Skip to content
Browse files

Initial import

  • Loading branch information...
0 parents commit 084d86defe9c8a05a5cfd9204fa4475effa7c4dd @thalin committed Jan 13, 2009
Showing with 109 additions and 0 deletions.
  1. +3 −0 .gitignore
  2. +18 −0 README.textile
  3. +2 −0 TODO
  4. 0 django-ncsu/__init__.py
  5. +86 −0 django-ncsu/auth.py
3 .gitignore
@@ -0,0 +1,3 @@
+*.sw*
+*.pyc
+*.pyo
18 README.textile
@@ -0,0 +1,18 @@
+h2. django-ncsu
+
+This project is a Django authentication backend which will attempt to find
+users via NCSU's LDAP servers.
+
+To use, simply put django-ncsu on your Python path and place
+
+ 'django-ncsu.auth.NCSULDAPBackend',
+
+in your
+
+ AUTHENTICATION_BACKENDS
+
+setting in your settings.py, and place 'django-ncsu' in your
+
+ INSTALLED_APPS
+
+setting.
2 TODO
@@ -0,0 +1,2 @@
+* Add access restrictions based on department, student/employee status, etc.
+* Add account staff flagging based on above restrictions.
0 django-ncsu/__init__.py
No changes.
86 django-ncsu/auth.py
@@ -0,0 +1,86 @@
+import ldap
+
+from django.contrib.auth.models import User
+
+"""
+Thanks to the following sources of information for helping me figure this out:
+http://www.carthage.edu/webdev/?p=12 -- django ldap auth backend
+http://www.linuxjournal.com/article/6988 -- python ldap info
+"""
+
+# Constants
+LDAP_SERVER = "ldap.ncsu.edu"
+LDAP_USER = ""
+LDAP_PASS = ""
+
+class NCSULDAPBackend:
+ """
+Put 'django-ncsu.auth.NCSULDAPBackend', in your AUTHENTICATION_BACKENDS setting
+in settings.py.
+ """
+ def authenticate(self, username=None, password=None):
+ base = "dc=ncsu,dc=edu"
+ scope = ldap.SCOPE_SUBTREE
+ filter = "(&(objectClass=ncsuPerson)(uid=%s))" % username
+ ret = ['dn', 'givenName', 'ncsuPrimaryEMail', 'sn']
+
+ # Authenticate base user to search
+ try:
+ l = ldap.open(LDAP_SERVER)
+ l.protocol_version = ldap.VERSION3
+ l.simple_bind_s(LDAP_USER,LDAP_PASS)
+ except ldap.LDAPError:
+ return None
+
+ # Get info from ldap server
+ try:
+ result_id = l.search(base, scope, filter, ret)
+ result_type, result_data = l.result(result_id, 0)
+
+ # if user does not exist, fail
+ if (len(result_data) != 1):
+ return None
+
+ # Bind to user's DN
+ l.simple_bind_s(result_data[0][0], password)
+
+ # Get further user info
+ result_id = l.search(base, scope, filter, ret)
+ result_type, result_data = l.result(result_id, 0)
+ user_info = result_data[0][1]
+
+ # If that didn't throw an exception, the user must have authed
+ # and we can get or create a user object for the user.
+ try:
+ user = User.objects.get(username__exact=username)
+ except:
+ if 'mail' in user_info:
+ email = user_info['mail'][0]
+ else:
+ email = "%s@unity.ncsu.edu" % username
+ if 'givenName' in user_info:
+ firstname = user_info['givenName'][0]
+ else:
+ firstname = ''
+ if 'sn' in user_info:
+ lastname = user_info['sn'][0]
+ else:
+ lastname = ''
+ temp_pass = User.objects.make_random_password(12)
+ user = User.objects.create_user(username, email , temp_pass)
+ user.first_name = firstname
+ user.last_name = lastname
+ user.is_staff = False
+ user.save()
+ # We've created a a user, now we return it to Django.
+ return user
+ except ldap.INVALID_CREDENTIALS:
+ # We couldn't successfully auth against the LDAP server with the
+ # supplied username and password, so we fail.
+ return None
+
+ def get_user(self, user_id):
+ try:
+ return User.objects.get(pk=user_id)
+ except User.DoesNotExist:
+ return None

0 comments on commit 084d86d

Please sign in to comment.
Something went wrong with that request. Please try again.