ldap_connector.py

import ldap
from warpzone import settings

#
# LDAP Connector Class
# All direct LDAP Operations must use this class
# For LDAP User search please use LDAPDB instead
#
# ToDo: Escape input parameter for prevent LDAP Injection
# ToDo: Implement Singleton Design Pattern
#


class LDAPConnector:

    def __init__(self):
        self.__ldap_object = ldap.initialize(settings.AUTH_LDAP_SERVER_URI)
        self.__ldap_object.bind_s(settings.AUTH_LDAP_BIND_DN, settings.AUTH_LDAP_BIND_PASSWORD)

    def get_ldap_object(self):
        return self.__ldap_object

    def change_user_password(self, user, old_pw, new_pw, reset_pw=False):
        try:
            if old_pw is not None or reset_pw:
                self.__ldap_object.passwd_s(user, old_pw, new_pw)
            return 1
        except ldap.UNWILLING_TO_PERFORM as e:
            error = str(e)
            if 'unwilling to verify old password' in error or 'old password value is empty' in error:
                return -1
            else:
                print (e)
                return -2