使用 Django Auth Ldap 将 LDAP 用户映射到 Django 用户

2022-01-17 00:00:00 python django authentication ldap

问题描述

我正在使用 Django 1.3 和 Django Auth Ldap 1.0.6.我正在尝试让在 LDAP 服务器上具有特殊状态的用户(管理员)在我的 Django 应用程序中具有相同的状态.

I'm using Django 1.3 and Django Auth Ldap 1.0.6. and I'm trying to have the users who have a special status on the LDAP Server (admins) have the same status in my Django application.

这些是我当前的设置:

AUTH_LDAP_SERVER_URI = 'ldap://path.to.server'

AUTH_LDAP_BIND_DN = ''
AUTH_LDAP_BIND_PASSWORD = ''
AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,cn=users,dc=server,dc=location,dc=lan'
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
                             'cn=groups,dc=server,dc=location,dc=lan',
                             ldap.SCOPE_SUBTREE,
                             '(objectClass=groupOfNames)',
)
AUTH_LDAP_USER_ATTR_MAP = {
    'first_name': 'givenName',
    'last_name': 'sn',
}
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    #'is_active': 'cn=groups,dc=server,dc=location,dc=lan',
    #'is_staff': 'cn=admin,cn=groups,dc=server,dc=location,dc=lan',
    #'is_superuser': 'cn=admin,cn=groups,dc=server,dc=location,dc=lan',
}
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_FIND_GROUPS_PERMS = True

权限未更新.如果我取消注释 FLAGS_BY_GROUP 中的值,我将无法再进行身份验证(错误消息显示用户和密码不匹配).我尝试不使用最后一个设置,结果相同.

Permissions aren't updated. If I uncomment the values in FLAGS_BY_GROUP, I can't authenticate any more (the error message says that the user and password don't match). I tried without the last setting with the same results.

高度赞赏任何想法.


解决方案

在psagers的帮助下,我设法找到了我的问题的答案.首先,我使用的是 Open Directory,所以我需要使用 AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr='cn') 而不是 GroupOfNamesType().其次,将'is_active'标志映射到整个'groups'容器没有意义,因为我使用时无法登录,所以我把它拿出来了.

With the help of psagers' tips, I managed to find the answer to my issue. First, I'm using Open Directory, so I need to use AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr='cn') instead of GroupOfNamesType(). Second, mapping the 'is_active' flag to the entire 'groups' container doesn't make sense, because I can't login when I use it, so I took it out.

相关文章