Django 2.1 通過LDAP 調用 FreeIPA賬戶信息 例子
阿新 • • 發佈:2018-08-27
setting char pre schema view not mir **kwargs 環境 本文為Django 2.1 通過LDAP 調用 FreeIPA賬戶信息 例子。
修改djangorestframework 認證調用,使其調用Django原生的 authenticate
FreeIPA 的搭建,可以參考我上一篇博客
http://blog.51cto.com/hequan/2164114
測試環境記得修改 django運行環境的 /etc/hosts文件 Freeipa ip 域名
軟件版本:
Django==2.1 django-auth-ldap==1.7.0 django-cors-headers==2.4.0 djangorestframework==3.8.2 pyasn1==0.4.4 pyasn1-modules==0.2.2 python-ldap==3.1.0 pytz==2018.5
項目名字 stack
├── db.sqlite3
├── manage.py
├── requirements.txt
└── stack
├── __init__.py
├── ldapconfig.py
├── settings.py
├── token.py
├── urls.py
└── wsgi.pytoken.py
from rest_framework import parsers, renderers from rest_framework.authtoken.models import Token from rest_framework.compat import coreapi, coreschema from rest_framework.response import Response from rest_framework.schemas import ManualSchema from rest_framework.views import APIView from django.utils.translation import ugettext_lazy as _ from rest_framework import serializers # from rest_framework.compat import authenticate ##主要修改這兩行 from django.contrib.auth import authenticate,login as auth_login, logout as auth_logout ##主要修改這兩行 class AuthTokenSerializer(serializers.Serializer): username = serializers.CharField(label=_("Username")) password = serializers.CharField( label=_("Password"), style={‘input_type‘: ‘password‘}, trim_whitespace=False ) def validate(self, attrs): username = attrs.get(‘username‘) password = attrs.get(‘password‘) print(username,password) if username and password: user = authenticate(username=username, password=password) # The authenticate call simply returns None for is_active=False # users. (Assuming the default ModelBackend authentication # backend.) if not user: msg = _(‘Unable to log in with provided credentials.‘) raise serializers.ValidationError(msg, code=‘authorization‘) else: msg = _(‘Must include "username" and "password".‘) raise serializers.ValidationError(msg, code=‘authorization‘) attrs[‘user‘] = user return attrs class ObtainAuthToken(APIView): throttle_classes = () permission_classes = () parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,) renderer_classes = (renderers.JSONRenderer,) serializer_class = AuthTokenSerializer if coreapi is not None and coreschema is not None: schema = ManualSchema( fields=[ coreapi.Field( name="username", required=True, location=‘form‘, schema=coreschema.String( title="Username", description="Valid username for authentication", ), ), coreapi.Field( name="password", required=True, location=‘form‘, schema=coreschema.String( title="Password", description="Valid password for authentication", ), ), ], encoding="application/json", ) def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data, context={‘request‘: request}) serializer.is_valid(raise_exception=True) user = serializer.validated_data[‘user‘] token, created = Token.objects.get_or_create(user=user) return Response({‘token‘: token.key})
ldapconfig.py
# https://github.com/django-auth-ldap/django-auth-ldap # FreeIPA 域名 server.zhuxu.co import ldap from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion, GroupOfNamesType AUTHENTICATION_BACKENDS = ( ‘django_auth_ldap.backend.LDAPBackend‘, ‘django.contrib.auth.backends.ModelBackend‘, ) AUTH_LDAP_SERVER_URI = ‘ldap://192.168.100.23‘ AUTH_LDAP_BIND_DN = ‘uid=admin,cn=users,cn=accounts,dc=zhuxu,dc=co‘ AUTH_LDAP_BIND_PASSWORD = ‘He.he123‘ AUTH_LDAP_USER_SEARCH = LDAPSearch("cn=accounts,dc=zhuxu,dc=co", ldap.SCOPE_SUBTREE, "(uid=%(user)s)") AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=django,ou=groups,dc=zhuxu,dc=co", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)") AUTH_LDAP_USER_ATTR_MAP = { "username": "uid", "password": "userPassword", "first_name": "givenName", "last_name": "sn", "email": "mail" } # AUTH_LDAP_USER_FLAGS_BY_GROUP = { # ‘is_active‘: ‘cn=active,ou=django,ou=groups,dc=example,dc=com‘, # ‘is_staff‘: ‘cn=staff,ou=django,ou=groups,dc=example,dc=com‘, # ‘is_superuser‘: ‘cn=superuser,ou=django,ou=groups,dc=example,dc=com‘, # } AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn") #返回的組的類型,並用來判斷用戶與組的從屬關系 AUTH_LDAP_MIRROR_GROUPS = True #導入用戶的組信息,在用戶登錄的時候把用戶的域組關系同步過來。每次用戶登錄時,都會把用戶的組關系刪除,重新從ldap中進行同步 AUTH_LDAP_ALWAYS_UPDATE_USER = True #是否同步LDAP修改 AUTH_LDAP_FIND_GROUP_PERMS = True #使用LDAP組成員計算組權限。 AUTH_LDAP_CACHE_TIMEOUT = 3600
settings.py
常規設置 REST_FRAMEWORK
url.py
from .token import ObtainAuthToken
urlpatterns = [
path(‘admin/‘, admin.site.urls),
path(‘token/‘, ObtainAuthToken.as_view()),
]Django 2.1 通過LDAP 調用 FreeIPA賬戶信息 例子