了解Django的LDAP认证 [英] Understanding Django-LDAP authentication

问题描述

我是新Django和已分配实现用户认证系统与LDAP作为后端的任务。我猜文档假定最终开发者在Django足够的经验，能够理解并执行这样的一个系统。这是我不明白如何实现与基于LDAP验证一个简单的Django应用程序。以下是我迄今了解：

I am new to Django and have been assigned the task of implementing a user authentication system with LDAP as the backend. I guess the documentation assumes that the end developer has enough experience in Django to be able to understand and implement such a system. This is where I fail to understand how to implement a simple django application with LDAP based authentication. Here is what I have understood so far:

只张贴对文件的更改：

settings.py
....
import ldap
from django_auth_ldap.config import LDAPSearch

AUTH_LDAP_SERVER_URI = "ldap://<my url>" 
AUTHENTICATION_BACKENDS = ('django_auth_ldap.backend.LDAPBackend')

AUTH_LDAP_CONNECTION_OPTIONS = { 
    ldap.OPT_REFERRALS: 0
}

MIDDLEWARE_CLASSES = ( 
     ....
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    ...
)

INSTALLED_APPS = ( 
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    ....
)

auth.html

auth.html

<html>
    <head>
        <title>Login</title>
    </head>
    <body>
        {{state}}
        <form action="" method="post"> {% csrf_token %}
            Email address: <input type="text" name="email" value="{{ email }}" />
            Password: <input type="password" name="password" value="" />
            <input type="submit" value="Log in" />
        </form>
    </body>
</html>

models.py：

models.py:

??

views.py：

views.py:

from django.shortcuts import render_to_response
from django.contrib.auth import authenticate, login
from django.template import RequestContext


def login_user(request):

    username = password = ""
    state = ""

    if request.POST:
        username = request.POST.get('username')
        password = request.POST.get('password')

        print username, password

        user = authenticate(username=username, password=password)
        if user is not None:
            login(request, user)
            state = "Valid account"
        else:
            state = "Inactive account"
    return render_to_response('auth_user/auth.html', RequestContext(request, {'state': state, 'username': username}))

我什么不能理解？

What I am not able to understand?

1>我是pretty肯定我将不得不实施 views.py 获得 POST 电子邮件和密码并验证它，<一个$ C>值href=\"http://stackoverflow.com/questions/18184686/how-to-maintain-ldap-authentication-across-django-views/18198229#18198229\">e.g: [SO] 。该文件规定执行一项搜索/绑定或直接绑定。为什么？如果 views.py 将包含实际的片验证code，什么是在文档中做着规定的code？

1> I am pretty sure I would have to implement a function in views.py to get the POST values for email and password and validate it, e.g: [SO]. The documentation specifies to either implement a Search/Bind or Direct Bind. Why? If the views.py would contain the actual piece of authentication code, what is the code doing specified in the documentation?

2>如果 views.py 将执行实际的身份验证，那么为什么我们需要在文件中指定的变量？

2> If the views.py would perform the actual auth, then why do we need the variable specified in the documentation?

3>作者做与库非常出色，但文档不与如何使用LDAP实现整个认证系统一个简单的例子准系统提供。任何人都可以请指出这样的资源，如果它的存在？这是不容易理解，需要添加/修改的文件来实现这样的系统。

3> The author has done a great job with the library, but the documentation does not provide with a simple barebones example of how to implement the entire authentication system with LDAP. Can anyone please point to such a resource, if it exists? It is not easy to understand the files that need to be added/modified to implement such a system.

推荐答案

本页面可能有你在找什么： HTTP： //pythonhosted.org/django-auth-ldap/ 有关LDAP后端。你是幸运的那一个存在，所以你不必code的auth后端自己： - ）

This page might have what you are looking for: http://pythonhosted.org/django-auth-ldap/ concerning the LDAP backend. You are lucky that one exists, so you don't have to code an auth backend yourself :-)

基本上django.contrib.auth.models已经包含您需要了解用户的一切User对象。所以，你不需要创建一个新的models.py。

Basically django.contrib.auth.models already has a User object that contains everything you need about the user. So you don't need to create a new models.py.

您只需要验证自己关在views.py，在登录的功能，用

You just need to authenticate yourself in your views.py, in a login function, using

from django.contrib.auth import authenticate, login
user = authenticate(username=request.REQUEST.get('email'), password=request.REQUEST.get('password'))
# handle error cases, inactive users, ...
login(request, user)

如果用户是无，则验证失败。如果没有，你可以探索这个对象，看看有什么有拉你的后端。

If user is None, then authentication failed. If not, you can explore this object to see what has the backend pulled for you.

然后，您可以选择创建用户另一个模型作为ForeignKey的，如果你想保留与此用户对这个应用程序，但也不是LDAP的一部分preferences。

Then, you can elect to create another model with User as a foreignKey if you want to keep Preferences linked to this User for this application but nor part of the LDAP.

在这种情况下，你将需要：

In this case, you will need:

Models.py

根据您的应用程序是对你很重要的数据的定义。你将会从LDAP拉动用户的数据，填补了这一模式与它连接到其他用户preferences：

The definition of the data that is important to you based on your application. You are going to pull the user data from the LDAP, and fill up this model with it and other preferences linked to the User:

from django.contrib.auth.models import User    

class Profile(models.Model):
    """User profile.  Contains some basic configurable settings"""
    user = models.ForeignKey(User, unique=True)
    phone_number = models.CharField(max_length=256, blank=True, default='')
    ...

Views.py

• 在登录功能，如果request.method =='POST'，然后使用用户get_or_create用户配置文件您刚刚从身份验证了。

• in the login function, if request.method == 'POST', then get_or_create the user profile using the user your just got from authenticate.

profile, profile_is_new = Profile.objects.get_or_create(user=user)

这篇关于了解Django的LDAP认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！