将 LDAP 用户导入 django 数据库 [英] Importing LDAP users into django database

问题描述

我想将 ActiveDirectory 数据库的用户导入 Django.为此，我正在尝试使用 django_auth_ldap 模块.

I want to import the users of a ActiveDirectory database into Django. To this end I'm trying to use the django_auth_ldap module.

这是我已经尝试过的:

在我的 settings.py 中:

in my settings.py :

AUTH_LDAP_SERVER_URI = "ldap://example.fr"

AUTH_LDAP_BIND_DN = 'cn=a_user,dc=example,dc=fr'
AUTH_LDAP_BIND_PASSWORD=''
AUTH_LDAP_USER_SEARCH = LDAPSearch('ou=users,dc=example,dc=fr', ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch('ou=groups,dc=example,dc=fr', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)')

AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()

#Populate the Django user from the LDAP directory
AUTH_LDAP_USER_ATTR_MAP = {
    'first_name': 'sAMAccountName',
    'last_name': 'displayName',
    'email': 'mail'
}


AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

然后我调用 python manage.py syncdb 没有结果.没有警告，没有错误，auth_user 表中没有任何更新.有什么明显的我忘了做吗?

Then I call python manage.py syncdb with no result. No warning, no error, nothing updataed in the auth_user table. Is there something obvious I forgot to do ?

推荐答案

查看 的文档django_auth_ldap 似乎该模块实际上并没有遍历 LDAP 用户并将它们加载到数据库中.相反，它根据 LDAP 对用户进行身份验证，然后在 auth_users 中添加或更新它们，并使用它在用户登录时从 LDAP 获得的信息.

Looking at the documentation for django_auth_ldap it appears that the module doesn't actually walk through LDAP users and load them into the database. Instead, it authenticates a user against LDAP, and then adds or updates them in auth_users with the information it gets from LDAP when the user logs in.

如果您想使用 Active Directory 中的所有用户预先填充数据库，那么您似乎需要编写一个脚本来直接查询 AD 并插入用户.

If you want to pre-populate the database with all of the users in Active Directory then it looks like you'll need to write a script that queries AD directly and insert the users.

这样的事情应该可以帮助您入门:

Something like this should get you started:

import ldap

l = ldap.initialize('ldap://your_ldap_server') # or ldaps://
l.simple_bind_s("cn=a_user,dc=example,dc=fr")
users = l.search_ext_s("memberOf=YourUserGroup",
                         ldap.SCOPE_SUBTREE, 
                         "(sAMAccountName=a_user)", 
                         attrlist=["sAMAccountName", "displayName","mail"])

# users is now an array of members who match your search criteria.
# *Each* user will look something like this:
# [["Firstname"],["LastName"],["some@email.address"]]
# Note that each field is in an array, even if there is only one value.
# If you only want the first value from each, you can transform the results:
# users = [[field[0] for field in user] for user in users]

# That will transform each row into something like this:
# ["Firstname", "Lastname", "some@email.address"]

# TODO -- add to the database.

我已将数据库更新留给您，因为我没有关于您的设置的任何信息.

I have left the database update to you, since I don't have any information about your setup.

如果您需要有关 LDAP 查询的更多信息，请查看 Stackoverflow 上的 LDAP 问题——我还发现 这篇文章是一个帮助.

If you need more information about LDAP queries, check out the LDAP questions here on Stackoverflow -- and I also found this article to be a help.

这篇关于将 LDAP 用户导入 django 数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！