在Django中使用LDAP进行身份验证
- 安装ldap模块:
pip install ldap3
- 在Django的settings.py文件中配置LDAP:
import ldap3 AUTHENTICATION_BACKENDS = [ 'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', ] # LDAP认证设置 AUTH_LDAP_SERVER_URI = 'ldap://ldap.example.com:389' AUTH_LDAP_BIND_DN = 'cn=admin,dc=example,dc=com' AUTH_LDAP_BIND_PASSWORD = 'password' AUTH_LDAP_USER_SEARCH = ldap3.ObjectDef( 'dc=example,dc=com', ldap3.constants.SUBTREE, '(uid=%(user)s)', ['uid', 'cn', 'mail', 'group'] ) # 设置用户属性映射 AUTH_LDAP_USER_ATTR_MAP = { 'username': 'uid', 'first_name': 'cn', 'email': 'mail', 'groups': 'group', } # 分组映射 AUTH_LDAP_GROUP_TYPE = ldap3.AD_GROUP_TYPE_GLOBAL_GROUP AUTH_LDAP_MIRROR_GROUPS = True AUTH_LDAP_GROUP_SEARCH = ldap3.ObjectDef( 'ou=Groups,dc=example,dc=com', ldap3.constants.SUBTREE, '(objectClass=groupOfNames)', ['cn', 'member'] ) # 设置群组属性映射 AUTH_LDAP_GROUP_TYPE_PARAMS = { 'name_attr': 'cn', 'member_attr': 'member', 'user_relation': ldap3.AD_MEMBER_OF, } # 启用TLS AUTH_LDAP_START_TLS = True
- 创建一个AuthView视图,用于处理身份验证请求:
from django.views.generic import View from django.shortcuts import render, redirect from django.contrib.auth import authenticate, login, logout class AuthView(View): template_name = 'auth.html' def get(self, request): if request.user.is_authenticated: return redirect('home') return render(request, self.template_name) def post(self, request): username = request.POST.get('username') password = request.POST.get('password') user = authenticate(request, username=username, password=password) if user is not None: login(request, user) return redirect('home') else: return render(request, self.template_name, {'error': 'Invalid credentials'})
- 创建一个logout视图,用于处理用户注销请求:
from django.contrib.auth import logout from django.shortcuts import redirect def logout_view(request): logout(request) return redirect('login')
- 在urls.py文件中添加路由:
from django.urls import path from .views import AuthView, logout_view urlpatterns = [ path('', AuthView.as_view(), name='login'), path('logout/', logout_view, name='logout'), ]
- 在模板中添加登录表单:
<form method="post"> {% csrf_token %} <div class="form-group"> <label for="username">用户名</label> <input type="text" name="username" class="form-control" id="username" placeholder="请输入用户名"> </div> <div class="form-group"> <label for="password">密码</label> <input type="password" name="password" class="form-control" id="password" placeholder="请输入密码"> </div> {% if error %} <div class="alert alert-danger">{{ error }}</div> {% endif %} <button type="submit" class="btn btn-primary">登录</button> </form>
相关文章