Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "Django-auth-ldap module configuration method". In the actual case operation process, many people will encounter such difficulties. Next, let Xiaobian lead you to learn how to deal with these situations! I hope you can read carefully and learn something!

usage scenarios

The company uses Django as a Web service for the backend service framework. When you need to use the company's internal Ldap or Windows AD server as a Web login authentication system, you need this Django-auth-ldap third-party plugin.

Introduction to plug-ins

Django-auth-ldap is a Django authentication backend that authenticates against LDAP services. There are many rich configuration options available to handle users, groups and permissions, making it easy to control the pages and background plugins.

installation method

Note: Python 3, pip3 and Django environments must be installed correctly.

Premise: python-ldap > = 3.0 needs to be installed first Step 1: Install Django-auth-ldap

pip install django-auth-ldap

Step 2: Configure the django-auth-ldap module in setting.py

To use auth authentication in a Django project, add django_auth_ldap.backend.LDAPBackend to AUTHENTICATION_BACKENDS. Do not add anything to INSTALLED_APPS. The effect is as follows:

AUTHENTICATION_BACKENDS = [ 'django_auth_ldap.backend.LDAPBackend' ，]

Step 3: Configure the following code in settings.py of django project:

#Django-auth-ldap Configuration section

import ldapfrom django_auth_ldap.config import LDAPSearch,GroupOfNamesType

#Modify Django authentication first go ldap, then go local authentication

AUTHENTICATION_BACKENDS = [ 'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend',]

#ldap connection base configuration

AUTH_LDAP_SERVER_URI = "ldap://xxx.xxx.xxx:389" # ldap or ad Server address AUTH_LDAP_BIND_DN = "CN=administrator,CN=Users,DC=test,DC=com" #Administrator's dn path AUTH_LDAP_BIND_PASSWORD = 'testpassword' #Administrator password #Path to allow authenticated users

AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=test,DC=test,DC=intra", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")

#Permission control through groups

AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,ou=test,dc=test,dc=intra", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)")

AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()

#is_staff: members of this group can log in;is_superuser: group members are super administrators of django admin;is_active: group members can log in to django admin background, but they do not have permission to view background contents

AUTH_LDAP_USER_FLAGS_BY_GROUP = {

"is_staff": "cn=test_users,ou=groups,OU=test,DC=test,DC=com",

"is_superuser": "cn=test_users,ou=groups,OU=tset,DC=test,DC=com",}#Permission control by groups end

#If ldap server is Windows AD, you need to configure the following options

AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_DEBUG_LEVEL: 1, ldap.OPT_REFERRALS: 0,}

#When ldap user logs in, write user attributes from ldap to django user database, key is django attribute, value is ldap user attribute

AUTH_LDAP_USER_ATTR_MAP = {

"first_name": "givenName",

"last_name": "sn",

"email": "mail"}

#If True, group members are retrieved from ldap every time to ensure real-time group members; otherwise, group members are cached to improve performance but reduce real-time # AUTH_LDAP_FIND_GROUP_PERMS = True

After the above configuration is completed, log in to the server background address: http://serverurl:8080/admin and use the users in the group specified in ldap or ad to log in and authenticate.

"Django-auth-ldap module configuration method" content introduced here, thank you for reading. If you want to know more about industry-related knowledge, you can pay attention to the website. Xiaobian will output more high-quality practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.