Hello, I took the code from http://www.carthage.edu/webdev/?p=12, adapted it and generalized it so you can specify LDAP server and other configuration items in settings.py.
>From the README : =============================================== LDAP authentication backend for Django. The following variables must be set in your settings.py : ----------------- AUTH_LDAP_SERVER = 'ldapserver.yourdomain.com' AUTH_LDAP_PORT = 389 AUTH_LDAP_DOMAIN = 'yourdomain.com' AUTH_LDAP_SEARCH_STRING = "uid=%s,ou=People,dc=yourdomain,dc=com" AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.ldap_backend.LDAPBackend', ) ----------------- The %s in AUTH_LDAP_SEARCH_STRING will be replaced with the username. There is no explicit copyright in the code found at http://www.carthage.edu/webdev/?p=12, so this code is released under public domain, hoping the original author agrees with that. =============================================== The code : =============================================== # Based on http://www.carthage.edu/webdev/?p=12 # # There is no explicit copyright in the original code, # so this code is released under public domain, hoping # the original author agrees with that. import ldap from django.contrib.auth.models import User from django.conf import settings class LDAPBackend: def authenticate(self, username=None, password=None): # Authenticate the base user so we can search try: l = ldap.open(settings.AUTH_LDAP_SERVER, settings.AUTH_LDAP_PORT) l.protocol_version = ldap.VERSION3 l.simple_bind_s(settings.AUTH_LDAP_SEARCH_STRING % username, password) except ldap.INVALID_CREDENTIALS: # Name or password were bad. Fail. return None try: user = User.objects.get(username__exact=username) except: # Theoretical backdoor could be input right here. We don't # want that, so input an unused random password here. # The reason this is a backdoor is because we create a # User object for LDAP users so we can get permissions, # however we -don't- want them able to login without # going through LDAP with this user. So we effectively # disable their non-LDAP login ability by setting it to a # random password that is not given to them. In this way, # static users that don't go through ldap can still login # properly, and LDAP users still have a User object. from random import choice import string temp_pass = "" for i in range(8): temp_pass = temp_pass + choice(string.letters) user = User.objects.create_user(username, username + '@' + settings.AUTH_LDAP_DOMAIN, temp_pass) user.is_staff = False user.save() # Success. return user def get_user(self, user_id): """ Used by Django to get the user object onced logged in""" try: return User.objects.get(pk=user_id) except User.DoesNotExist: return None =============================================== Copy the code into /usr/lib/python2.4/site-packages/django/contrib/auth/ldap_backend.py Guillaume Pratte -- Any views and opinions expressed in this email are solely those of the author and do not necessarily represent those of Revolution Linux. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
