RETIRED, further work has moved to Debian project infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

37 KiB

:pyldap LDAP library interface module

python-ldap project (see

This module provides access to the LDAP (Lightweight Directory Access Protocol) C API implemented in OpenLDAP 2.3 or newer. It is similar to the C API, with the notable differences that lists are manipulated via Python list operations and errors appear as exceptions. For far more detailed information on the C interface, please see the (expired) draft-ietf-ldapext-ldap-c-api-04. This documentation is current for the Python LDAP module, version . Source and binaries are available from


This module defines the following functions:


The module defines various constants. Note that some constants depend on the build options and which underlying libs were used or even on the version of the libs. So before using those constants the application has to explicitly check whether they are available.



ldap.conf(5) and ldap_get_option(3)

For use with functions :py:func:set_option() and :py:func:get_option() and methods :py:method:LDAPObject.set_option() and :py:method:LDAPObject.get_option() the following option identifiers are defined as constants:

SASL options

TLS options

Keepalive options

DN format flags

This constants are used for DN-parsing functions found in sub-module :pyldap.dn.



The module defines the following exceptions:

The above exceptions are raised when a result code from an underlying API call does not indicate success.

LDAPObject classes

Arguments for LDAPv3 controls

The :pyldap.controls module can be used for constructing and decoding LDAPv3 controls. These arguments are available in the methods with names ending in :py_ext or :py_ext_s:


is a list of :pyldap.controls.LDAPControl instances sent to the server along with the LDAP request (see module :pyldap.controls). These are controls which alter the behaviour of the server when processing the request if the control is supported by the server. The effect of controls might differ depending on the type of LDAP request or controls might not be applicable with certain LDAP requests at all.


is a list of :pyldap.controls.LDAPControl instances passed to the client API and alter the behaviour of the client when processing the request.

Sending LDAP requests

Most methods on LDAP objects initiate an asynchronous request to the LDAP server and return a message id that can be used later to retrieve the result with :pyresult().

Methods with names ending in :py_s are the synchronous form and wait for and return with the server's result, or with :pyNone if no data is expected.

LDAPObject instances have the following methods:

Connection-specific LDAP options

Object attributes

If the underlying library provides enough information, each LDAP object will also have the following attributes. These attributes are mutable unless described as read-only.


The following example demonstrates how to open a connection to an LDAP server using the :pyldap module and invoke a synchronous subtree search.

>>> import ldap >>> l = ldap.initialize('ldap://localhost:1390') >>> l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(cn=fred*)',['cn','mail']) [('cn=Fred Feuerstein,ou=Testing,dc=stroeder,dc=de', {'cn': ['Fred Feuerstein']})] >>> r = l.search_s('ou=Testing,dc=stroeder,dc=de',ldap.SCOPE_SUBTREE,'(objectClass=*)',['cn','mail']) >>> for dn,entry in r: >>> print('Processing',repr(dn)) >>> handle_ldap_entry(entry)