# LDAP with OpenDJ

+ github repository: `https://github.com/OpenIdentityPlatform/OpenDJ`

+ running as a container as follows:

```bash
export IMAGE_NAME=openidentityplatform/opendj
export CONTAINER_NAME=opendj
export CONTAINER_HOSTNAME=ldap01.domain.com
export BASE_DN=dc=inflinx,dc=com

# Pull latest container
docker pull $IMAGE_NAME

# Start container
docker run -h $CONTAINER_HOSTNAME -p 1389:1389 -p 1636:1636 -p 4444:4444 \
-e BASE_DN=$BASE_DN --name $CONTAINER_NAME -t $IMAGE_NAME

# docker run -h ldap-01.domain.com -p 1389:1389 -p 1636:1636 -p 4444:4444 \
# --name ldap-01 openidentityplatform/opendj

docker logs --follow $CONTAINER_NAME

```

+ use apacheds studio tools located here: 
`https://directory.apache.org/studio/downloads.html`

+ importing ldap3: 
`pip3 install ldap3`

 website for python ldap3: 
`https://ldap3.readthedocs.io/en/latest/index.html`

+ ldif files extracted from: 
`https://github.com/apress/practical-spring-ldap`

+ test ldif files: 
`employees.ldif` and `patrons.ldif`


+ import ldif files into the ldap server using `import` feature of apacheds studio.
the second import should be an update since it is uses the same `dc=inflinx,dc=com`

+ when use `ldap3` library, make sure not to have spaces between the `dc`s


In [1]:
from ldap3 import Server, Connection, MODIFY_ADD, MODIFY_REPLACE, ALL_ATTRIBUTES
from ldap3.utils.dn import safe_rdn

In [2]:
server = Server('localhost:1389')

In [3]:
conn = Connection(server, 'cn=Directory Manager', 'password', auto_bind=True)

In [4]:
server.schema

DSA Schema from: cn=schema
  Attribute types:{'name': Attribute type: 2.5.4.41
  Short name: name
  Single value: False
  Equality rule: caseIgnoreMatch
  Syntax: 1.3.6.1.4.1.1466.115.121.1.15 [('1.3.6.1.4.1.1466.115.121.1.15', 'LDAP_SYNTAX', 'Directory String', 'RFC4517')]
  Extensions:
    X-ORIGIN: RFC 4519
    X-SCHEMA-FILE: 00-core.ldif
  OidInfo: ('2.5.4.41', 'ATTRIBUTE_TYPE', 'name', 'RFC4519')
, 'distinguishedName': Attribute type: 2.5.4.49
  Short name: distinguishedName
  Single value: False
  Equality rule: distinguishedNameMatch
  Syntax: 1.3.6.1.4.1.1466.115.121.1.12 [('1.3.6.1.4.1.1466.115.121.1.12', 'LDAP_SYNTAX', 'DN', 'RFC4517')]
  Extensions:
    X-ORIGIN: RFC 4519
    X-SCHEMA-FILE: 00-core.ldif
  OidInfo: ('2.5.4.49', 'ATTRIBUTE_TYPE', 'distinguishedName', 'RFC4519')
, 'objectClass': Attribute type: 2.5.4.0
  Short name: objectClass
  Single value: False
  Equality rule: objectIdentifierMatch
  Syntax: 1.3.6.1.4.1.1466.115.121.1.38 [('1.3.6.1.4.1.1466.115.121.1.38',

In [5]:
print(server.info)

None


In [6]:
dir(conn)

