我已将此类作为 django 中的身份验证后端插入
class ActiveDirectoryBackend(object):
logger = Messenger.infrastructure
@classmethod
def authenticate(cls, username=None, password=None):
try:
bind_dn = "%s@%s" % (username, settings.AD_DNS_NAME)
try:
cls.logger.debug('Initializing: %s' % settings.AD_LDAP_URL)
l = ldap.initialize(settings.AD_LDAP_URL)
l.protocol_version = ldap.VERSION3
l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
cls.logger.debug('Binding user %s' % bind_dn)
l.simple_bind_s(bind_dn, password)
result = l.search_ext_s(settings.AD_SEARCH_DN, ldap.SCOPE_SUBTREE,
"sAMAccountName=%s" % username, settings.AD_SEARCH_FIELDS)[0][1]
email = result.get('mail', (None,))[0]
except ldap.SERVER_DOWN, ex:
cls.logger.warning('LDAP-Sever Down (%s)' % ex.message)
raise PermissionDenied
except ldap.INVALID_CREDENTIALS:
cls.logger.warning('LDAP-Server: Rejected login for user %s due to invalid credentials' % username)
raise PermissionDenied
cls.logger.debug('User %s was successfully authorized.' % username)
l.unbind_s()
except Exception:
raise PermissionDenied
try:
user = User.objects.get(email=email)
cls.logger.debug('User %s found for email %s ' % (user.username, email))
except ObjectDoesNotExist, ex:
cls.logger.debug('User for email %s could not be found.' % email)
raise PermissionDenied
return user
整个事情在Apache + uWSGI下运行。当我独立运行 Django(manage.py runserver)时,LDAP 和 LDAPS 一切正常。
但是当使用 LDAPS 在 uWSGI 下运行它时,它总是抛出“Server Down”。LDAP(不带's')有效。使用 tcpdump 我可以看到数据包在 AD 和我的服务器之间双向传输。
uWSGI 如何影响 python-ldap 或底层库与 Active Directory 之间的 LDAPS 通信?