Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.

#1 March 26, 2008 15:23:24

Dan E.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

moving django users to LDAP


On Mar 20, 7:44 pm, "Katz, Aryeh \(akatz\)" <> wrote:
> The downside of this method is that the user can still authenticate against
> Django.

I set my passwords in Django to something like 'get password from
LDAP'. This is an invalid hash, so no one would ever be able to
authenticate against Django instead of LDAP. To authenticate them, I
bind as a specific LDAP user, search for the user who is
authenticating, then rebind to LDAP as them (all this over SSL-
encrypted LDAP). It's a fairly typical technique. This is the auth
backend I wrote to do it:

ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, settings.LDAP_CERT)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, 0)

class LdapBackend:
def authenticate(self, username=None, password=None):
l = SmartLDAPObject(
settings.LDAP_URI,
who=settings.LDAP_BIND_DN,
cred=settings.LDAP_BIND_PW,
start_tls=2
)
results = l.search_s(settings.LDAP_ROOT, ldap.SCOPE_SUBTREE,
"(sAMAccountName=%s)" % (username,), )
print results
dn = results
attributes = results
try:
l.simple_bind_s(dn, password)
except:
return None
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username, password="get from ldap")
user.first_name = attributes
user.last_name = attributes
user.email = attributes
user.is_staff = True
user.is_superuser = True
user.save()
return user

def get_user(self, uid):
try:
return User.objects.get(pk=uid)
except User.DoesNotExist:
return None

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en-~----------~----~----~----~------~----~------~--~---

Offline

Board footer

Moderator control

Enjoy the 11th of December
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support