我正在尝试在Python Flask中使用LDAP身份验证。
这是我的测试页面,取自SimpleLDAP官方文档:
from flask import Flask, g, request, session, redirect, url_for
from flask_simpleldap import LDAP
app = Flask(__name__)
app.secret_key = 'dev key'
app.debug = True
#app.config['LDAP_USE_SSL'] = True
app.config['LDAP_HOST'] = 'my-dc-server'
app.config['LDAP_BASE_DN'] = 'OU=-my-ou,dc=my,dc=domain,dc=com'
app.config['LDAP_USERNAME'] = 'CN=my-domain-admin-working-user,OU=my-ou,DC=my,DC=domain,DC=com'
app.config['LDAP_PASSWORD'] = 'my-domain-admin-working-password'
ldap = LDAP(app)
@app.route('/')
@ldap.basic_auth_required
def index():
return 'Welcome, {0}!'.format(g.ldap_username)
if __name__ == '__main__':
app.debug = True
app.run(host='0.0.0.0', port=8000)
如果我在弹出窗口输入一个工作域用户,我总是得到:
Traceback (most recent call last):
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 2309, in __call__
return self.wsgi_app(environ, start_response)
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 2295, in wsgi_app
response = self.handle_exception(e)
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 1741, in handle_exception
reraise(exc_type, exc_value, tb)
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask_simpleldap/__init__.py", line 386, in wrapped
if not self.bind_user(req_username, req_password):
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask_simpleldap/__init__.py", line 152, in bind_user
user_dn = self.get_object_details(user=username, dn_only=True)
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask_simpleldap/__init__.py", line 185, in get_object_details
conn = self.bind
File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask_simpleldap/__init__.py", line 129, in bind
raise LDAPException(self.error(e.args))
flask_simpleldap.LDAPException: Invalid credentials
域用户/密码已经使用RDP测试到我的直流服务器并且工作正常。
我尝试过使用LDAP_USE_SSL = True或对其进行评论(如示例所示),结果相同。
我错过了什么?
更新:
from flask import Flask, g, request, session, redirect, url_for
from flask_simpleldap import LDAP
app = Flask(__name__)
app.secret_key = 'dev key'
app.debug = True
app.config['LDAP_HOST'] = 'my-dc-server'
app.config['LDAP_BASE_DN'] = 'OU=-my-ou,dc=my,dc=domain,dc=com'
app.config['LDAP_USERNAME'] = 'my-domain\\my-domain-admin-working-user'
app.config['LDAP_PASSWORD'] = 'my-domain-admin-working-password'
ldap = LDAP(app)
@app.route('/')
@ldap.basic_auth_required
def index():
return 'Welcome, {0}!'.format(g.ldap_username)
if __name__ == '__main__':
app.debug = True
app.run(host='0.0.0.0', port=8000)
使用新代码我现在获得:
/lib/python3.5/site-packages/flask_simpleldap/__init__.py", line 201, in get_object_details
raise LDAPException(self.error(e.args))
flask_simpleldap.LDAPException: No such object