Question

使用python-ldap对Active Directory的身份验证与下面的代码配合良好，现在尝试查找如何验证如果用户属于安全组以成功验证但无法弄清楚如何执行此操作。我将此代码集成在烧瓶网站中。

这是我的代码：

import ldap
def authenticate():
    conn = ldap.initialize('ldap://ldap.example.com')
    conn.protocol_version = 3
    conn.set_option(ldap.OPT_REFERRALS, 0)
    try:
        username = 'user_id'
        password = 'motdepasse'
        user = "%s@domain" %username
        result = conn.simple_bind_s('user', 'password')
    except ldap.INVALID_CREDENTIALS:
        print "Invalid credentials"
        return "Invalid credentials"
    except ldap.SERVER_DOWN:
        print "Server down"
        return "Server down"
    except ldap.LDAPError, e:
        if type(e.message) == dict and e.message.has_key('desc'):
            return "Other LDAP error: " + e.message['desc']
        else:
            print "Other LDAP error: "
            return "Other LDAP error: " + e
    finally:
        conn.unbind_s()
        print "Succesfully"
    return "Succesfully authenticated"

authenticate()

感谢您的帮助

Answer 1

要将LDAP身份验证限制为特定的AD组，我使用了“search_s function”来查找经过身份验证的用户是否属于AD组。

conn.search_s("OU={AD Security Group},OU=group,OU=Groups,dc=twpn,dc=root,dc=domain,dc=com", ldap.SCOPE_SUBTREE, "(cn=userid)")

对Active Directory中的安全组的Python LDAP身份验证

1 个答案: