Re: Strange problem with LDAP authentication backend

Wed, 12 Aug 2009 10:04:03 -0700 

David, you are a champ, thank you.
I find it strange that this made the difference, since this line is in
the docs:

"The get_user method takes a user_id -- which could be a username,
database ID or whatever -- and returns a User object."

But, making the change to user_id worked just fine. For eveyone's
reference, here is a working (simple) backend for an open directory
server, using sasl cram_md5, with a self-signed certificate:

from django.contrib.auth.models import
User
import ldap
import
ldap.sasl

class LDAPBackend:
    def authenticate(self, username=None,
password=None):
        if username and
password:
            ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER)
            directory = 'ldaps://MYSERVERURL'
            base_dn =
'MYBASEDN'
            scope =
ldap.SCOPE_SUBTREE
            con = ldap.initialize
(directory)
            auth_tokens = ldap.sasl.cram_md5(username, password)
            try:
                con.sasl_interactive_bind_s("", auth_tokens)
            except ldap.LDAPError:
                return
None
            con.unbind()
            try:
                user = User.objects.get
(username=username)
                print
user
                return
user
            except
User.DoesNotExist:
                return
None

    def get_user(self,
user_id):
        try:
           user = User.objects.get
(id=user_id)
           return user
        except User.DoesNotExist:
            return None

Many thanks again to David and Peter.

Brenton.

On Aug 12, 12:31 pm, David De La Harpe Golden
<david.delaharpe.gol...@ichec.ie> wrote:
> stupidgeek wrote:
> >     def get_user(self, username):
> >         try:
> >            user = User.objects.get(username=username)
> >            print user
> >            return user
> >         except User.DoesNotExist:
> >             return None
>
> Note part of the auth backend protocol AFAICS involves calling
> get_user() itself* (not just authenticate()), and it is expected to take
> a user_id arg, not username, i.e. you very likely need it to be:
>
> def get_user(self, user_id):
>     try:
>        return User.objects.get(pk=user_id)
>     except User.DoesNotExist:
>        return None
>
> * django/contrib/auth/__init__.py
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to