mex.common.ldap package

Subpackages

• mex.common.ldap.models package
  • Submodules
  • mex.common.ldap.models.actor module
    • LDAPActor
      • LDAPActor.get_ldap_fields()
      • LDAPActor.mail
      • LDAPActor.model_computed_fields
      • LDAPActor.model_config
      • LDAPActor.model_fields
      • LDAPActor.objectGUID
      • LDAPActor.sAMAccountName
  • mex.common.ldap.models.person module
    • LDAPPerson
      • LDAPPerson.company
      • LDAPPerson.department
      • LDAPPerson.departmentNumber
      • LDAPPerson.displayName
      • LDAPPerson.employeeID
      • LDAPPerson.get_ldap_fields()
      • LDAPPerson.givenName
      • LDAPPerson.model_computed_fields
      • LDAPPerson.model_config
      • LDAPPerson.model_fields
      • LDAPPerson.ou
      • LDAPPerson.sn
    • LDAPPersonWithQuery
      • LDAPPersonWithQuery.model_computed_fields
      • LDAPPersonWithQuery.model_config
      • LDAPPersonWithQuery.model_fields
      • LDAPPersonWithQuery.person
      • LDAPPersonWithQuery.query
  • mex.common.ldap.models.unit module
    • LDAPUnit
      • LDAPUnit.model_computed_fields
      • LDAPUnit.model_config
      • LDAPUnit.model_fields
      • LDAPUnit.parent_label
  • Module contents

Submodules

mex.common.ldap.connector module

class mex.common.ldap.connector.LDAPConnector

Bases: BaseConnector

Connector class to handle credentials and querying of LDAP.

DEFAULT_PORT = 636

PAGE_SIZE = 25

SEARCH_BASE = 'DC=rki,DC=local'

__init__() → None

Create a new LDAP connection.

_fetch(model_cls: type[_LDAPActorT], /, **filters: str) → Generator[_LDAPActorT, None, None]

Fetch all items that match the given filters and parse to given model.

Parameters:

• model_cls – Pydantic model class

• **filters – LDAP compatible filters, will be joined in AND-condition

Returns:

Generator for instance of model_cls

close() → None

Close the connector’s underlying LDAP connection.

get_functional_account(objectGUID: str = '*', **filters: str) → LDAPActor

Get a single LDAP functional account for the given filters.

Parameters:

• objectGUID – Internal LDAP identifier

• **filters – Filters for LDAP search

Raises:

MExError – If number of LDAP entries that match the filters is not 1

Returns:

Single LDAP functional account matching the filters

get_functional_accounts(mail: str = '*', sAMAccountName: str = '*', **filters: str) → Generator[LDAPActor, None, None]

Get LDAP functional accounts that match provided filters.

Some projects/resources declare functional mailboxes as their contact.

Parameters:

• mail – Email address of the functional account

• sAMAccountName – Account name

• **filters – Additional filters

Returns:

Generator for LDAP functional accounts

get_person(objectGUID: str = '*', employeeID: str = '*', **filters: str) → LDAPPerson

Get a single LDAP person for the given filters.

Parameters:

• objectGUID – Internal LDAP identifier

• employeeID – Employee ID, must be present

• **filters – Filters for LDAP search

Raises:

MExError – If number of LDAP entries that match the filters is not 1

Returns:

Single LDAP person matching the filters

get_persons(surname: str = '*', given_name: str = '*', mail: str = '*', **filters: str) → Generator[LDAPPerson, None, None]

Get LDAP persons that match the provided filters.

An LDAP person’s objectGUIDs is stable across name changes, whereas name based person identifiers of the schema SurnameF are not stable.

Only consider LDAP entries of objectClass ‘user’, ObjectCategory ‘Person’. Additional required attributes are: sAMAccountName, employeeId.

Parameters:

• given_name – Given name of a person, defaults to non-null

• surname – Surname of a person, defaults to non-null

• mail – Email address, defaults to non-null

• **filters – Additional filters

Returns:

Generator for LDAP persons

get_unit(**filters: str) → LDAPUnit

Get a single LDAP unit for the given filters.

Parameters:

**filters – Filters for LDAP search

Raises:

MExError – If number of LDAP entries that match the filters is not 1

Returns:

Single LDAP unit matching the filters

get_units(sAMAccountName: str = '*', mail: str = '*', **filters: str) → Generator[LDAPUnit, None, None]

Get LDAP units that match the provided filters.

Parameters:

• sAMAccountName – Account name of the unit

• mail – Email address of the unit

• **filters – Additional filters

Returns:

Generator for LDAP units

mex.common.ldap.extract module

mex.common.ldap.extract._get_merged_ids_by_attribute(attribute: str, persons: Iterable[LDAPPerson], primary_source: ExtractedPrimarySource) → dict[str, list[MergedPersonIdentifier]]

Return mapping from dynamic Person attribute to corresponding merged person ids.

MergedPersonIdentifiers are looked up in the identity provider and will be omitted for any person that has not yet been assigned an Identity there.

Parameters:

• attribute – The key to use for the resulting mapping

• persons – Iterable of LDAP persons

• primary_source – Primary source for LDAP

Returns:

Mapping from a stringified LDAPPerson[attribute] to corresponding MergedPersonIdentifiers

mex.common.ldap.extract.get_count_of_found_persons_by_name(surname: str = '*', given_name: str = '*', **filters: str) → int

Get total count of found ldap persons.

Parameters:

• given_name – Given name of a person, defaults to non-null.

• surname – Surname of a person, defaults to non-null.

• **filters – Additional filters.

Returns:

count of found persons.

mex.common.ldap.extract.get_merged_ids_by_email(persons: Iterable[LDAPPerson], primary_source: ExtractedPrimarySource) → dict[str, list[MergedPersonIdentifier]]

Return a mapping from a person’s e-mail to their merged person ids.

