根据组成员身份使用Flask-LDAP3-Login进行身份验证 [英] Authenticate with Flask-LDAP3-Login based on group membership

问题描述

我是Flask的新手，正在尝试Flask-LDAP3-Login.

I'm new to Flask and I'm trying out Flask-LDAP3-Login.

我已经按照此处的文档进行操作，并且效果很好:

I've followed the documentation here and i have it working which is great: https://flask-ldap3-login.readthedocs.io/en/latest/index.html

如何根据用户是否是特定组的成员来对用户进行身份验证?我看到文档中提到了组过滤，但是我不确定如何将它们放在一起.

How would i go about authenticating a user based on whether they are a member of a specific group? I see the docs mention group filtering but i'm not sure how to put it all together.

推荐答案

如果有人好奇，我可以通过以下操作自己解决:

If anyone is curious, i solved this myself doing the following:

首先，我使用此处的步骤将Flask-ldap3-login与Flask-SQLAlchemy集成在一起-

First, i integrated flask-ldap3-login with Flask-SQLAlchemy using steps here - https://github.com/nickw444/flask-ldap3-login/issues/26

我的保存用户方法现在看起来像这样:

My save user method now looks like this:

@ldap_manager.save_user
def save_user(dn, username, data, memberships):
    id=int(data.get("uidNumber"))
    if 'group-goes-here' in data.get("memberOf"):
        user=User.query.filter_by(id=id).first()
        if not user:
            user=User(
                id=int(id),
                dn=dn,
                username=username,
                email=data['mail'],
                firstname=data['givenName'],
                lastname=data['sn']
            )
            db.session.add(user)
            db.session.commit()

        return user

因此，基本上，只要用户输入了有效的LDAP凭据，它就会进入AD来检索其组成员身份，并在data.get("memberOf")中添加一个简单的if'group-goes-here':确定是否将用户保存在我的用户模型并将其返回给处理程序.

So basically provided the user enters valid LDAP credentials it goes to AD to retrieve their group memberships and its a simple if 'group-goes-here' in data.get("memberOf"): determines whether to save the user in my User model and return it back to the handler.

@auth.route('/login', methods=['GET', 'POST'])
def login():
    # Redirect users who are not logged in.
    form = LDAPLoginForm()
    if form.validate_on_submit():
        if form.user:
            login_user(form.user)
        else:
            flash('Login Failed', 'warning')
            return redirect(url_for('auth.login'))
        return redirect(url_for('main.home'))

希望这会有所帮助！

这篇关于根据组成员身份使用Flask-LDAP3-Login进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！