['__class__',
 '__delattr__',
 '__dict__',
 '__dir__',
 '__doc__',
 '__enter__',
 '__eq__',
 '__exit__',
 '__format__',
 '__ge__',
 '__getattribute__',
 '__gt__',
 '__hash__',
 '__init__',
 '__init_subclass__',
 '__le__',
 '__lt__',
 '__module__',
 '__ne__',
 '__new__',
 '__reduce__',
 '__reduce_ex__',
 '__repr__',
 '__setattr__',
 '__sizeof__',
 '__str__',
 '__subclasshook__',
 '__weakref__',
 '_bind_controls',
 '_context_state',
 '_deferred_bind',
 '_deferred_open',
 '_deferred_start_tls',
 '_do_auto_bind',
 '_entries',
 '_executing_deferred',
 '_fire_deferred',
 '_get_entries',
 '_prepare_return_value',
 '_usage',
 'abandon',
 'add',
 'authentication',
 'auto_bind',
 'auto_encode',
 'auto_escape',
 'auto_range',
 'auto_referrals',
 'bind',
 'bound',
 'check_names',
 'closed',
 'compare',
 'connection_lock',
 'cred_store',
 'delete',
 'do_ntlm_bind',
 'do_sasl_bind',
 'empty_attributes',
 'entries',
 'extend',
 'extended',
 'fast_decoder',
 'get_response',
 'last_error',
 'lazy',
 'l

In [7]:
conn.version

3

In [8]:
print(server.schema.object_classes['inetorgperson'])

Object class: 2.16.840.1.113730.3.2.2
  Short name: inetOrgPerson
  Type: Structural
  Superior: organizationalPerson
  May contain attributes: audio, businessCategory, carLicense, departmentNumber, displayName, employeeNumber, employeeType, givenName, homePhone, homePostalAddress, initials, jpegPhoto, labeledURI, mail, manager, mobile, o, pager, photo, roomNumber, secretary, uid, userCertificate, x500UniqueIdentifier, preferredLanguage, userSMIMECertificate, userPKCS12
  Extensions:
    X-ORIGIN: RFC 2798
    X-SCHEMA-FILE: 00-core.ldif



In [9]:
print(server.schema.object_classes['organizationalperson'])

Object class: 2.5.6.7
  Short name: organizationalPerson
  Type: Structural
  Superior: person
  May contain attributes: title, x121Address, registeredAddress, destinationIndicator, preferredDeliveryMethod, telexNumber, teletexTerminalIdentifier, telephoneNumber, internationaliSDNNumber, facsimileTelephoneNumber, street, postOfficeBox, postalCode, postalAddress, physicalDeliveryOfficeName, ou, st, l
  Extensions:
    X-ORIGIN: RFC 4519
    X-SCHEMA-FILE: 00-core.ldif
  OidInfo: ('2.5.6.7', 'OBJECT_CLASS', 'organizationalPerson', 'RFC4519')



In [10]:
print(server.schema.object_classes['person'])

Object class: 2.5.6.6
  Short name: person
  Type: Structural
  Superior: top
  Must contain attributes: sn, cn
  May contain attributes: userPassword, telephoneNumber, seeAlso, description
  Extensions:
    X-ORIGIN: RFC 4519
    X-SCHEMA-FILE: 00-core.ldif
  OidInfo: ('2.5.6.6', 'OBJECT_CLASS', 'person', 'RFC4519')



In [11]:
print(server.schema.object_classes['top'])

Object class: 2.5.6.0
  Short name: top
  Type: Abstract
  Must contain attributes: objectClass
  Extensions:
    X-ORIGIN: RFC 4512
    X-SCHEMA-FILE: 00-core.ldif
  OidInfo: ('2.5.6.0', 'OBJECT_CLASS', 'top', 'RFC4512')



In [12]:
# Search entries with email ends with @inflinx.com
print(conn.search('ou=employees,dc=inflinx,dc=com', '(&(mail=*@inflinx.com))'))

False


In [13]:
# Search entries with email ends with @inflinx.com
print(conn.search('ou=patrons,dc=inflinx,dc=com', '(&(mail=*@inflinx.com))'))

False


In [14]:
# Display the first element of the search results
print(conn.entries[0])

IndexError: list index out of range

In [64]:
len(conn.entries)

101