{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我欲成王,谁敢阻挡 的问题《How to maintain LDAP authentication across Django》','https://www.manongdao.com/q-731877.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Here is the current situation:
I created a login.html page where I enter my username and password in a form. In my views.py I get the POST data and use the username and password to authenticate against my LDAP server (mechanism works). If the username/password is wrong, I am redirected back to the login page with an error message. Otherwise, I am redirected to a landing page where I will have a message like: "Hello Lastname, Firstname". I am able to get the first and last names from the LDAP query.
The problem:
When I go to the new view, i.e the landing page, I lose my authentication. When I trace request.user, I get the admin user I used while creating my Django project. I would expect the Django_auth ecosystem to do all this for me but maybe I am wrong.
I am not sure whether I should place the user in a session because I could not find anywhere on Google where people use Django's LDAP and Session together.
I would appreciate any help from the gurus out there.
Thanks.
Edit with actual code:
def login(request):
error = False
DN = 'None'
user = 'None'
user_attr = 'None'
if request.method == 'POST': #if form has been submitted
DN = request.POST['login']
PWD = request.POST['password']
DN_FULL_EMAIL = DN + '@'+user_domain+'.mysite.com'
print 'DN_FULL_EMAIL', DN_FULL_EMAIL
try:
l = ldap.initialize('ldap://mysite.com:3268')
print 'bind_res = ' , l.simple_bind_s(DN_FULL_EMAIL, PWD)
BASE_DN = 'DC=eng,DC=mysite,DC=com'
SCOPE = ldap.SCOPE_SUBTREE
Filter = '(&(objectClass=person)(sAMAccountName='+DN+'*)(objectClass=organizationalPerson)(objectClass=user))'
Attrs = ['displayName', 'employeeID'] #The only data we need
r= l.search_ext(BASE_DN, SCOPE, Filter, Attrs)
Type, user = l.result(r,10)
if user :
Name, Attrs = user[0]
if hasattr(Attrs, 'has_key') and Attrs.has_key('displayName') and Attrs.has_key('employeeID'):
displayName = Attrs['displayName'][0]
WWID = Attrs['employeeID'][0]
request.user = user
user_attr = Attrs
return HttpResponseRedirect('/', { 'user' : user,
'user_attr' : user_attr
})
except ImportError:
error = True
pass
except ldap.INVALID_CREDENTIALS:
error = True
pass
return render_to_response( 'login.html', {
'error' : error,
'user' : user,
'user_attr' : user_attr
}, context_instance = RequestContext(request))
Now that you've implemented LDAP authentication manually with python-ldap, all you need to know is how to use session across different views.
Fortunately Django provides good document about it: How to use sessions.
Example code:
You almost certainly want to use an LDAP authentication backend like django-auth-ldap. If the backend is installed and configured properly, your views should not require any LDAP-specific code. If you've gotten tangled up, don't be afraid to start over and follow the backend's documentation from the beginning.