Django and Python-Ldap with Active Directory Question
101 views
Skip to first unread message
G Z
Jul 17, 2014, 11:54:47 PM7/17/14
to django...@googlegroups.com
I'm using pure python-ldap to authenticate because django-auth-ldap doesn't work for some reason no matter how i tried it.
settings.py
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'holon.backend.ActiveDirectoryBackend',
)
backend.py
import ldap
from portal.models import User
class ActiveDirectoryBackend:
def authenticate(self, username='', password=''):
if not self.is_valid(username, password):
return None
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username, password='dummy')
user.save()
return user
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
def is_valid(self, user='', password=''):
try:
l = ldap.open('172.19.48.45')
l.simple_bind_s('%s...@enki.local' % user, password)
l.unbind_s()
#this doesn't work.
group_dn='ou=ENKI Users,dc=enki,dc=local'
dn, entry = l.search_s(group_dn, ldap.SCOPE_BASE)[0]
member_list = entry['name']
if user in member_list:
user.superuser = True #also is this how I set the user status because user.is_active is how you determine if its active i want to use user.superuser to determine if I should display the admin portion of a dashboard.
return True
except ldap.LDAPError:
return False
I made a python only version to test if its working:
import ldap
def my_search(l, keyword):
base = "dc=enki,dc=local"
scope = ldap.SCOPE_SUBTREE
filter = "cn=" + "*" + keyword + "*"
retrieve_attributes = None
count = 0
result_set = []
timeout = 0
try:
result_id = l.search(base, scope, filter, retrieve_attributes)
while 1:
result_type, result_data = l.result(result_id, timeout)
if (result_data == []):
break
else:
if result_type == ldap.RES_SEARCH_ENTRY:
result_set.append(result_data)
if len(result_set) == 0:
print "No Results."
return
for i in range(len(result_set)):
for entry in result_set[i]:
try:
name = entry[1]['cn'][0]
email = entry[1]['mail'][0]
phone = entry[1]['telephonenumber'][0]
desc = entry[1]['description'][0]
count = count + 1
print "%d.\nName: %s\nDescription: %s\nE-mail: %s\nPhone: %s\n" % (count, name, desc, email, phone)
except:
pass
except ldap.LDAPError, error_message:
print error_message
user='tom'
password='sdfsdf'
l = ldap.open('172.19.48.45')
l.simple_bind_s('%s...@enki.local' % user, password)
print "Searching..\n"
print my_search(l, 'Grant Zukel')
#this will never return any results.
group_dn='cn=Tom Stool, ou=ENKI Users,dc=enki,dc=local'
dn, entry = l.search_s(group_dn, ldap.SCOPE_BASE)[0]
this is how you find just one entry. I need to know how to find all entries for ENKI Users
l.unbind_s()
Ilya Kazakevich
Jul 18, 2014, 1:02:28 PM7/18/14
to django...@googlegroups.com
You need to use one level scope:
Try the following script:
# coding=utf-8
import ldap
GROUP_DN = "ou=ENKI Users,dc=enki,dc=local"
LOGIN = "tom" # Its better to use full name like DOMAIN\\tom or t...@enki.local
PASSWORD = 'sdfsdf'
LDAP_URL = "ldap://172.19.48.45:389"
ldp = ldap.initialize(LDAP_URL)
print ldp.bind(LOGIN, PASSWORD)
for (dn, entry) in ldp.search_s(GROUP_DN, ldap.SCOPE_ONELEVEL): # Scope!!!
print(entry)
ldp.unbind()
Ilya Kazakevich,
JetBrains PyCharm (Best Python/Django IDE)
http://www.jetbrains.com/pycharm/
"Develop with pleasure!"
>--
>You received this message because you are subscribed to the Google Groups
>"Django users" group.
>To unsubscribe from this group and stop receiving emails from it, send an email to
>django-users...@googlegroups.com.
>To post to this group, send email to django...@googlegroups.com.
>Visit this group at http://groups.google.com/group/django-users.
>To view this discussion on the web visit
>https://groups.google.com/d/msgid/django-users/a1c01df1-7835-4fba-ac19-c97
>85f4c0fb2%40googlegroups.com
><https://groups.google.com/d/msgid/django-users/a1c01df1-7835-4fba-ac19-c9
>785f4c0fb2%40googlegroups.com?utm_medium=email&utm_source=footer> .
>For more options, visit https://groups.google.com/d/optout.
>
>
>No virus found in this message.
>Checked by AVG - www.avg.com
>Version: 2014.0.4716 / Virus Database: 3986/7869 - Release Date: 07/17/14
Try the following script:
# coding=utf-8
import ldap
GROUP_DN = "ou=ENKI Users,dc=enki,dc=local"
LOGIN = "tom" # Its better to use full name like DOMAIN\\tom or t...@enki.local
PASSWORD = 'sdfsdf'
LDAP_URL = "ldap://172.19.48.45:389"
ldp = ldap.initialize(LDAP_URL)
print ldp.bind(LOGIN, PASSWORD)
for (dn, entry) in ldp.search_s(GROUP_DN, ldap.SCOPE_ONELEVEL): # Scope!!!
print(entry)
ldp.unbind()
Ilya Kazakevich,
JetBrains PyCharm (Best Python/Django IDE)
http://www.jetbrains.com/pycharm/
"Develop with pleasure!"
>You received this message because you are subscribed to the Google Groups
>"Django users" group.
>To unsubscribe from this group and stop receiving emails from it, send an email to
>django-users...@googlegroups.com.
>To post to this group, send email to django...@googlegroups.com.
>Visit this group at http://groups.google.com/group/django-users.
>To view this discussion on the web visit
>https://groups.google.com/d/msgid/django-users/a1c01df1-7835-4fba-ac19-c97
>85f4c0fb2%40googlegroups.com
><https://groups.google.com/d/msgid/django-users/a1c01df1-7835-4fba-ac19-c9
>785f4c0fb2%40googlegroups.com?utm_medium=email&utm_source=footer> .
>For more options, visit https://groups.google.com/d/optout.
>
>
>No virus found in this message.
>Checked by AVG - www.avg.com
>Version: 2014.0.4716 / Virus Database: 3986/7869 - Release Date: 07/17/14
Reply all
Reply to author
Forward
0 new messages