Hello,
I took the code from http://www.carthage.edu/webdev/?p=12, adapted it
and generalized it so you can specify LDAP server and other
configuration items in settings.py.
>From the README :
===
LDAP authentication backend for Django.
The following variables must be set in your settings.py :
-
AUTH_LDAP_SERVER = 'ldapserver.yourdomain.com'
AUTH_LDAP_PORT = 389
AUTH_LDAP_DOMAIN = 'yourdomain.com'
AUTH_LDAP_SEARCH_STRING = "uid=%s,ou=People,dc=yourdomain,dc=com"
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.ldap_backend.LDAPBackend',
)
-
The %s in AUTH_LDAP_SEARCH_STRING will be replaced with the username.
There is no explicit copyright in the code found at
http://www.carthage.edu/webdev/?p=12,
so this code is released under public domain, hoping the original
author agrees with that.
===
The code :
===
# Based on http://www.carthage.edu/webdev/?p=12
#
# There is no explicit copyright in the original code,
# so this code is released under public domain, hoping
# the original author agrees with that.
import ldap
from django.contrib.auth.models import User
from django.conf import settings
class LDAPBackend:
def authenticate(self, username=None, password=None):
# Authenticate the base user so we can search
try:
l = ldap.open(settings.AUTH_LDAP_SERVER,
settings.AUTH_LDAP_PORT)
l.protocol_version = ldap.VERSION3
l.simple_bind_s(settings.AUTH_LDAP_SEARCH_STRING %
username, password)
except ldap.INVALID_CREDENTIALS:
# Name or password were bad. Fail.
return None
try:
user = User.objects.get(username__exact=username)
except:
# Theoretical backdoor could be input right here. We don't
# want that, so input an unused random password here.
# The reason this is a backdoor is because we create a
# User object for LDAP users so we can get permissions,
# however we -don't- want them able to login without
# going through LDAP with this user. So we effectively
# disable their non-LDAP login ability by setting it to a
# random password that is not given to them. In this way,
# static users that don't go through ldap can still login
# properly, and LDAP users still have a User object.
from random import choice
import string
temp_pass = ""
for i in range(8):
temp_pass = temp_pass + choice(string.letters)
user = User.objects.create_user(username,
username + '@' + settings.AUTH_LDAP_DOMAIN,
temp_pass)
user.is_staff = False
user.save()
# Success.
return user
def get_user(self, user_id):
""" Used by Django to get the user object onced logged in"""
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
===
Copy the code into
/usr/lib/python2.4/site-packages/django/contrib/auth/ldap_backend.py
Guillaume Pratte
--
Any views and opinions expressed in this email are solely those of the
author and do not necessarily represent those of Revolution Linux.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users
-~--~~~~--~~--~--~---