Importing LDAP users into django database

2019-03-26 11:03发布

站内问答 / Django
1442 3 4

I want to import the users of a ActiveDirectory database into Django. To this end I'm trying to use the django_auth_ldap module.

Here is what I tried already :

in my settings.py :

AUTH_LDAP_SERVER_URI = "ldap://example.fr"

AUTH_LDAP_BIND_DN = 'cn=a_user,dc=example,dc=fr'
AUTH_LDAP_BIND_PASSWORD=''
AUTH_LDAP_USER_SEARCH = LDAPSearch('ou=users,dc=example,dc=fr', ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch('ou=groups,dc=example,dc=fr', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)')

AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()

#Populate the Django user from the LDAP directory
AUTH_LDAP_USER_ATTR_MAP = {
    'first_name': 'sAMAccountName',
    'last_name': 'displayName',
    'email': 'mail'
}


AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

Then I call python manage.py syncdb with no result. No warning, no error, nothing updataed in the auth_user table. Is there something obvious I forgot to do ?

3条回答
家丑人穷心不美
2楼-- · 2019-03-26 11:28

I needed to do something similar, and found the LDAPBackend.populate_user(user_name) API useful.

from django_auth_ldap.backend import LDAPBackend
user = LDAPBackend().populate_user('user_name')

Given each call is going to issue LDAP queries and a bunch of DB select/ updated/ insert queries, this is more suited to getting or creating occasional users (for masquerading as them/ check how the app looks for them) rather than bulk creating them.

查看更多
0人赞 添加讨论(0) 举报
放我归山
3楼-- · 2019-03-26 11:31

I'd say that you really don't want to use the django_auth_ldap here, since that just creates users on demand as they log in (as others have noted). Instead, you can just use the raw python_ldap module to do a raw LDAP query:

username = "..."
password  = "..."
scope = ldap.SCOPE_SUBTREE
base = "ou=...,dc=...,dc=..."
filter="..."
retrieve_attributes=['cn','uid','displayName']

l = ldap.open("your.ldap.server")    
l.protocol_version = ldap.VERSION3
l.simple_bind(username, password)
results = l.search_s(base, scope, filter, retrieve_attributes)

And then iterate over the results to stuff them into your model.

查看更多
0人赞 添加讨论(0) 举报
家丑人穷心不美
4楼-- · 2019-03-26 11:40

Looking at the documentation for django_auth_ldap it appears that the module doesn't actually walk through LDAP users and load them into the database. Instead, it authenticates a user against LDAP, and then adds or updates them in auth_users with the information it gets from LDAP when the user logs in.

If you want to pre-populate the database with all of the users in Active Directory then it looks like you'll need to write a script that queries AD directly and insert the users.

Something like this should get you started:

import ldap

l = ldap.initialize('ldap://your_ldap_server') # or ldaps://
l.simple_bind_s("cn=a_user,dc=example,dc=fr")
users = l.search_ext_s("memberOf=YourUserGroup",\
                         ldap.SCOPE_SUBTREE, \
                         "(sAMAccountName=a_user)", \
                         attrlist=["sAMAccountName", "displayName","mail"])

# users is now an array of members who match your search criteria.
# *Each* user will look something like this:
# [["Firstname"],["LastName"],["some@email.address"]]
# Note that each field is in an array, even if there is only one value.
# If you only want the first value from each, you can transform the results:
# users = [[field[0] for field in user] for user in users]

# That will transform each row into something like this:
# ["Firstname", "Lastname", "some@email.address"]

# TODO -- add to the database.

I have left the database update to you, since I don't have any information about your setup.

If you need more information about LDAP queries, check out the LDAP questions here on Stackoverflow -- and I also found this article to be a help.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)