Development of an internal social media platform with personalised dashboards for students
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

ldap_backend.py 3.2KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182
  1. import logging
  2. import traceback
  3. from django.conf import settings
  4. from django.contrib.auth.hashers import check_password
  5. from django.contrib.auth.models import User
  6. from ldap3 import Server, Connection, ALL, NTLM, ALL_ATTRIBUTES
  7. from ldap3.core.exceptions import LDAPSocketOpenError
  8. import mysite.settings
  9. class LdapBackend(object):
  10. """
  11. Authenticate against a LDAP directory.
  12. """
  13. log = logging.getLogger('mysite')
  14. def check_login(self, username, password):
  15. server = Server(mysite.settings.LDAP_SERVER, connect_timeout=8)
  16. qualified_user = mysite.settings.LDAP_DOMAIN + '\\' + username
  17. conn = Connection(server, qualified_user, password=password, authentication=NTLM)
  18. try:
  19. conn.bind()
  20. except LDAPSocketOpenError:
  21. # LDAP Server nicht erreichbar
  22. self.log.info("LDAP check_login: Server not reachable.")
  23. return None
  24. except:
  25. var = traceback.format_exc()
  26. self.log.info("LDAP check_login(bind): Unexpected Error %s" % var)
  27. return None
  28. result = None
  29. try:
  30. if conn.extend.standard.who_am_i() != None:
  31. conn.search(
  32. search_base='DC=' + mysite.settings.LDAP_DOMAIN + ',DC=fh-nuernberg,DC=de',
  33. search_filter='(&(objectclass=user)(CN=' + username + '))', attributes=ALL_ATTRIBUTES)
  34. info = conn.entries[0]
  35. result = {'lastname' : str(info.sn),
  36. 'givenname' : str(info.givenName),
  37. 'login' : str(info.cn),
  38. 'department' : str(info.department),
  39. 'role' : str(info.description)}
  40. self.log.info("LDAP check_login: %s" % result)
  41. except:
  42. var = traceback.format_exc()
  43. self.log.info("LDAP check_login: Unexpected Error %s" % var)
  44. conn.unbind()
  45. return result
  46. def authenticate(self, request, username=None, password=None):
  47. ldap_user = self.check_login(username,password)
  48. if ldap_user:
  49. # {'lastname': 'Hofmann', 'givenname': 'Oliver', 'login': 'hofmannol', 'department': 'EFI', 'role': 'PF'}
  50. # {'lastname': 'Wimmer', 'givenname': 'Martin', 'login': 'wimmerma', 'department': 'EFI', 'role': 'MA'}
  51. # {'lastname': 'Mueller', 'givenname': 'Vincent', 'login': 'muellervi56608', 'department': 'EFI', 'role': 'ST'}
  52. # {'lastname': 'Poehlau', 'givenname': 'Frank', 'login': 'poehlaufr', 'department': 'EFI', 'role': 'PF'}
  53. try:
  54. user = User.objects.get(username=ldap_user['login'])
  55. except User.DoesNotExist:
  56. self.log.info("LDAP authenticate: create new user %s" % ldap_user['login'])
  57. user = User(username=ldap_user['login'])
  58. user.first_name = ldap_user['givenname']
  59. user.last_name = ldap_user['lastname']
  60. user.is_staff = (ldap_user['role'] != 'ST')
  61. user.is_superuser = False
  62. user.save()
  63. return user
  64. return None
  65. def get_user(self, user_id):
  66. try:
  67. return User.objects.get(pk=user_id)
  68. except User.DoesNotExist:
  69. return None