Hey, sorry for the long waiting.
I manage to re-implement a class based on the work done here. You probably need to adapt several parameters to match your config.
Let me know if this works for you.
from com.inductiveautomation.ignition.gateway.authentication.impl import LDAPHelper
from com.inductiveautomation.ignition.common.util import LoggerEx
#work from https://forum.inductiveautomation.com/t/ldap-attributes-access/39754/10
#user is https://docs.oracle.com/javase/7/docs/api/javax/naming/directory/SearchResult.html
# attibute is https://docs.oracle.com/javase/7/docs/api/javax/naming/directory/Attributes.html
class mySearchHandlerClass(LDAPHelper.SearchHandler):
def __init__(self):
self.ctx = None
self.result = None
self.results = []
return
def create(self, ctx, result):
self.ctx = ctx
self.result = result
return self.result
def getNoun(self):
return 'LDAP'
class LDAP(object):
builder = LoggerEx.newBuilder()
search_handler = mySearchHandlerClass()
logger = builder.build('LDAP_INTEGRATION')
PRIMARY_DOMAIN_CONTROLLER = "Ahostname"
DC_PORT_PRIMARY = "1234"
SECONDARY_DOMAIN_CONTROLLER = "Anotherhostname"
DC_PORT_SECONDARY = "1235"
ROLE_ID = "CN"
ROLE_ATTR = "memberOf"
USER_ATTR = "sAMAccountName"
CONTACT_ATTR = ["mail","proxyAddresses","phone"]
def __init__(self):
self.instance = LDAPHelper(self.logger)
self.instance.setLdapHost(self.PRIMARY_DOMAIN_CONTROLLER)
self.instance.setLdapPort(self.DC_PORT_PRIMARY)
self.instance.setSecondaryLdapHost(self.SECONDARY_DOMAIN_CONTROLLER)
self.instance.setSecondaryLdapPort(self.DC_PORT_SECONDARY)
self.instance.setUseSSL(True)
self.instance.setProfileUsername(self.readCredentials()["gatewayuser"])
self.instance.setProfilePassword(self.readCredentials()["password"])
self.instance.setReadTimeout(60000)
self.instance.setPageSize(1000)
def getReadTimeout(self):
return self.instance.getReadTimeout()
def getUsers(self):
query = "(&(objectClass=user)(!(objectClass=computer)))"
attrs = [self.USER_ATTR,self.ROLE_ATTR]+self.CONTACT_ATTR
base = ["OU=User OU, DC=example, DC=com"]
results = self.instance.search(base, query, attrs,self.search_handler)
return results
def getUsersWithRole(self,role):
query = "(&(objectClass=user)(memberOf="+self.ROLE_ID+"="+role.lower()+")(!(objectClass=computer)))"
query = "(&(objectClass=user)(memberOf=*"+self.ROLE_ID+"="+role.lower()+"*)(!(objectClass=computer)))"
attrs = [self.USER_ATTR,self.ROLE_ATTR]+self.CONTACT_ATTR
base = ["OU=User OU, DC=example, DC=com"]
results = self.instance.search(base, query, attrs,self.search_handler)
return results
def __enter__(self):
return self
def __exit__(self, exc_type, exc_value, traceback):
pass
def readCredentials(self):
return shared.lz.ldap.credentials.key #this is a json {"gatewayuser": "john@doe", "password":"strongpassword"}