django_auth_ldap

使用django_auth_ldap來實現ldap和django本身的認證系統auth

下載插件 python-ldap和django_auth_ldap

配置settings.py

一些基本說明:

設置Ldap的host地址和指定端口號

AUTH_LDAP_SERVER_URI = "ldap://"  

若是Ldap不能匿名訪問需設定好指定的id和密碼 

AUTH_LDAP_BIND_DN = ""

AUTH_LDAP_BIND_PASSWORD = ""

若是上一步認證成功，則會在如下路徑檢索登陸用戶user，

user是登陸頁面傳遞進來的，若是在Ldap中有該用戶，在匹配密碼進行認證

AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=Employees,OU=Cisco Users,DC=cisco,DC=com",

ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")

認證成功後會把如下信息同步到auth本身的auth_user表中

AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
} 

INSTALLED_APPS = (
    'django.contrib.auth',     
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
)

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
)


DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': '',
        'USER':'',
        'PASSWORD':'',
    }
}

import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType


# Baseline configuration.
AUTH_LDAP_SERVER_URI = "ldap://"
AUTH_LDAP_CONNECTION_OPTIONS = { 
    ldap.OPT_REFERRALS: 0
}

AUTH_LDAP_BIND_DN = ""               
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=,OU=,DC=,DC=com",
    ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")
# AUTH_LDAP_USER_DN_TEMPLATE = "sAMAccountName=%(user)s,OU=Employees,OU=Cisco Users,DC=cisco,DC=com"

# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}

# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True

# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True

# Cache group memberships for an hour to minimize LDAP traffic
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600


# Keep ModelBackend around for per-user permissions and maybe a local
# superuser.
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)