【问题标题】:How do I perform django authentication using a ldap?如何使用 ldap 执行 django 身份验证?
【发布时间】:2014-05-29 13:40:16
【问题描述】:

我已经看过几乎所有关于这个主题的问题和教程,但我仍然无法使用 django 连接到我的 ldap。下面是我的 settings.py 和 views.py。我真的需要解决这个问题,如果有人可以帮助我,我将不胜感激,请有人告诉我我做错了什么,因为我无法弄清楚。

settings.py

AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend'
'django.contrib.auth.backends.ModelBackend',
)

main_dn = 'dc=fx3x,dc=com'
groups_dn = 'ou=Groups,' + main_dn
users_dn = 'ou=Users,' + main_dn

AUTH_LDAP_SERVER_URI = 'ldap://ldap.xxxmk.com'
#AUTH_LDAP_BIND_DN = 'dc=fx3x,dc=com'
#AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=Users,dc=fx3x,dc=com"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=fx3x,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Groups,dc=fx3x,dc=com", ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)")
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}
AUTH_LDAP_USER_ATTR_MAP = {
"full_name": "sn",
"username": "uid",
"password": "userPassword"
}

AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 2

views.py

from django.contrib.auth import authenticate, login, logout
import ldap
from django_auth_ldap.backend import LDAPBackend


def log_in_form_event(request):

response = {'success': False}


if request.method == "POST":

    try:
        ldap_username = request.POST["name"]
        ldap_password = request.POST["password"]
        #l_username = django_auth_ldap.django_to_ldap_username(ldap_username)
        #ip_server = settings.LDAP_BASES.get('ip')
        #userdn = settings.LDAP_BASES.get('users')
        ldap_connection = ldap.initialize('ldap://ldap.xxxmk.com')
        ldap_connection.simple_bind_s(username=ldap_username, password=ldap_password)
        auth = LDAPBackend()
        #user = ldap_connection.
        user = auth.authenticate(username=ldap_username, password=ldap_password)
        res = ldap_connection.search_ext_s(settings.AUTH_LDAP_USER_SEARCH, ldap.SCOPE_SUBTREE, "uid=%s" % ldap_username)
        login(request, user)
        response = {'success': True, 'note': "logged in"}

    except:
        response = {'success': False, 'note': "not logged in"}

return HttpResponse(simplejson.dumps(response), mimetype='application/json')

【问题讨论】:

  • 有什么症状?有什么错误吗?提供追溯以防万一。
  • 这是它在控制台中给我的:[29/May/2014 13:43:37] "GET / HTTP/1.1" 200 2621 /usr/lib/python2.6/site- packages/django/http/response.py:327: DeprecationWarning: 不推荐使用 mimetype 关键字参数,使用 content_type 代替 super(HttpResponse, self).__init__(*args, **kwargs) [29/May/2014 13:43: 45] "POST /log_in_form_event/ HTTP/1.1" 200 43 我相信我什至无法连接到 ldap
  • 不,这只是一个弃用警告 - 这不是问题。如我所见,视图返回 200。您能否省略 try/except 并查看显示的错误是什么?
  • 在它的响应中说:log_in_form_event:simple_bind_s()得到了一个意外的关键字参数'ldap_username',当我删除它时,在控制台中它说:“POST /log_in_form_event/ HTTP/1.1”500 14863 , 内部服务器错误
  • 好的,日志、控制台或浏览器页面有错误吗?你有DEBUG=True - 如果没有,请将其设置为True

标签: python django ldap django-authentication django-auth-ldap


【解决方案1】:

看起来你可以摆脱 django-auth-ldap 和 write your own, simpler, backend。或者将逻辑调整到您自己的登录视图中。

# your_project/auth.py
import ldap
class MyLdapBackend(object):
    def authenticate(self, username = None, password = None):
         connection = ldap.initialize('ldap://ldap.xxxmk.com')

         # check user credentials
         try:
             connection.simple_bind_s(username, password)
         except ldap.INVALID_CREDENTIALS:
             return None # that's what your backend has to return on fail

         # authentication against the ldap succeed from here
         try:
             user = User.objects.get( username = username )
         except User.DoesNotExist:
             user = User( username = username, password = password )
             user.is_active = True
             user.save()
         return user # that's what your backend has to return on success

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

# your_project/settings.py
AUTHENTICATION_BACKENDS = (
    # both Django and you will use the same authentication logic:
    'your_project.auth.MyLdapBackend',
    # 'django.contrib.auth.backends.ModelBackend'
)

希望对你有帮助

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2017-06-03
    • 2011-09-23
    • 2016-06-03
    • 2016-10-18
    • 1970-01-01
    • 2013-03-18
    • 2021-09-02
    • 1970-01-01
    相关资源
    最近更新 更多