0

我已经看过几乎所有关于这个主题的问题和教程,但我仍然无法使用 django 连接到我的 ldap。下面是我的 settings.py 和 views.py。我真的需要解决这个问题,如果有人可以帮助我,我将非常感激,有人告诉我我做错了什么,因为我无法弄清楚。

settings.py

AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend'
'django.contrib.auth.backends.ModelBackend',
)

main_dn = 'dc=fx3x,dc=com'
groups_dn = 'ou=Groups,' + main_dn
users_dn = 'ou=Users,' + main_dn

AUTH_LDAP_SERVER_URI = 'ldap://ldap.xxxmk.com'
#AUTH_LDAP_BIND_DN = 'dc=fx3x,dc=com'
#AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=Users,dc=fx3x,dc=com"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=fx3x,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Groups,dc=fx3x,dc=com", ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)")
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}
AUTH_LDAP_USER_ATTR_MAP = {
"full_name": "sn",
"username": "uid",
"password": "userPassword"
}

AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 2

views.py

from django.contrib.auth import authenticate, login, logout
import ldap
from django_auth_ldap.backend import LDAPBackend


def log_in_form_event(request):

response = {'success': False}


if request.method == "POST":

    try:
        ldap_username = request.POST["name"]
        ldap_password = request.POST["password"]
        #l_username = django_auth_ldap.django_to_ldap_username(ldap_username)
        #ip_server = settings.LDAP_BASES.get('ip')
        #userdn = settings.LDAP_BASES.get('users')
        ldap_connection = ldap.initialize('ldap://ldap.xxxmk.com')
        ldap_connection.simple_bind_s(username=ldap_username, password=ldap_password)
        auth = LDAPBackend()
        #user = ldap_connection.
        user = auth.authenticate(username=ldap_username, password=ldap_password)
        res = ldap_connection.search_ext_s(settings.AUTH_LDAP_USER_SEARCH, ldap.SCOPE_SUBTREE, "uid=%s" % ldap_username)
        login(request, user)
        response = {'success': True, 'note': "logged in"}

    except:
        response = {'success': False, 'note': "not logged in"}

return HttpResponse(simplejson.dumps(response), mimetype='application/json')
4

1 回答 1

1

看起来您可以摆脱 django-auth-ldap 并编写自己的、更简单的 backend。或者将逻辑调整到您自己的登录视图中。

# your_project/auth.py
import ldap
class MyLdapBackend(object):
    def authenticate(self, username = None, password = None):
         connection = ldap.initialize('ldap://ldap.xxxmk.com')

         # check user credentials
         try:
             connection.simple_bind_s(username, password)
         except ldap.INVALID_CREDENTIALS:
             return None # that's what your backend has to return on fail

         # authentication against the ldap succeed from here
         try:
             user = User.objects.get( username = username )
         except User.DoesNotExist:
             user = User( username = username, password = password )
             user.is_active = True
             user.save()
         return user # that's what your backend has to return on success

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

# your_project/settings.py
AUTHENTICATION_BACKENDS = (
    # both Django and you will use the same authentication logic:
    'your_project.auth.MyLdapBackend',
    # 'django.contrib.auth.backends.ModelBackend'
)

希望这可以帮助

于 2015-05-08T08:41:09.307 回答