django-auth-ldap - 在自定义视图中显示LDAP用户信息
我在使用django-auth-ldap这个工具,设置是这样的,因为我的ldap服务器上没有默认的“管理员”用户,它只是用来验证用户的,用户自己可以查看他们的信息。
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER=True
在django-ldap-debug.log文件中,当我作为登录用户在视图中调用LDAPBackend().populate_user(request.user.username)时,出现了以下错误:
search_s('uid=vchrizz,ou=Users,dc=funkfeuer,dc=at', 0, '(objectClass=*)') raised NO_SUCH_OBJECT({'desc': 'No such object'},)
search_s('uid=vchrizz,ou=Users,dc=funkfeuer,dc=at', 0, '(objectClass=*)') returned 0 objects:
似乎只有在登录时(使用login_required这个装饰器来自django.contrib.auth.decorators)才会返回一个用户对象:
search_s('uid=vchrizz,ou=Users,dc=funkfeuer,dc=at', 0, '(objectClass=*)') returned 1 objects: uid=vchrizz,ou=users,dc=funkfeuer,dc=at
然后我注意到,我需要设置
AUTH_LDAP_BIND_DN
AUTH_LDAP_BIND_PASSWORD
来解决这个错误,但首先我不想指定一个带密码的用户(因为bind_as_authenticating_user),其次populate_user()仍然返回NoneType...
这是为什么呢?我该如何从ldap获取返回的用户信息?
我的目标是显示所有ldap用户的信息,比如在我的自定义视图/userinfo/中显示uidNumber。
谢谢,chris
1 个回答
3
最后发现少了 auth.authenticate 这个部分,我不得不去查文档:
存储用户的额外信息 这是获取用户信息的推荐方法,而不是我之前寻找的方式。
在 settings.py 文件中:
AUTH_LDAP_PROFILE_ATTR_MAP = {
"uid": "uid",
"cn": "cn",
"sn": "sn",
"givenName": "givenName",
"userPassword": "userPassword",
"shadowLastChange": "shadowLastChange",
"shadowMax": "shadowMax",
"shadowWarning": "shadowWarning",
"loginShell": "loginShell",
"uidNumber": "uidNumber",
"gidNumber": "gidNumber",
"homeDirectory": "homeDirectory",
"gecos": "gecos",
"mail": "mail",
"l": "l",
"telephoneNumber": "telephoneNumber",
}
AUTH_PROFILE_MODULE = 'myapp.UserProfile'
在 models.py 文件中:
from django.db import models
from django.contrib.auth.models import User
from django.db.models.signals import post_save
class UserProfile(models.Model):
# This field is required.
user = models.OneToOneField(User)
# Other fields here
uid = models.CharField(max_length=254)
cn = models.CharField(max_length=254)
sn = models.CharField(max_length=254)
givenName = models.CharField(max_length=254)
userPassword = models.CharField(max_length=254)
shadowLastChange = models.IntegerField(null=True)
shadowMax = models.IntegerField(null=True)
shadowWarning = models.IntegerField(null=True)
loginShell = models.CharField(max_length=254)
uidNumber = models.IntegerField(null=True)
gidNumber = models.IntegerField(null=True)
homeDirectory = models.CharField(max_length=254)
gecos = models.CharField(max_length=254)
mail = models.EmailField(max_length=254)
l = models.CharField(max_length=254)
telephoneNumber = models.CharField(max_length=254)
def create_user_profile(sender, instance, created, **kwargs):
#if created:
# UserProfile.objects.create(user=instance)
UserProfile.objects.get_or_create(user=instance)
post_save.connect(create_user_profile, sender=User)
在 views.py 文件中:
from django.contrib.auth.decorators import login_required
from django.http import HttpResponseRedirect
from django.shortcuts import render
from myapp.models import UserProfile
@login_required
def userinfo(request):
try:
ldapuserprofile = UserProfile.objects.get(uid=request.user.username)
except UserProfile.DoesNotExist:
return HttpResponseRedirect('/login/')
context = {'request': request, 'ldapuser': ldapuserprofile,}
return render(request, 'myapp/userinfo.html', context)
然后在 HTML 模板中,可以访问 {{ ldapuser.givenName }}
希望这对某些人有帮助。
谢谢,chris