Changes between Version 12 and Version 13 of MultipleAuthBackends


Ignore:
Timestamp:
May 12, 2006, 3:41:33 PM (19 years ago)
Author:
Chris Isbell
Comment:

I got LDAP auth working using the multi-auth branch, which is nice. Copied contrib.auth.backends and added a few things to contrib.auth.models.

Legend:

Unmodified
Added
Removed
Modified

  • MultipleAuthBackends

    v12 v13  
    7272When you call {{{authenticate}}} or {{{get_user}}} on {{{MultiAuthBackend}}}, it will in turn call the same method on each backend in {{{MULTIAUTH_BACKENDS}}} in order.
    7373
     74Note: In the multi-auth branch (2892), you need to set AUTHENTICATION_BACKENDS to a tuple, similar to MULTIAUTH_BACKENDS above.  the {{{authenticate}}} method looks for this setting in your settings.py file.  I have it working and all I have is:
     75
     76{{{
     77#!python
     78
     79AUTHENTICATION_BACKENDS = (
     80    "django.contrib.auth.copy_of_backends.LDAPBackend",
     81)
     82}}}
     83
     84I made a copy of contrib.auth.backends so the svn can update it without overwriting my LDAPBackend class.  Don't know if that is the best way to do it or not, but it works.
     85
     86I also hacked the contrib.auth.models file to change the check_password function to check against our LDAP server, and added a few small functions to check the type of user account.  I know this will break next time I update the source, but I have a copy of that as well.  There is surely a better way, but I'm still learning.
    7487
    7588== Writing Backends ==
     
    87100{{{backend.get_user}}} simply takes a user id and returns the user that matches that id. The user id is not neccessarily numeric, and in most cases it won't be. It could be a username, an email address, whatever. The important part is that it uniquely identifies a user.
    88101
     102=== sample LDAPBackend class ===
    89103
     104This is located in the contrib/auth/copy_of_backends.py file.  The two original models are still in the file as well.  I just added this one in the middle.
    90105
     106{{{
     107#!python
     108
     109class LDAPBackend:
     110    """
     111    Authenticate against our LDAP Database
     112    """
     113    def authenticate(self, username=None, password=None):
     114        # bind and see if the user exists
     115        if ldap.userExists(username):
     116            # user exists in our LDAP, see if they exist in Django
     117            # if not, add them to django's user database since django relies on that
     118            try:
     119                user = User.objects.get(username=username)
     120                if ldap.check_ldap_password(username, password):
     121                    return user
     122            except User.DoesNotExist:
     123                # get the first name, last name, email from ldap
     124                u = ldap.getUser(username)
     125                # get user attributes here as well, like mail, fname, lname
     126                user = User(username=username, password='getmefromldap')
     127                user.email = mail
     128                user.first_name = fname
     129                user.last_name = lname
     130                user.is_staff = False
     131                user.is_superuser = False
     132                user.save()
     133                return user
     134        else:
     135            return None
     136
     137    def get_user(self, user_id):
     138        try:
     139            return User.objects.get(pk=user_id)
     140        except User.DoesNotExist:
     141            return None
     142}}}
     143
     144And it worked!  I was able to logon as a user who had no entry in Django, and then it added my entry and away I went.  Pretty nice stuff.
Back to Top