LDAP Search Examples
Below are code samples for connecting to the LDAP directory in various languages:
-
ASDI
-
Perl
-
Ruby
-
This module is maintained by the IST Web Applications group. Once you install it, you can access either the ri documentation, or the html-based documentation by running gemserver on your host.
-
- Python attribute parsing example
In the CalNet Directory, the most accurate reflection of what people would prefer to be called is in the displayName attribute. However, some systems require a first name and last name. This sample code uses the data in berkeleyEduLastName, sn, berkeleyEduFirstName, and givenName to split a displayName into first name and last name portions as sensibly as possible.
# ------------------------------------------------
# name split.py
# Last Updated 2018-10-26 by Ian Crew
# The purpose of this code snippet is to split the LDAP displayName into sensible first and last name
# substrings, for use in systems that require a first name and last name field. This allows
# those systems to reflect the user's preference for how they are referred to as closely as possible.
# ------------------------------------------------
#create some counters so we can report back the counts of how the displayNames were split.
berkeleyEduFirstName_splits=0
berkeleyEduLastName_splits=0
givenName_splits=0
sn_splits=0
skipped_splits=0#Berkeley_People is a Python Dict of objects, that I fill elsewhere for performance reasons.
#It contains the LDAP information about each UID.
for curr_uid in Berkeley_People:
#Get displayName, berkeleyEduFirstName, berkeleyEduLastName, sn, and givenName from the CalNet Directory.
berkeleyEduFirstName=Berkeley_People[curr_uid].get_ldap_attribute("berkeleyEduFirstName")
berkeleyEduLastName=Berkeley_People[curr_uid].get_ldap_attribute("berkeleyEduLastName")
sn=Berkeley_People[curr_uid].get_ldap_attribute("sn")
if sn != None: sn=sn[0]
givenName=Berkeley_People[curr_uid].get_ldap_attribute("givenName")
if givenName != None: givenName=givenName[0]
displayName=str(Berkeley_People[curr_uid].get_ldap_attribute("displayName"))# Some of the entries in LDAP have different standards for representing an empty entry. Clean those up.
if displayName=="Unknown" or displayName==", ," or displayName=="": displayName=None
if berkeleyEduFirstName=="Unknown" or berkeleyEduFirstName=="," or berkeleyEduFirstName=="": berkeleyEduFirstName=None
if berkeleyEduLastName=="Unknown" or berkeleyEduLastName=="," or berkeleyEduLastName=="": berkeleyEduLastName=None
if givenName=="Unknown" or givenName=="," or givenName=="": givenName=None
if sn=="Unknown" or sn=="," or sn=="" or sn=="new entry": sn=None
if displayName==None and berkeleyEduFirstName == None and givenName == None and berkeleyEduLastName == None and sn == None:
#if the displayName is blank, no point in trying to split it.
skipped_splits+=1
continue
if (str(Berkeley_People[curr_uid].primary_affiliation)=="None" or str(Berkeley_People[curr_uid].primary_affiliation)=="STU-DELEGATE") and berkeleyEduFirstName == None and givenName == None and berkeleyEduLastName == None and sn == None:
#The info for STU-DELEGATES and people with no affiliations is very spotty, so skip them if the rest of their info is blank
skipped_splits+=1
continue
elif displayName==None and (berkeleyEduFirstName != None or givenName != None) and (berkeleyEduLastName != None or sn != None):
#if the displayName is blank, but we have a berkeleyEduFirstName or givenName, and a berkeleyEduLastName or sn,
#assemble a displayName for use in the rest of this script.
