根据组成员身份使用Flask-LDAP3-Login进行身份验证 [英] Authenticate with Flask-LDAP3-Login based on group membership
问题描述
我是Flask的新手,正在尝试Flask-LDAP3-Login.
I'm new to Flask and I'm trying out Flask-LDAP3-Login.
I've followed the documentation here and i have it working which is great: https://flask-ldap3-login.readthedocs.io/en/latest/index.html
如何根据用户是否是特定组的成员来对用户进行身份验证?我看到文档中提到了组过滤,但是我不确定如何将它们放在一起.
How would i go about authenticating a user based on whether they are a member of a specific group? I see the docs mention group filtering but i'm not sure how to put it all together.
推荐答案
如果有人好奇,我可以通过以下操作自己解决:
If anyone is curious, i solved this myself doing the following:
首先,我使用此处的步骤将Flask-ldap3-login与Flask-SQLAlchemy集成在一起-
First, i integrated flask-ldap3-login with Flask-SQLAlchemy using steps here - https://github.com/nickw444/flask-ldap3-login/issues/26
我的保存用户方法现在看起来像这样:
My save user method now looks like this:
@ldap_manager.save_user
def save_user(dn, username, data, memberships):
id=int(data.get("uidNumber"))
if 'group-goes-here' in data.get("memberOf"):
user=User.query.filter_by(id=id).first()
if not user:
user=User(
id=int(id),
dn=dn,
username=username,
email=data['mail'],
firstname=data['givenName'],
lastname=data['sn']
)
db.session.add(user)
db.session.commit()
return user
因此,基本上,只要用户输入了有效的LDAP凭据,它就会进入AD来检索其组成员身份,并在data.get("memberOf")中添加一个简单的if'group-goes-here':确定是否将用户保存在我的用户模型并将其返回给处理程序.
So basically provided the user enters valid LDAP credentials it goes to AD to retrieve their group memberships and its a simple if 'group-goes-here' in data.get("memberOf"): determines whether to save the user in my User model and return it back to the handler.
@auth.route('/login', methods=['GET', 'POST'])
def login():
# Redirect users who are not logged in.
form = LDAPLoginForm()
if form.validate_on_submit():
if form.user:
login_user(form.user)
else:
flash('Login Failed', 'warning')
return redirect(url_for('auth.login'))
return redirect(url_for('main.home'))
希望这会有所帮助!
这篇关于根据组成员身份使用Flask-LDAP3-Login进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!