Python-ldap:是否可以在不明确写入密码的情况下进行绑定?
问题描述:
编写Python脚本,我想知道是否可以绑定到一个LDAP服务器,而不在这个例子中明文写入密码,如:Python-ldap:是否可以在不明确写入密码的情况下进行绑定?
import ldap
l = ldap.open("myserver")
username = "cn=Manager, o=mydomain.com"
## I don't want to write the password here in plaintext
password = "secret"
l.simple_bind(username, password)
答
示例功能用于解密文件名为”。证书'。在尝试使用它之前,这当然会有一个seporate脚本来首先将凭证加密到文件中。
所以,你会调用该函数:
username, password = decrypt()
l.simple_bind(username, password)
from Crypto.Cipher import AES
import base64
from local_logging import info
def decrypt(dir_path):
#Read '.credentials' file and return unencrypted credentials (user_decoded, pass_decoded)
lines = [line.rstrip('\n') for line in open(dir_path + '/.credentials')]
user_encoded = lines[0]
user_secret = lines[1]
pass_encoded = lines[2]
pass_secret = lines[3]
# the character used for padding--with a block cipher such as AES, the value
# you encrypt must be a multiple of BLOCK_SIZE in length. This character is
# used to ensure that your value is always a multiple of BLOCK_SIZE
PADDING = '{'
DecodeAES = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(PADDING)
# create a cipher object using the random secret
user_cipher = AES.new(user_secret)
pass_cipher = AES.new(pass_secret)
# decode the encoded string
user_decoded = DecodeAES(user_cipher, user_encoded)
pass_decoded = DecodeAES(pass_cipher, pass_encoded)
return (user_decoded, pass_decoded)
是的,它是可能的,我通常使用PyCrypto凭据加密一个文件。然后我会解密该文件并传入值。 – iNoob