LDAP autentication do not protect my site
6 views
Skip to first unread message
emmanue...@serpro.gov.br
Mar 14, 2019, 11:55:54 AM3/14/19
to Django users
Hi every one,
My ldap login is not protect my site. One can access just typing a url. What is wrong?
These site is just a set of html templates.
-----------------------
settings.py
-----------------------
AUTH_LDAP_SERVER_URI = "ldap://ldap.city.company"
AUTH_LDAP_BIND_DN = "uid=host,ou=wan,ou=corp,dc=company,dc=gov,dc=br"
AUTH_LDAP_BIND_PASSWORD = 'password'
AUTH_LDAP_USER_SEARCH = LDAPSearch(
'dc=company,dc=gov,dc=br',
ldap.SCOPE_SUBTREE,
'(uid=%(user)s)',
)
AUTH_LDAP_USER_ATTR_MAP = {
"full_name": "cn",
"username": "uid",
"mail": "mail",
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# Cache distinguised names and group memberships for an hour to minimize
# LDAP traffic.
AUTH_LDAP_CACHE_TIMEOUT = 3600
# Keep ModelBackend around for per-user permissions and maybe a local
# superuser.
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
-----------------------
view.py
-----------------------
from django.contrib.auth.decorators import login_required
from django.views.decorators.cache import never_cache
from django.utils.decorators import method_decorator
from django.views.generic import TemplateView
decorators = [never_cache, login_required]
@method_decorator(decorators, name='dispatch')
class ProtectedView(TemplateView):
template_name = 'Racks.html'
@method_decorator(never_cache, name='dispatch')
@method_decorator(login_required, name='dispatch')
class ProtectedView(TemplateView):
template_name = 'Racks.html'
-----------------------
urls.py
-----------------------
from django.urls import path
from django.contrib import admin
from django.contrib.auth.views import LoginView
from . import views
from django.conf.urls.static import static
from django.conf import settings
urlpatterns = [
path(r'', LoginView.as_view(template_name='login.html'), name='redes'),
path(r'redes/', LoginView.as_view(template_name='login.html'), name='redes'),
path(r'Racks/', views.ProtectedView.as_view(template_name='Racks.html'), name='racks'),
...
] + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
My ldap login is not protect my site. One can access just typing a url. What is wrong?
These site is just a set of html templates.
-----------------------
settings.py
-----------------------
AUTH_LDAP_SERVER_URI = "ldap://ldap.city.company"
AUTH_LDAP_BIND_DN = "uid=host,ou=wan,ou=corp,dc=company,dc=gov,dc=br"
AUTH_LDAP_BIND_PASSWORD = 'password'
AUTH_LDAP_USER_SEARCH = LDAPSearch(
'dc=company,dc=gov,dc=br',
ldap.SCOPE_SUBTREE,
'(uid=%(user)s)',
)
AUTH_LDAP_USER_ATTR_MAP = {
"full_name": "cn",
"username": "uid",
"mail": "mail",
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# Cache distinguised names and group memberships for an hour to minimize
# LDAP traffic.
AUTH_LDAP_CACHE_TIMEOUT = 3600
# Keep ModelBackend around for per-user permissions and maybe a local
# superuser.
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
-----------------------
view.py
-----------------------
from django.contrib.auth.decorators import login_required
from django.views.decorators.cache import never_cache
from django.utils.decorators import method_decorator
from django.views.generic import TemplateView
decorators = [never_cache, login_required]
@method_decorator(decorators, name='dispatch')
class ProtectedView(TemplateView):
template_name = 'Racks.html'
@method_decorator(never_cache, name='dispatch')
@method_decorator(login_required, name='dispatch')
class ProtectedView(TemplateView):
template_name = 'Racks.html'
-----------------------
urls.py
-----------------------
from django.urls import path
from django.contrib import admin
from django.contrib.auth.views import LoginView
from . import views
from django.conf.urls.static import static
from django.conf import settings
urlpatterns = [
path(r'', LoginView.as_view(template_name='login.html'), name='redes'),
path(r'redes/', LoginView.as_view(template_name='login.html'), name='redes'),
path(r'Racks/', views.ProtectedView.as_view(template_name='Racks.html'), name='racks'),
...
] + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
Reply all
Reply to author
Forward
0 new messages