首页 文章

Django的自定义身份验证后端问题

提问于
浏览
9

我遇到了自定义身份验证后端的问题,我是通过LDAP身份验证为Active Directory构建的 .

问题是从管理员登录页面,在它正确地验证并在数据库中创建新用户(或从LDAP服务器更新其信息)之后,然后将我返回到管理员登录页面,指示我未能输入有效用户名和密码 .

考虑到它在django数据库中验证并创建/更新用户,我做错了什么?

代码:

import ldap
import re
from django.conf import ad_settings
grps = re.compile(r'CN=(\w+)').findall

def anyof(short_group_list, adu):
    all_groups_of_user = set(g for gs in adu.get('memberOf',()) for g in grps(gs))
    return any(g for g in short_group_list if g in all_groups_of_user)

class ActiveDirectoryBackend(ModelBackend):
    """
    This backend utilizes an ActiveDirectory server via LDAP to authenticate
    users, creating them in Django if they don't already exist.
    """

    def authenticate(self, username=None, password=None):
        con = None
        ldap.set_option(ldap.OPT_REFERRALS, 0)
        try:
            con = ldap.initialize('ldap://%s:%s' % (ad_settings.AD_DNS_NAME,
                  ad_settings.AD_LDAP_PORT))
            con.simple_bind_s(username+"@"+ad_settings.AD_DNS_NAME, password)
            ADUser = con.search_ext_s(ad_settings.AD_SEARCH_DN,
                                      ldap.SCOPE_SUBTREE,
                                      "sAMAccountName=%s" % username,
                                      ad_settings.AD_SEARCH_FIELDS)[0][1]
            con.unbind()
        except ldap.LDAPError:
            return None
        # Does user belong to appropriate AD group?
        if not anyof(ad_settings.PROJECTCODE,ADUser):
            return None

        # Does user already exist in Django?
        try:
            user = User.objects.get(username=username)
        except User.DoesNotExist:
            #create Django user
            user = User(username=username, is_staff = True, is_superuser = False)
        #Update User info from AD
        if ADUser.has_key('givenName'):
            user.first_name = ADUser.get('givenName')[0]
        if ADUser.has_key('sn'):
            user.last_name = ADUser.get('sn')[0]
        if ADUser.has_key('mail'):
            user.email = ADUser.get('mail')[0]

        # Does not store password in Django.
        user.set_unusable_password()
        user.save()
        return user

编辑:想通了 . 用户无法登录,除非它们处于活动状态(即使文档没有说明) . 因此,在给定的代码中,创建新用户的行应如下所示:

user = User(username=username, is_staff = True, is_Active = True, 
                    is_superuser = False)

1 回答

  • 3

    想通了 . 用户无法登录,除非它们处于活动状态(即使文档没有说明) . 因此,在给定的代码中,创建新用户的行应如下所示:

    user = User(username=username, is_staff = True, is_Active = True, 
                    is_superuser = False)
    

相关问题