了解 Django-LDAP 身份验证 [英] Understanding Django-LDAP authentication

问题描述

我是 Django 新手，我被分配了以 LDAP 作为后端实现用户身份验证系统的任务.我猜 documentation 假设最终开发人员在 Django 方面有足够的经验能够了解和实施这样的系统.这是我无法理解如何使用基于 LDAP 的身份验证实现简单 django 应用程序的地方.以下是我目前所理解的:

I am new to Django and have been assigned the task of implementing a user authentication system with LDAP as the backend. I guess the documentation assumes that the end developer has enough experience in Django to be able to understand and implement such a system. This is where I fail to understand how to implement a simple django application with LDAP based authentication. Here is what I have understood so far:

仅将更改发布到文件:

settings.py
....
import ldap
from django_auth_ldap.config import LDAPSearch

AUTH_LDAP_SERVER_URI = "ldap://<my url>" 
AUTHENTICATION_BACKENDS = ('django_auth_ldap.backend.LDAPBackend')

AUTH_LDAP_CONNECTION_OPTIONS = { 
    ldap.OPT_REFERRALS: 0
}

MIDDLEWARE_CLASSES = ( 
     ....
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    ...
)

INSTALLED_APPS = ( 
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    ....
)

auth.html

<html>
    <head>
        <title>Login</title>
    </head>
    <body>
        {{state}}
        <form action="" method="post"> {% csrf_token %}
            Email address: <input type="text" name="email" value="{{ email }}" />
            Password: <input type="password" name="password" value="" />
            <input type="submit" value="Log in" />
        </form>
    </body>
</html>

models.py:

??

views.py:

from django.shortcuts import render_to_response
from django.contrib.auth import authenticate, login
from django.template import RequestContext


def login_user(request):

    username = password = ""
    state = ""

    if request.POST:
        username = request.POST.get('username')
        password = request.POST.get('password')

        print username, password

        user = authenticate(username=username, password=password)
        if user is not None:
            login(request, user)
            state = "Valid account"
        else:
            state = "Inactive account"
    return render_to_response('auth_user/auth.html', RequestContext(request, {'state': state, 'username': username}))

我无法理解什么?

1> 我很确定我必须在 views.py 中实现一个函数来获取 email 和 POST 值代码>密码并验证它，例如:[SO].该文档指定实现搜索/绑定或直接绑定.为什么?如果 views.py 将包含实际的身份验证代码，那么文档中指定的代码是做什么的?

1> I am pretty sure I would have to implement a function in views.py to get the POST values for email and password and validate it, e.g: [SO]. The documentation specifies to either implement a Search/Bind or Direct Bind. Why? If the views.py would contain the actual piece of authentication code, what is the code doing specified in the documentation?

2> 如果 views.py 会执行实际的身份验证，那么为什么我们需要文档中指定的变量?

2> If the views.py would perform the actual auth, then why do we need the variable specified in the documentation?

3> 作者在这个库方面做得很好，但文档没有提供一个简单的准系统示例来说明如何使用 LDAP 实现整个身份验证系统.如果存在，任何人都可以指出这样的资源吗?要实现这样的系统，需要添加/修改的文件并不容易理解.

3> The author has done a great job with the library, but the documentation does not provide with a simple barebones example of how to implement the entire authentication system with LDAP. Can anyone please point to such a resource, if it exists? It is not easy to understand the files that need to be added/modified to implement such a system.

推荐答案

这个页面可能有你要找的东西:https://pypi.python.org/pypi/django-auth-ldap 关于 LDAP 后端.你很幸运有一个存在，所以你不必自己编写身份验证后端:-)

This page might have what you are looking for: https://pypi.python.org/pypi/django-auth-ldap concerning the LDAP backend. You are lucky that one exists, so you don't have to code an auth backend yourself :-)

基本上 django.contrib.auth.models 已经有一个 User 对象，其中包含您需要的有关用户的所有信息.所以你不需要创建一个新的models.py.

Basically django.contrib.auth.models already has a User object that contains everything you need about the user. So you don't need to create a new models.py.

你只需要在你的views.py中验证你自己的身份，在一个登录功能中，使用

You just need to authenticate yourself in your views.py, in a login function, using

from django.contrib.auth import authenticate, login
user = authenticate(username=request.REQUEST.get('email'), password=request.REQUEST.get('password'))
# handle error cases, inactive users, ...
login(request, user)

如果用户为无，则身份验证失败.如果没有，您可以探索这个对象，看看后端为您提取了什么.

If user is None, then authentication failed. If not, you can explore this object to see what has the backend pulled for you.

然后，如果您希望将此应用程序的 Preferences 链接到此用户，而不是 LDAP 的一部分，您可以选择创建另一个模型，并将 User 作为 foreignKey.

Then, you can elect to create another model with User as a foreignKey if you want to keep Preferences linked to this User for this application but nor part of the LDAP.

在这种情况下，您将需要:

In this case, you will need:

Models.py

根据您的应用定义对您很重要的数据.您将从 LDAP 中提取用户数据，并用它和其他与用户关联的首选项填充此模型:

The definition of the data that is important to you based on your application. You are going to pull the user data from the LDAP, and fill up this model with it and other preferences linked to the User:

from django.contrib.auth.models import User    

class Profile(models.Model):
    """User profile.  Contains some basic configurable settings"""
    user = models.ForeignKey(User, unique=True)
    phone_number = models.CharField(max_length=256, blank=True, default='')
    ...

Views.py

• 在登录函数中，如果 request.method == 'POST'，则 get_or_create 使用您刚刚从身份验证获得的用户创建用户配置文件.

• in the login function, if request.method == 'POST', then get_or_create the user profile using the user your just got from authenticate.

profile, profile_is_new = Profile.objects.get_or_create(user=user)

这篇关于了解 Django-LDAP 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！