Writing a Python script, I would like to know if it is possible to bind to an LDAP server without writing the password in plaintext, like in this example:
import ldap
l = ldap.open("myserver")
username ="cn=Manager, o=mydomain.com"## I don't want to write the password here in plaintext
password ="secret"
l.simple_bind(username, password)
Example Function for decrypting a file called '.credentials'. This would of course have a seporate script to encrypt the credentials to a file in the first place prior to trying to use it.
所以你会调用这个函数:
So you would call this function:
username, password = decrypt()
l.simple_bind(username, password)from Crypto.Cipher import AES
import base64
from local_logging import info
defdecrypt(dir_path):#Read '.credentials' file and return unencrypted credentials (user_decoded, pass_decoded)
lines =[line.rstrip('
') for line in open(dir_path + '/.credentials')]
user_encoded = lines[0]
user_secret = lines[1]
pass_encoded = lines[2]
pass_secret = lines[3]# the character used for padding--with a block cipher such as AES, the value# you encrypt must be a multiple of BLOCK_SIZE in length. This character is# used to ensure that your value is always a multiple of BLOCK_SIZE
PADDING ='{'
DecodeAES =lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(PADDING)# create a cipher object using the random secret
user_cipher = AES.new(user_secret)
pass_cipher = AES.new(pass_secret)# decode the encoded string
user_decoded = DecodeAES(user_cipher, user_encoded)
pass_decoded = DecodeAES(pass_cipher, pass_encoded)return(user_decoded, pass_decoded)
