Access user source LDAP instance for search

Ignition
,
1

Hi all,
I want to make LDAP queries using the LDAP Helper object. I wanted to use the, already configured, UserSource instance from the Gateway context.
I was trying with something like:

from com.inductiveautomation.ignition.gateway import SRContext
context = SRContext.get()
profile = context.getUserSourceManager().getProfile("profilename")

the profile is an object of the type

com.inductiveautomation.ignition.gateway.authentication.UserSourceWrapper

from there I was hoping to find a LDAPHelper or something that could point to the LDAP client. But I can't find anything information regarding that.

Ignition version:7.9.18

Appreciate any help. Thanks

2

Did you make any progress on this? I am working down this path as well and looking for some help.

3

Hey, sorry for the long waiting.

I manage to re-implement a class based on the work done here. You probably need to adapt several parameters to match your config.

Let me know if this works for you.

from com.inductiveautomation.ignition.gateway.authentication.impl import LDAPHelper
from com.inductiveautomation.ignition.common.util import LoggerEx
#work from https://forum.inductiveautomation.com/t/ldap-attributes-access/39754/10
#user is https://docs.oracle.com/javase/7/docs/api/javax/naming/directory/SearchResult.html
# attibute is https://docs.oracle.com/javase/7/docs/api/javax/naming/directory/Attributes.html
class mySearchHandlerClass(LDAPHelper.SearchHandler):
    def __init__(self):
        self.ctx = None
        self.result = None
        self.results = []
        return
    def create(self, ctx, result):
        self.ctx = ctx
        self.result = result
        return self.result  
    def getNoun(self):
        return 'LDAP'
        

class LDAP(object):

    builder = LoggerEx.newBuilder()
    search_handler = mySearchHandlerClass()
    logger = builder.build('LDAP_INTEGRATION')
    
    PRIMARY_DOMAIN_CONTROLLER  = "Ahostname" 
    DC_PORT_PRIMARY = "1234"
    SECONDARY_DOMAIN_CONTROLLER = "Anotherhostname"
    DC_PORT_SECONDARY = "1235"
    
    ROLE_ID = "CN"
    ROLE_ATTR = "memberOf"
    USER_ATTR = "sAMAccountName"
    CONTACT_ATTR = ["mail","proxyAddresses","phone"]
    def __init__(self):
        self.instance = LDAPHelper(self.logger)
        
        self.instance.setLdapHost(self.PRIMARY_DOMAIN_CONTROLLER)
        self.instance.setLdapPort(self.DC_PORT_PRIMARY)
        self.instance.setSecondaryLdapHost(self.SECONDARY_DOMAIN_CONTROLLER)
        self.instance.setSecondaryLdapPort(self.DC_PORT_SECONDARY)
        self.instance.setUseSSL(True)
        self.instance.setProfileUsername(self.readCredentials()["gatewayuser"])
        self.instance.setProfilePassword(self.readCredentials()["password"])
        self.instance.setReadTimeout(60000)
        self.instance.setPageSize(1000)
    def getReadTimeout(self):
        return self.instance.getReadTimeout()
        
    def getUsers(self):
        query = "(&(objectClass=user)(!(objectClass=computer)))"
        attrs = [self.USER_ATTR,self.ROLE_ATTR]+self.CONTACT_ATTR
        base = ["OU=User OU, DC=example, DC=com"]
        
        results = self.instance.search(base, query, attrs,self.search_handler)
        return results
        
    def getUsersWithRole(self,role):
        query = "(&(objectClass=user)(memberOf="+self.ROLE_ID+"="+role.lower()+")(!(objectClass=computer)))"
        query = "(&(objectClass=user)(memberOf=*"+self.ROLE_ID+"="+role.lower()+"*)(!(objectClass=computer)))"
        attrs = [self.USER_ATTR,self.ROLE_ATTR]+self.CONTACT_ATTR
        base = ["OU=User OU, DC=example, DC=com"]
        
        results = self.instance.search(base, query, attrs,self.search_handler)
        return results

        
    def __enter__(self):
        return self
    def __exit__(self, exc_type, exc_value, traceback):
        pass
        
        
    def readCredentials(self):
        return shared.lz.ldap.credentials.key #this is a json {"gatewayuser": "john@doe", "password":"strongpassword"}
3 Likes