LDAP query from Python

Recently, some colleagues commented about validating if users in a Telegram group were or not employees anymore, so that the process could be automated without having to chase down the users that left the company.

One of the fields that can be configured by each user, is the link to other platforms (Github, LinkedIn, Twitter, Telegram, etc), so querying an LDAP server could suffice to get the list of users.

First, we need to get some data required, in our case, we do anonymous binding to our LDAP server and the field to search for containing the ‘other platform’ links.

We can do a simple query like this in Python:

import ldap

myldap = ldap.initialize("ldap://myldapserver:389")
binddn = ""
pw = ""
basedn = "ou=users,dc=example,dc=com"
searchAttribute = ["SocialURL"]
searchFilter = "(SocialURL=*)"

# this will scope the entire subtree under UserUnits
searchScope = ldap.SCOPE_SUBTREE

# Bind to the server
myldap.protocol_version = ldap.VERSION3
myldap.simple_bind_s(
    binddn, pw
)  # myldap.simple_bind_s() if anonymous binding is desired

# Perform the search
ldap_result_id = myldap.search(basedn, searchScope, searchFilter, searchAttribute)
result_set = []
while True:
    result_type, result_data = myldap.result(ldap_result_id, 0)
    if result_data == []:
        break
    else:
        if result_type == ldap.RES_SEARCH_ENTRY:
            result_set.append(result_data)

# Unbind from server
myldap.unbind_s()

At this point, the variable result_set will contain the values we want to filter, for example, the url containing the username in https://t.me/USERNAMEform and the login id.

This, can be then acted accordingly and kick users that are no longer (or haven’t configured Telegram username) in the LDAP directory.

Enjoy! (and if you do, you can Buy Me a Coffee )