social_media_platform/application/ldap_backend.py

import logging
import traceback
from django.conf import settings
from django.contrib.auth.hashers import check_password
from django.contrib.auth.models import User
from ldap3 import Server, Connection, ALL, NTLM, ALL_ATTRIBUTES
from ldap3.core.exceptions import LDAPSocketOpenError
import mysite.settings

class LdapBackend(object):
    """
    Authenticate against a LDAP directory.
    """

    log = logging.getLogger('mysite')

    def check_login(self, username, password):
        server = Server(mysite.settings.LDAP_SERVER, connect_timeout=8)
        qualified_user = mysite.settings.LDAP_DOMAIN + '\\' + username

        conn = Connection(server, qualified_user, password=password, authentication=NTLM)

        try:
            conn.bind()
        except LDAPSocketOpenError:
            # LDAP Server nicht erreichbar
            self.log.info("LDAP check_login: Server not reachable.")
            return None
        except:
            var = traceback.format_exc()
            self.log.info("LDAP check_login(bind): Unexpected Error %s" % var)
            return None

        result = None

        try:
            if conn.extend.standard.who_am_i() != None:
                conn.search(
                    search_base='DC=' + mysite.settings.LDAP_DOMAIN + ',DC=fh-nuernberg,DC=de',
                    search_filter='(&(objectclass=user)(CN=' + username + '))', attributes=ALL_ATTRIBUTES)
                info = conn.entries[0]
                result = {'lastname' : str(info.sn),
                          'givenname' : str(info.givenName),
                          'login' : str(info.cn),
                          'department' : str(info.department),
                          'role' : str(info.description)}
                self.log.info("LDAP check_login: %s" % result)
        except:
            var = traceback.format_exc()
            self.log.info("LDAP check_login: Unexpected Error %s" % var)
        conn.unbind()
        return result



    def authenticate(self, request, username=None, password=None):
        ldap_user = self.check_login(username,password)
        if ldap_user:
            # {'lastname': 'Hofmann', 'givenname': 'Oliver', 'login': 'hofmannol', 'department': 'EFI', 'role': 'PF'}
            # {'lastname': 'Wimmer', 'givenname': 'Martin', 'login': 'wimmerma', 'department': 'EFI', 'role': 'MA'}
            # {'lastname': 'Mueller', 'givenname': 'Vincent', 'login': 'muellervi56608', 'department': 'EFI', 'role': 'ST'}
            # {'lastname': 'Poehlau', 'givenname': 'Frank', 'login': 'poehlaufr', 'department': 'EFI', 'role': 'PF'}
            try:
                user = User.objects.get(username=ldap_user['login'])
            except User.DoesNotExist:
                self.log.info("LDAP authenticate: create new user %s" % ldap_user['login'])
                user = User(username=ldap_user['login'])
                user.first_name = ldap_user['givenname']
                user.last_name = ldap_user['lastname']
                user.is_staff = (ldap_user['role'] != 'ST')
                user.is_superuser = False
                user.save()
            return user
        return None

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None