Django LDAP身份验证后端
django-auth-ldap-ng的Python项目详细描述
这是一个django身份验证后端,根据ldap进行身份验证 服务。配置可以像一个可分辨名称模板一样简单, 但是有很多丰富的配置选项可供用户、组和 和权限。
python 2.6、2.7、3.4和3.5;以及django>;=1.7支持此版本。 在python 2下,它需要python-ldap>;=2.0;在python 3下,它使用 pyldap。
完整的文档可以在 http://pythonhosted.org/django-auth-ldap/;下面是一个例子 配置,只是为了刺激您的食欲:
import ldap from django_auth_ldap.config import LDAPSearch, GroupOfNamesType # Specify User Profile Model if profile needs to be populated (Optional) AUTH_PROFILE_MODULE = 'account.UserProfile' # Baseline configuration. AUTH_LDAP_SERVER_URI = "ldap://ldap.example.com" AUTH_LDAP_BIND_DN = "cn=django-agent,dc=example,dc=com" AUTH_LDAP_BIND_PASSWORD = "phlebotinum" AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)") # or perhaps: # AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=example,dc=com" # Set up the basic group parameters. AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=django,ou=groups,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)" ) AUTH_LDAP_GROUP_TYPE = GroupOfNamesType() # Simple group restrictions AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=django,ou=groups,dc=example,dc=com" AUTH_LDAP_DENY_GROUP = "cn=disabled,ou=django,ou=groups,dc=example,dc=com" # Populate the Django user from the LDAP directory. AUTH_LDAP_USER_ATTR_MAP = { "first_name": "givenName", "last_name": "sn", "email": "mail" } AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": "cn=active,ou=django,ou=groups,dc=example,dc=com", "is_staff": "cn=staff,ou=django,ou=groups,dc=example,dc=com", "is_superuser": "cn=superuser,ou=django,ou=groups,dc=example,dc=com" } # Populate user profil model from LDAP Directory AUTH_LDAP_PROFILE_ATTR_MAP = { 'description': 'description', 'type': 'employeeType', } # Populate profile fields by matching if regex matches the user DN AUTH_LDAP_PROFILE_FLAGS_BY_DN_REGEX = { "is_awesome": r"ou=awesome,ou=people,dc=example,dc=com", "is_teacher": r"ou=faculty,dc=example,dc=com", } # Use LDAP group membership to calculate group permissions. AUTH_LDAP_FIND_GROUP_PERMS = True # Cache group memberships for an hour to minimize LDAP traffic AUTH_LDAP_CACHE_GROUPS = True AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600 # Keep ModelBackend around for per-user permissions and maybe a local # superuser. AUTHENTICATION_BACKENDS = ( 'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', )