0

我正在 Python 3.5.2 中创建一个简单的应用程序,它通过 Active Directory 对用户进行身份验证,并根据用户的组成员身份应用其他规则。该应用程序可以使用包成功验证用户身份win32security,并尝试使用pyad.

我的问题:在我的 Flask 应用程序上运行代码时,我收到一条 pywintypes.com_error 消息,阻止我获取组成员信息。

当我在 iPython 控制台上单独运行后端代码时,它工作正常。我可以查询组成员身份。但是,当它是 Flask 应用程序的一部分时,会弹出一个错误。我已将问题隔离到这部分代码(DN 信息被屏蔽):

group = adgroup.ADGroup.from_dn('CN=someCN,OU=someOU1,OU=someOU2,
                                 DC=test,DC=domain,DC=com,DC=somecountry')
group_members = sum([member.get_attribute("sAMAccountName")
                    for member in group.get_members()],[])

有没有人遇到过这个?我想不出为什么代码不能在 Flask 中运行(虽然我刚刚开始学习 Flask)但它会在控制台中运行。

代码参考:

我的 Flask 应用程序有 3 个 Python 文件,模板文件夹中有一个 html 文件。

运行.py

from app import app
import os

app.secret_key = os.urandom(16)
app.run(debug=True)

初始化.py

from flask import Flask

app = Flask(__name__)
from app import views

视图.py

from app import app
from flask import Flask, flash, render_template, request, session

import win32security as win32
from pyad import adgroup

@app.route("/")
def home():
    if not session.get("logged_in"):
        return render_template("login.html")
    else:
        return "You are currently logged in."

@app.route("/login", methods=["GET","POST"])
def login():
    #initialize variables
    username = request.form["username"]
    password = request.form["password"]
    DOMAIN = "test.domain.com.somecountry"
    error = None

    group = adgroup.ADGroup.from_dn('CN=someCN,OU=someOU1,OU=someOU2,DC=test,DC=domain,DC=com,DC=somecountry')
    group_members = sum([member.get_attribute("sAMAccountName") for member in group.get_members()],[])

    if username in group_members:
        try:
            token = win32.LogonUser(username, DOMAIN, password,
                                    win32.LOGON32_LOGON_NETWORK,
                                    win32.LOGON32_PROVIDER_DEFAULT)
            is_auth = bool(token)

            if is_auth:
                session["logged_in"] = True
        except:
            error = "Incorrect credentials. Please try again."
    else:
        error = "You are not permitted to access this."

    return render_template("login.html", error=error)

登录.html

<!doctype html>
<title>Login Test</title>
{% block body %}
{% if session["logged_in"] %}
<p>You are currently logged in.</p>
{% else %}
<form action="/login" method="POST">
    <input type="username" name="username" placeholder="Username">
    <input type="password" name="password" placeholder="Password">
    <input type="submit" value="Log In">
</form>
<li>{{error}}</li>
{% endif %}
{% endblock %}

这是错误回溯:

Traceback (most recent call last):
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\flask\app.py", line 2000, in __call__
return self.wsgi_app(environ, start_response)
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\flask\app.py", line 1991, in wsgi_app
response = self.make_response(self.handle_exception(e))
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\flask\app.py", line 1567, in handle_exception
reraise(exc_type, exc_value, tb)
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\flask\_compat.py", line 33, in reraise
raise value
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\flask\app.py", line 1988, in wsgi_app
response = self.full_dispatch_request()
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\flask\app.py", line 1641, in full_dispatch_request
rv = self.handle_user_exception(e)
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\flask\app.py", line 1544, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\flask\_compat.py", line 33, in reraise
raise value
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\flask\app.py", line 1639, in full_dispatch_request
rv = self.dispatch_request()
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\flask\app.py", line 1625, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "C:\Users\user\Documents\test\app\views.py", line 23, in login
group = adgroup.ADGroup.from_dn('CN=someCN,OU=someOU1,OU=someOU2,DC=test,DC=domain,DC=com,DC=somecountry')
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\pyad\adobject.py", line 131, in from_dn
return cls(distinguished_name, None, options)
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\pyad\adobject.py", line 88, in __init__
self.__set_adsi_obj()
File "C:\Users\user\AppData\Local\Continuum\Anaconda3\lib\site-packages\pyad\adobject.py", line 76, in __set_adsi_obj
self._ldap_adsi_obj = self.adsi_provider.getObject('', self.__ads_path)
File "<COMObject ADsNameSpaces>", line 2, in getObject

pywintypes.com_error: (-2147352567, 'Exception occurred.', (0, None, None, None, 0, -2147221020), None)
4

1 回答 1

0

我能够通过在 python2 32 位环境中运行相同的代码来减轻这个错误。

不确定这是否是一种选择,但值得一试。

于 2017-12-11T15:42:47.710 回答