问题描述
我在通过 LDAP 身份验证为 Active Directory 构建的自定义身份验证后端遇到问题.
I'm having a problem with a custom Authentication Backend I've built for an Active Directory via LDAP authentication.
问题是,从管理员登录页面,在它正确验证并在数据库中创建新用户(或从 LDAP 服务器更新他们的信息)之后,但随后将我返回到管理员登录页面,表明我未能请输入有效的用户名和密码.
The problem is that from the admin login page, after it properly authenticates and creates the new user in the database (or updates their info from the LDAP server), but then returns me to the admin login page indicating that I failed to enter a valid username and password.
考虑到它在 django 数据库中对用户进行身份验证和创建/更新,我做错了什么?
Considering it authenticates and creates/updates the user in the django database, what am I doing wrong?
代码:
import ldap
import re
from django.conf import ad_settings
grps = re.compile(r'CN=(w+)').findall
def anyof(short_group_list, adu):
all_groups_of_user = set(g for gs in adu.get('memberOf',()) for g in grps(gs))
return any(g for g in short_group_list if g in all_groups_of_user)
class ActiveDirectoryBackend(ModelBackend):
"""
This backend utilizes an ActiveDirectory server via LDAP to authenticate
users, creating them in Django if they don't already exist.
"""
def authenticate(self, username=None, password=None):
con = None
ldap.set_option(ldap.OPT_REFERRALS, 0)
try:
con = ldap.initialize('ldap://%s:%s' % (ad_settings.AD_DNS_NAME,
ad_settings.AD_LDAP_PORT))
con.simple_bind_s(username+"@"+ad_settings.AD_DNS_NAME, password)
ADUser = con.search_ext_s(ad_settings.AD_SEARCH_DN,
ldap.SCOPE_SUBTREE,
"sAMAccountName=%s" % username,
ad_settings.AD_SEARCH_FIELDS)[0][1]
con.unbind()
except ldap.LDAPError:
return None
# Does user belong to appropriate AD group?
if not anyof(ad_settings.PROJECTCODE,ADUser):
return None
# Does user already exist in Django?
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
#create Django user
user = User(username=username, is_staff = True, is_superuser = False)
#Update User info from AD
if ADUser.has_key('givenName'):
user.first_name = ADUser.get('givenName')[0]
if ADUser.has_key('sn'):
user.last_name = ADUser.get('sn')[0]
if ADUser.has_key('mail'):
user.email = ADUser.get('mail')[0]
# Does not store password in Django.
user.set_unusable_password()
user.save()
return user
想通了.除非他们处于活动状态,否则用户无法登录(即使文档没有说明).因此,在给出的代码中,创建新用户的行应如下所示:
Figured out. Users cannot log in unless they are active (even though the documentation does not say that). Therefore, in the code given, the line that creates the new user should look like:
user = User(username=username, is_staff = True, is_Active = True,
is_superuser = False)
推荐答案
想通了.除非他们处于活动状态,否则用户无法登录(即使文档没有说明).因此,在给出的代码中,创建新用户的行应如下所示:
Figured out. Users cannot log in unless they are active (even though the documentation does not say that). Therefore, in the code given, the line that creates the new user should look like:
user = User(username=username, is_staff = True, is_Active = True,
is_superuser = False)
这篇关于Django 的自定义身份验证后端问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!