Shulou(Shulou.com)06/02 Report--

Django how to configure the Windows AD domain for account authentication, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

We use Django to develop website backend, there will be the need for account password authentication and login. Generally, the company will use AD of Windows or OpenLDAP under Linux to authenticate the account password. The following is the configuration of Django using Windows AD for account authentication, and the code is all configured in the setting.py file of Django.

The code is as follows:

1#Django-auth-ldap configuration part this part of the code is configured in the settings.py of django

2import ldap

3from django_auth_ldap.config import LDAPSearch,GroupOfNamesType

four

To modify the Django certification, first go to ldap, and then go to the local certification.

6AUTHENTICATION_BACKENDS = [

7 'django_auth_ldap.backend.LDAPBackend'

8 'django.contrib.auth.backends.ModelBackend'

9]

ten

Connection basic configuration of 11#ldap

12AUTH_LDAP_SERVER_URI = "ldap://192.168.146.21:389"

13AUTH_LDAP_BIND_DN = "CN=administrator,CN=Users,DC=test,DC=com"

14AUTH_LDAP_BIND_PASSWORD = 'testpassword'

fifteen

Paths that allow authenticated users

AUTH_LDAP_USER_SEARCH = LDAPSearch ("OU=test,DC=test,DC=com", ldap.SCOPE_SUBTREE, "(& (objectClass=person) (sAMAccountName=% (user) s)"))

18AUTH_LDAP_USER_SEARCH = LDAPSearch ("OU=test,DC=test,DC=intra"

19 ldap.SCOPE_SUBTREE, "(sAMAccountName=% (user) s)")

twenty

2permission control through groups

22AUTH_LDAP_GROUP_SEARCH = LDAPSearch ("ou=groups,ou=test,dc=test,dc=intra"

23 ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"

24)

twenty-five

26AUTH_LDAP_GROUP_TYPE = GroupOfNamesType ()

twenty-seven

28#is_staff: members of this group can log in; is_superuser: members of the group are super administrators of django admin; is_active: members of the group can log in to django admin the day after tomorrow without permission

29AUTH_LDAP_USER_FLAGS_BY_GROUP = {

30 "is_staff": "cn=test_users,ou=groups,OU=test,DC=test,DC=com"

31 "is_superuser": "cn=test_users,ou=groups,OU=tset,DC=test,DC=com"

32}

3. Permissions control end through groups

thirty-four

3. If the ldap server is the AD of Windows, you need to configure the following options

36AUTH_LDAP_CONNECTION_OPTIONS = {

37 ldap.OPT_DEBUG_LEVEL: 1

38 ldap.OPT_REFERRALS: 0

39}

forty

4. When a ldap user logs in, the user attribute from ldap corresponds to the user database of django, the key is the attribute of django, and the value is the attribute of ldap user

42AUTH_LDAP_USER_ATTR_MAP = {

43 "first_name": "givenName"

44 "last_name": "sn"

45 "email": "mail"

46}

forty-seven

4 if True is used, the group members will be retrieved from ldap each time to ensure the real-time performance of the group members; otherwise, the group members will be cached to improve the performance, but reduce the real-time performance

4 percent AUTH_LDAP_FIND_GROUP_PERMS = True

After the configuration is completed, when the user logs in through the admin background, if the domain user is not in the specified group, the login failure will be prompted, but in the auth_user user table, there will be the attributes of this user. The user can log in to the backend if superuser is configured, and the default account configured in the code can directly log in to admin the day after tomorrow and log in as an administrator.

After reading the above, have you mastered how to configure the Windows AD domain for account authentication in Django? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.