-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.py
58 lines (51 loc) · 2.1 KB
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# -*- coding: utf-8 -*-
from django.contrib.auth.models import User
from django.conf import settings
import ldap
class LDAPBackend(object):
"""A simple LDAP authentication backend, inspired by brutasse"""
def authenticate(self, username=None, password=None):
if not self.is_valid(username, password):
return None
try:
user = User.objects.get(username=username)
return user
except User.DoesNotExist:
l = ldap.initialize(settings.LDAP_SERVER)
dn = 'uid=%s,ou=people,dc=emse,dc=fr' % username
# ldap search result is an array containing one cell, where a tuple
# is stored. Interesting element in the tuple is the second one,
# which is a dictionary.
ldap_result = l.search_s(dn, ldap.SCOPE_BASE,
'objectClass=*',\
['givenName', 'initials', 'mail'])[0][1]
# every item of the dictionary is enclosed in an array of one cell
mail = ldap_result['mail'][0]
user = User.objects.create_user(username,
ldap_result['mail'][0],
password=password)
user.first_name = ldap_result['givenName'][0]
user.last_name = ldap_result['initials'][0].capitalize()
user.save()
l.unbind_s()
return user
def is_valid(self, username, password):
if password is None or password == '':
return False
try:
l = ldap.initialize(settings.LDAP_SERVER) # ldap://localhost
dn = 'uid=%s,ou=people,dc=emse,dc=fr' % username
try:
password = password.decode('utf-8')
except UnicodeEncodeError:
pass
l.simple_bind_s(dn, password)
l.unbind_s()
return True
except ldap.LDAPError as e:
return False
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None