build_displayName=""
if berkeleyEduFirstName != None:
build_displayName=str(berkeleyEduFirstName)+" "
else:
build_displayName=str(givenName)+" "if berkeleyEduLastName != None:
build_displayName=build_displayName+str(berkeleyEduLastName)
else:
build_displayName=build_displayName+str(sn)
displayName=build_displayName# Figure out where to split the string. First see if it's possible to split based on berkeleyEduLastName,
# then sn, then berkeleyEduFirstName, then givenName. Doing it in this order keeps any middle names/
# initials with the first name if at all possible.
reversed_name=False
displayName_split_position=-1if berkeleyEduLastName != None and displayName != None:
displayName_split_position=displayName.lower().rfind(berkeleyEduLastName.lower())
if displayName_split_position==0:
#many users, especially SPAs, have a displayname in the form of 'last, first' or 'last first'
displayName_split_position+=len(berkeleyEduLastName)
reversed_name=True
#sys.stderr.write("displayName_split_position: "+str(displayName_split_position)+"\n")
berkeleyEduLastName_splits+=1if displayName_split_position == -1 and sn!=None and displayName != None:
displayName_split_position=displayName.lower().rfind(sn.lower())
if displayName_split_position==0:
#many users, especially SPAs, have a displayname in the form of 'last, first' or 'last first'
displayName_split_position+=len(sn)
reversed_name=True
sn_splits+=1if displayName_split_position == -1 and berkeleyEduFirstName!=None and displayName != None:
displayName_split_position=displayName.lower().find(berkeleyEduFirstName.lower())+len(berkeleyEduFirstName)
if displayName_split_position==len(displayName):
#many users, especially SPAs, have a displayname in the form of 'last, first' or 'last first'
displayName_split_position-=len(berkeleyEduFirstName)
reversed_name=True
berkeleyEduFirstName_splits+=1if displayName_split_position == -1 and givenName!=None and displayName != None:
displayName_split_position=displayName.lower().find(givenName.lower())+len(givenName)
if displayName_split_position==len(displayName):
#many users, especially SPAs, have a displayname in the form of 'last, first' or 'last first'
displayName_split_position-=len(givenName)
reversed_name=True
givenName_splits+=1# Once we've figured out where to split it, actually do the splitting into displayName_first
# and displayName_last.
displayName_first=None
displayName_last=None
if displayName_split_position != -1:
if reversed_name!=True:
displayName_first=displayName[:displayName_split_position].strip(", ")
displayName_last=displayName[displayName_split_position:].strip(", ")
else:
displayName_last = displayName[:displayName_split_position].strip(", ")
displayName_first = displayName[displayName_split_position:].strip(", ")#if we don't have a first or last name, but there's one elsewhere in the record, use it
if displayName_first=="" and berkeleyEduFirstName !=None:
displayName_first=berkeleyEduFirstName
elif displayName_first=="" and givenName !=None:
displayName_first=givenNameif displayName_last=="" and berkeleyEduLastName !=None:
displayName_last=berkeleyEduLastName
elif displayName_last=="" and sn !=None:
displayName_last=sn# Print an error if we can't successfully split a displayName
if (displayName_split_position == -1 or displayName_first=="" or displayName_last=="") and str(curr_uid) != "0" :
sys.stderr.write("Unable to split displayName at "+str(display_split_position)+" for "+ str(Berkeley_People[curr_uid].primary_affiliation) +" affiliate, UID "+str(curr_uid)+" into first and last. Displayname: "+str(directory_display_name)+", b_e_first: "+str(b_e_first)+", b_e_last: "+str(b_e_last)+", givenName: "+str(givenname)+", sn: "+str(sn)+"\n")sys.stderr.write("skipped splits: " + str(skipped_splits) + "\nberkeleyEduLastName_splits: " + str(berkeleyEduLastName_splits) + "\nsn_splits: " + str(sn_splits) + "\nberkeleyEduFirstName_splits: " + str(berkeleyEduFirstName_splits) + "\ngivenName_splits: " + str(givenName_splits) + "\n")
# As of 2018-10-25, this results in the following when run across 1,092,480 records in LDAP:
# skipped splits: 61,098
# berkeleyEduLastName_splits: 31,164
# sn_splits: 998,640
# berkeleyEduFirstName_splits: 0
# givenName_splits: 1,605
# This technique doesn't work for 26 people in the directory, all of whom have only "sn"s, but no berkeleyEduFirstNames or givenNames, and single-word displayNames.
# They are 20 Alumni, 2 attendees, 1 Trustee, and 3 people with no affiliation.
LDAP Referral Handling Examples
The follow examples show how to follow LDAP Referrals using: