我正在尝试基于LDAP条件实现身份验证,我无法理解如何实现这一点。
我的项目已经使用了Django的内置身份验证系统,它运行良好,看起来像这样:
# urls.py
from django.conf.urls import include, url
from django.contrib import admin
from django.contrib.auth import views
from coffee_app.forms import LoginForm
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'', include('coffee_app.urls')),
url(r'^login/$', views.login, {'template_name': 'login.html', 'authentication_form': LoginForm}, name='login'),
url(r'^logout/$', views.logout, {'next_page': '/login'}, name='logout'),
]
# forms.py
from django.contrib.auth.forms import AuthenticationForm
from django import forms
class LoginForm(AuthenticationForm):
username = forms.CharField(label="Username", max_length=32,
widget=forms.TextInput(attrs={
'class': 'form-control',
'name': 'username'
}))
password = forms.CharField(label="Password", max_length=20,
widget=forms.PasswordInput(attrs={
'class': 'form-control',
'name': 'password'
}))
<!--login.html (relevant part)-->
<form class="form-horizontal" action="{% url 'login' %}" method="post" id="contact_form">
{% csrf_token %}
<fieldset>
<div class="form-group">
<label class="col-md-4 control-label">{{ form.username.label_tag }}</label>
<div class="col-md-4 inputGroupContainer">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
{{ form.username }}
</div>
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" >{{ form.password.label_tag }}</label>
<div class="col-md-4 inputGroupContainer">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
{{ form.password }}
</div>
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label"></label>
<div class="col-md-4 text-center">
<br>
<button value="login" type="submit" class="btn btn-warning" >
LOG IN
<span class="glyphicon glyphicon-send"></span>
</button>
</div>
</div>
</fieldset>
<input type="hidden" name="next" value="{{ next }}"/>
</form>
现在,我正在尝试做的是在进入初始Django身份验证之前验证用户是否存在于LDAP中:
from ldap3 import Server, Connection, ALL, NTLM
server = Server('server here', get_info=ALL, use_ssl=True)
conn = Connection(server,
user='DOMAIN\\username',
password='password',
authentication=NTLM)
print(conn.bind())
如果conn.bind()返回True,我想进一步使用Django的内置身份验证系统并对用户进行身份验证。不幸的是,我不知道在何处/如何添加此步骤以实现此目的。
有些观点看起来像这样:
from django.shortcuts import render
from django.http import HttpResponse
from django.contrib.auth.decorators import login_required
@login_required(login_url="login/")
def home(request):
return render(request, "home.html")
@login_required(login_url="login/")
def activity_report_page(request):
return render(request, "activity_report.html")
...
他们的网址:
from django.conf.urls import url
from . import views
urlpatterns = [
url(r'^$', views.home, name='home'),
url(r'report$', views.activity_report_page, name='activity_report')
]
有人可以指出我应该在哪里添加LDAP代码,以便我可以先验证用户是否存在?
PS:我没有考虑使用django-auth-ldap,因为我真的不需要一个纯粹的基于LDAP身份验证的系统。只是一个简单的验证。
你想要customize authentication in Django,你更特别想要write an authentication backend。我假设您的项目名为'coffee_site',并且您拥有应用'coffee_app'。你首先要改变coffee_site/settings.py,并将AUTHENTICATION_BACKENDS = ['coffee_site.auth.LDAP']附加到它上面。在此之后,你想制作和编辑coffee_site/auth.py。正如你在问题中所说,你想使用默认的身份验证,所以你应该从django.contrib.auth.backends.ModelBackend继承,然后你想要这样做,如果conn.bind()不是True,那么你不使用默认身份验证,所以你应该返回None。这可以通过以下方式实现:
from django.contrib.auth.backends import ModelBackend
from ldap3 import Server, Connection, ALL, NTLM
server = Server('server here', get_info=ALL, use_ssl=True)
class LDAP(ModelBackend):
def authenticate(self, *args, **kwargs):
username = kwargs.get('username')
password = kwargs.get('password')
if username is None or password is None:
return None
conn = Connection(server,
user='DOMAIN\\{}'.format(username),
password=password,
authentication=NTLM)
if not conn.bind():
return None
return super().authenticate(*args, **kwargs)
注意:我在Django方面检查了这个,但我没有努力检查LDAP代码是否有效。