只是LDAP登录认证,没有用户修改删除分组等操作
使用Django自带的登录认证
django.contrib.auth
然后在settings.py中配置即可,不需要自己再封装函数
配置参考django中ldap验证的三种方式,你需要哪种?_Tian丶Yuting-CSDN博客_django ldap
登录认证
from django.contrib.auth import authenticate,login,logout
def loginSubmit(request):
result = {
'code': 0,
'msg': 'success',
}
username = request.POST.get('username', None)
password = request.POST.get('password', None)
if username and password:
username = username.strip()
try:
ldap_user = authenticate(username=username, password=password)
# 验证通过后,可以看到,本地user表中,会自动添加一条同步的用户信息
if ldap_user:
login(request, ldap_user)
except Exception as e:
result["msg"] = e
return JsonResponse(result, safe=False)
还可以使用@login_required装饰器,拦截未登录状态其他url访问
自己也封装了一个类,不使用Django的登录认证(还是Django自带的好用
ladplogin.py
import ldap
from testPlatform import settings
# 加载log配置
import logging
logger = logging.getLogger()
'''
实现LDAP用户登录验证,首先获取用户的dn,然后再验证用户名和密码
'''
# 登陆 地址
LDAP_URI = settings.AUTH_LDAP_SERVER_URI
# 登陆 账户
LDAP_USER = settings.AUTH_LDAP_BIND_DN
# 登陆 密码
LDAP_PASS = settings.AUTH_LDAP_BIND_PASSWORD
# 默认 区域
base_DN = settings.base_dn
class LDAPTool(object):
def __init__(self,
ldap_uri=None,
base_dn=None,
user=None,
password=None):
"""
初始化
:param ldap_uri: ldap_uri
:param user: 默认用户
:param password: 默认密码
:return:
"""
if not ldap_uri:
ldap_uri = LDAP_URI
if not base_dn:
self.base_dn = base_DN
if not user:
self.admin_user = LDAP_USER
if not password:
self.admin_password = LDAP_PASS
try:
self.ldapconn = ldap.initialize(ldap_uri)
# 绑定用户名、密码
self.ldapconn.simple_bind_s(self.admin_user, self.admin_password)
except ldap.LDAPError as e:
logger.error('ldap conn失败,原因为: %s' % str(e))
def ldap_search_dn(self, user, psw):
"""
# 根据表单提交的用户名,检索该用户的dn,一条dn就相当于数据库里的一条记录。
:param user: 用户名
:param psw: 用户密码
:return:
"""
obj = self.ldapconn
obj.protocal_version = ldap.VERSION3
searchScope = ldap.SCOPE_SUBTREE
retrieveAttributes = None
searchFilter = "sAMAccountName=" + user
try:
ldap_result_id = obj.search(
base=self.base_dn,
scope=searchScope,
filterstr=searchFilter,
attrlist=retrieveAttributes
)
result_type, result_data = obj.result(ldap_result_id, 0)
if result_type == ldap.RES_SEARCH_ENTRY:
userDN = result_data[0][0]
loginre = self.login_ldap(userDN, psw)
return loginre
else:
logger.error('ldap search %s 失败,用户不存在' % user)
return '用户名不存在'
except ldap.LDAPError as e:
logger.error('ldap search %s 失败,原因为: %s' % (user, str(e)))
def login_ldap(self, userDN, psw):
try:
result = self.ldapconn.simple_bind_s(userDN, psw)
if result:
return 1
except ldap.LDAPError as e:
logger.error("登录LDAP用户%s失败,原因为: %s" % (userDN, str(e)))
return "密码错误"
在view.py中调用这个类,使用session保存登录状态
def loginSubmit(request):
result = {
'code': 0,
'msg': 'success',
}
username = request.POST.get('username', None)
password = request.POST.get('password', None)
if username and password:
username = username.strip()
try:
res = LDAPTool().ldap_search_dn(username, password)
if res == 1:
request.session['is_login'] = True
request.session['user_name'] = username
else:
result["msg"] = res
except Exception as e:
result["msg"] = e
return JsonResponse(result, safe=False)
