我正在尝试基于 LDAP 条件实施身份验证,而我无法理解如何实现此目标。
我的项目已经使用了Django的内置身份验证系统,效果很好,看起来像这样:
# urls.py
from django.conf.urls import include, url
from django.contrib import admin
from django.contrib.auth import views
from coffee_app.forms import LoginForm
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'', include('coffee_app.urls')),
url(r'^login/$', views.login, {'template_name': 'login.html', 'authentication_form': LoginForm}, name='login'),
url(r'^logout/$', views.logout, {'next_page': '/login'}, name='logout'),
]
# forms.py
from django.contrib.auth.forms import AuthenticationForm
from django import forms
class LoginForm(AuthenticationForm):
username = forms.CharField(label="Username", max_length=32,
widget=forms.TextInput(attrs={
'class': 'form-control',
'name': 'username'
}))
password = forms.CharField(label="Password", max_length=20,
widget=forms.PasswordInput(attrs={
'class': 'form-control',
'name': 'password'
}))
<!--login.html (relevant part)-->
<form class="form-horizontal" action="{% url 'login' %}" method="post" id="contact_form">
{% csrf_token %}
<fieldset>
<div class="form-group">
<label class="col-md-4 control-label">{{ form.username.label_tag }}</label>
<div class="col-md-4 inputGroupContainer">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
{{ form.username }}
</div>
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" >{{ form.password.label_tag }}</label>
<div class="col-md-4 inputGroupContainer">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
{{ form.password }}
</div>
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label"></label>
<div class="col-md-4 text-center">
<br>
<button value="login" type="submit" class="btn btn-warning" >
LOG IN
<span class="glyphicon glyphicon-send"></span>
</button>
</div>
</div>
</fieldset>
<input type="hidden" name="next" value="{{ next }}"/>
</form>
现在,我要做的是在获取初始Django身份验证之前验证用户是否存在于LDAP中:
from ldap3 import Server, Connection, ALL, NTLM
server = Server('server here', get_info=ALL, use_ssl=True)
conn = Connection(server,
user='DOMAIN\\username',
password='password',
authentication=NTLM)
print(conn.bind())
如果conn.bind()返回True,我想进一步使用Django的内置身份验证系统并对用户进行身份验证。不幸的是,我不知道在何处/如何添加此步骤以实现此目的。
有些观点如下:
from django.shortcuts import render
from django.http import HttpResponse
from django.contrib.auth.decorators import login_required
@login_required(login_url="login/")
def home(request):
return render(request, "home.html")
@login_required(login_url="login/")
def activity_report_page(request):
return render(request, "activity_report.html")
...
他们的网址:
from django.conf.urls import url
from . import views
urlpatterns = [
url(r'^$', views.home, name='home'),
url(r'report$', views.activity_report_page, name='activity_report')
]
有人可以指出我应该在哪里添加 LDAP 代码,以便我可以先验证用户是否存在吗?
PS:我没有考虑使用django-auth-ldap因为我真的不需要基于纯LDAP认证的系统。只是一个简单的验证。
答案 0 :(得分:0)
您想customize authentication in Django,更具体地想要write an authentication backend。我假设您的项目名为'coffee_site',并且您拥有应用'coffee_app'。您首先要更改coffee_site/settings.py,然后将AUTHENTICATION_BACKENDS = ['coffee_site.auth.LDAP']附加到其中。在此之后,您想要制作和编辑coffee_site/auth.py。正如您在问题中所说,您希望使用默认身份验证,因此您应该继承django.contrib.auth.backends.ModelBackend,然后您希望如果conn.bind()不是True,那么您不使用默认身份验证,因此您应该返回None。这可以通过以下方式实现:
from django.contrib.auth.backends import ModelBackend
from ldap3 import Server, Connection, ALL, NTLM
server = Server('server here', get_info=ALL, use_ssl=True)
class LDAP(ModelBackend):
def authenticate(self, *args, **kwargs):
username = kwargs.get('username')
password = kwargs.get('password')
if username is None or password is None:
return None
conn = Connection(server,
user='DOMAIN\\{}'.format(username),
password=password,
authentication=NTLM)
if not conn.bind():
return None
return super().authenticate(*args, **kwargs)
注意:我检查过这个在Django方面有效,但我没有努力检查LDAP代码是否有效。