search_handler = mySearchHandlerClass()
logger = builder.build('LDAP_INTEGRATION')
PRIMARY_DOMAIN_CONTROLLER = "Ahostname"
DC_PORT_PRIMARY = "1234"
SECONDARY_DOMAIN_CONTROLLER = "Anotherhostname"
DC_PORT_SECONDARY = "1235"
ROLE_ID = "CN"
ROLE_ATTR = "memberOf"
USER_ATTR = "sAMAccountName"
CONTACT_ATTR = ["mail","proxyAddresses","phone"]
def __init__(self):
self.instance = LDAPHelper(self.logger)
self.instance.setLdapHost(self.PRIMARY_DOMAIN_CONTROLLER)
self.instance.setLdapPort(self.DC_PORT_PRIMARY)
self.instance.setSecondaryLdapHost(self.SECONDARY_DOMAIN_CONTROLLER)
self.instance.setSecondaryLdapPort(self.DC_PORT_SECONDARY)
self.instance.setUseSSL(True)
self.instance.setProfileUsername(self.readCredentials()["gatewayuser"])
self.instance.setProfilePassword(self.readCredentials()["password"])
self.instance.setReadTimeout(60000)
self.instance.setPageSize(1000)
def getReadTimeout(self):
return self.instance.getReadTimeout()
def getUsers(self):
query = "(&(objectClass=user)(!(objectClass=computer)))"
attrs = [self.USER_ATTR,self.ROLE_ATTR]+self.CONTACT_ATTR
base = ["OU=User OU, DC=example, DC=com"]
results = self.instance.search(base, query, attrs,self.search_handler)
return results
def getUsersWithRole(self,role):
query = "(&(objectClass=user)(memberOf="+self.ROLE_ID+"="+role.lower()+")(!(objectClass=computer)))"
query = "(&(objectClass=user)(memberOf=*"+self.ROLE_ID+"="+role.lower()+"*)(!(objectClass=computer)))"
attrs = [self.USER_ATTR,self.ROLE_ATTR]+self.CONTACT_ATTR
base = ["OU=User OU, DC=example, DC=com"]
results = self.instance.search(base, query, attrs,self.search_handler)
return results
def __enter__(self):
return self
def __exit__(self, exc_type, exc_value, traceback):
pass
def readCredentials(self):
return shared.lz.ldap.credentials.key #this is a json {"gatewayuser": "john@doe", "password":"strongpassword"}
3 Likes