9
我對通過LDAP身份驗證爲Active Directory構建的自定義身份驗證後端存在問題。Django自定義身份驗證後端問題
問題是,從管理登錄頁面,它正確驗證並在數據庫中創建新用戶(或從LDAP服務器更新他們的信息)後,然後返回到管理員登錄頁面,指示我失敗輸入有效的用戶名和密碼。
考慮到它在django數據庫中驗證並創建/更新用戶,我在做什麼錯了?
的代碼:
import ldap
import re
from django.conf import ad_settings
grps = re.compile(r'CN=(\w+)').findall
def anyof(short_group_list, adu):
all_groups_of_user = set(g for gs in adu.get('memberOf',()) for g in grps(gs))
return any(g for g in short_group_list if g in all_groups_of_user)
class ActiveDirectoryBackend(ModelBackend):
"""
This backend utilizes an ActiveDirectory server via LDAP to authenticate
users, creating them in Django if they don't already exist.
"""
def authenticate(self, username=None, password=None):
con = None
ldap.set_option(ldap.OPT_REFERRALS, 0)
try:
con = ldap.initialize('ldap://%s:%s' % (ad_settings.AD_DNS_NAME,
ad_settings.AD_LDAP_PORT))
con.simple_bind_s(username+"@"+ad_settings.AD_DNS_NAME, password)
ADUser = con.search_ext_s(ad_settings.AD_SEARCH_DN,
ldap.SCOPE_SUBTREE,
"sAMAccountName=%s" % username,
ad_settings.AD_SEARCH_FIELDS)[0][1]
con.unbind()
except ldap.LDAPError:
return None
# Does user belong to appropriate AD group?
if not anyof(ad_settings.PROJECTCODE,ADUser):
return None
# Does user already exist in Django?
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
#create Django user
user = User(username=username, is_staff = True, is_superuser = False)
#Update User info from AD
if ADUser.has_key('givenName'):
user.first_name = ADUser.get('givenName')[0]
if ADUser.has_key('sn'):
user.last_name = ADUser.get('sn')[0]
if ADUser.has_key('mail'):
user.email = ADUser.get('mail')[0]
# Does not store password in Django.
user.set_unusable_password()
user.save()
return user
編輯:想通了。用戶無法登錄,除非它們處於活動狀態(即使文檔沒有說明)。因此,在給出的代碼中,創建新用戶的行應如下所示:
user = User(username=username, is_staff = True, is_Active = True,
is_superuser = False)
我一直在尋找這個,因爲我需要編寫類似的東西。感謝您發佈此:-) – gruszczy 2010-02-19 13:51:28