我有一个使用django运行的应用。 现在我只想通过openldap服务器进行身份验证的用户看到“他们的视图”(因此我在成功验证后只需要他们的uid)
我如何实现这一目标?
我想django-auth-ldap是要走的路,所以我整天都试着去了解身份验证实际发生的位置,以及如何让用户的uid请求查看。
我使用documentation for the settings.py,但我找不到如何“实际使用”它。也许有人可以指出我正确的方向?
settings.py:
import ldap
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_SERVER_URI = "ldap://123.60.56.61"
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,dc=rd,dc=corpintra,dc=net"
(顺便说一下:我已经可以使用python-ldap执行ldap-searche并在命令行中获得类似ldapsearch的结果,所以其他一切工作正常......)
我的观点需要什么?
感谢您的帮助!
答案 0 :(得分:6)
以下是我们其中一个网站的摘录。
# Django Auth Ldap
main_dn = 'dc=____,dc=organisation,dc=com'
groups_dn = 'ou=Groups,'+main_dn
users_dn = 'ou=Users,'+main_dn
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_SERVER_URI = "ldap://ldap.organisation.com"
AUTH_LDAP_BIND_DN = 'cn=___,'+main_dn
AUTH_LDAP_BIND_PASSWORD = "__________________"
AUTH_LDAP_USER_SEARCH = LDAPSearch(users_dn, 2, "(uid=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(groups_dn, ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)")
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_staff": "cn=admins,"+groups_dn,
"is_superuser": "cn=developers,"+groups_dn,
}
编辑:
由于问题是“我的观点中需要什么?”,答案是此配置会将用户的uid保存为用户模型上的用户名字段,因此在您的视图中,您需要
uid = request.user.username
希望这可以让你开始运行。
答案 1 :(得分:2)
由于django-auth-ldap是一个普通的Django身份验证后端,request.user应该设置为经过身份验证的用户(假设您已经安装了标准中间件 - 请参阅Django文档)。通过典型设置,request.user.username将是用户DN的uid。如果您需要更多信息,可以从request.user.ldap_user获取。
答案 2 :(得分:1)
我没有使用django-auth-ldap,我自己写了ldap authentification后端。
#define your backend authentification
AUTHENTICATION_BACKENDS = (
'netipa.managment.ldapwm.netipaldapdjango.NetIpaLdap',
#'django.contrib.auth.backends.ModelBackend ',
)
有关扩展用户模型的详细信息,请参阅https://docs.djangoproject.com/en/1.5/topics/auth/customizing/#specifying-a-custom-user-model
#!/usr/bin/env python
#coding:utf-8
# Author: peter --<pjl@hpc.com.py>
# Created: 22/04/12
from django.conf import settings
import ldap
#this is a abstrac class to add some custom fields to the default django User model
#see https://docs.djangoproject.com/en/1.5/topics/auth/customizing/#specifying-a-custom-user-model, for more informacion
from netipa.contrib.accesos.models import LdapUsers as User
from django.contrib.auth.backends import ModelBackend
#import logging
class NetIpaLdap(object):
supports_inactive_user = False
def authenticate(self, username=None, password=None):
# logging.basicConfig(format='%(asctime)s %(message)s',filename="/tmp/auth.log",level=logging.DEBUG)
if username is None:
return None
try:
# a variable's define in settings
ip_server = settings.LDAP_BASES.get('ip')
userdn = settings.LDAP_BASES.get('users')
ldap.initialize('ldap://%s' % ip_server)
lop = ldap.simple_bind_s(
"uid=%s,%s" % (username, userdn),
password
)
except ldap.LDAPError, e:
print e
return None
except Exception,e:
print e
return None
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
ldap_at = lop.search(settings.LDAP_BASES.get('users'),
fil='uid=%s' % username,
types=1,
attr=['uidnumber', 'mail'])
user = User(username=username, password=password, ldap_id=ldap_at[0][-1].get('uidnumber')[0],
ldap_mail=ldap_at[0][-1].get('mail')[0])
user.is_staff = True
user.is_superuser = True
user.save()
return user
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
这是我的扩展用户类模型
from django.db import models
from django.contrib.auth.models import AbstractUser
# Create your models here.
class LdapUsers(AbstractUser):
ldap_id = models.IntegerField()
ldap_mail = models.EmailField()