MergedPersonIdentifiers are looked up in the identity provider and will be omitted for any person that has not yet been assigned an Identity there.

Parameters:

• persons – Iterable of LDP persons

• primary_source – Primary source for LDAP

Returns:

Mapping from LDAPPerson.mail to corresponding MergedPersonIdentifiers

mex.common.ldap.extract.get_merged_ids_by_employee_ids(persons: Iterable[LDAPPerson], primary_source: ExtractedPrimarySource) → dict[str, list[MergedPersonIdentifier]]

Return a mapping from a person’s employeeID to their merged person ids.

MergedPersonIdentifiers are looked up in the identity provider and will be omitted for any person that has not yet been assigned an Identity there.

Parameters:

• persons – Iterable of LDAP persons

• primary_source – Primary source for LDAP

Returns:

Mapping from LDAPPerson.employeeID to corresponding MergedPersonIdentifiers

mex.common.ldap.extract.get_merged_ids_by_query_string(persons_with_query: Iterable[LDAPPersonWithQuery], primary_source: ExtractedPrimarySource) → dict[str, list[MergedPersonIdentifier]]

Return a mapping from a person query string to their merged person ids.

MergedPersonIdentifiers are looked up in the identity provider and will be omitted for any person that has not yet been assigned an Identity there.

Parameters:

• persons_with_query – Iterable of LDP persons with query

• primary_source – Primary source for LDAP

Returns:

Mapping from LDAPPersonWithQuery.query to corresponding MergedPersonIdentifiers

mex.common.ldap.extract.get_persons_by_name(surname: str = '*', given_name: str = '*', **filters: str) → Generator[LDAPPerson, None, None]

Get all ldap persons matching the filters.

Parameters:

• given_name – Given name of a person, defaults to non-null.

• surname – Surname of a person, defaults to non-null.

• **filters – Additional filters.

Returns:

Generator for LDAP persons.

mex.common.ldap.transform module

class mex.common.ldap.transform.PersonName(surname: str = '*', given_name: str = '*', full_name: str = '')

Bases: object

Name of a person split into sur- and given-name.

full_name: str = ''

given_name: str = '*'

surname: str = '*'

mex.common.ldap.transform.analyse_person_string(string: str) → list[PersonName]

Try to extract a list of given- and surnames from a person string.

For supported formats of this implementation, check unittest.

Parameters:

string – Person string, containing their name in some form

Returns:

List of analyzed person names

mex.common.ldap.transform.transform_ldap_actor_to_mex_contact_point(ldap_actor: LDAPActor, primary_source: ExtractedPrimarySource) → ExtractedContactPoint

Transform a single LDAPActor (a functional account) to an ExtractedContactPoint.

Parameters:

• ldap_actor – LDAP actor

• primary_source – Primary source for LDAP

Returns:

Extracted contact point

mex.common.ldap.transform.transform_ldap_actors_to_mex_contact_points(ldap_actors: Iterable[LDAPActor], primary_source: ExtractedPrimarySource) → Generator[ExtractedContactPoint, None, None]

Transform LDAP actors (e.g. functional accounts) to ExtractedContactPoints.

Parameters:

• ldap_actors – LDAP actors

• primary_source – Primary source for LDAP

Returns:

Generator for extracted contact points

mex.common.ldap.transform.transform_ldap_person_to_mex_person(ldap_person: LDAPPerson, primary_source: ExtractedPrimarySource, units_by_identifier_in_primary_source: dict[str, ExtractedOrganizationalUnit]) → ExtractedPerson

Transform a single LDAP person to an ExtractedPerson.

Parameters:

• ldap_person – LDAP person

• primary_source – Primary source for LDAP

• units_by_identifier_in_primary_source – Mapping to get units by LDAP ID

Returns:

Extracted person

mex.common.ldap.transform.transform_ldap_persons_to_mex_persons(ldap_persons: Iterable[LDAPPerson], primary_source: ExtractedPrimarySource, units: Iterable[ExtractedOrganizationalUnit]) → Generator[ExtractedPerson, None, None]

Transform LDAP persons to ExtractedPersons.

Parameters:

• ldap_persons – LDAP persons

• primary_source – Primary source for LDAP

• units – Extracted organizational units

Returns:

Generator for extracted persons

mex.common.ldap.transform.transform_ldap_persons_with_query_to_mex_persons(ldap_persons_with_query: Iterable[LDAPPersonWithQuery], primary_source: ExtractedPrimarySource, units: Iterable[ExtractedOrganizationalUnit]) → Generator[ExtractedPerson, None, None]

Transform LDAP persons with query to ExtractedPersons.

Parameters:

• ldap_persons_with_query – LDAP persons with query

• primary_source – Primary source for LDAP

• units – Extracted organizational units

Returns:

Generator for extracted persons

Module contents

Helper extractor to extract data from Lightweight Directory Access Protocol (LDAP).

Common use cases: - extract employee accounts of your organization - extract functional accounts of your organization

Possible queries are for example the account name, surname, given name, or email.

Configuration

For configuring the ldap connection, set the settings parameter ldap_url (see mex.common.settings for further info) to an LDAP url (see

https://datatracker.ietf.org/doc/html/rfc2255#section-3 for further information).

Extracting data

Use the LDAPConnector from the ldap.connector module to extract data.

Transforming data

The module ldap.transform contains functions for transforming LDAP data into MEx models.

The mex_person.stableTargetId attribute can be used in any entity that requires a MergedPersonIdentifier.

Convenience Functions

The module ldap.extract holds convenience functions, e.g. for build a mapping from query strings to `stableTargetId`s.