Changes between Version 12 and Version 13 of MultipleAuthBackends

05/12/2006 03:41:33 PM (9 years ago)
Chris Isbell

I got LDAP auth working using the multi-auth branch, which is nice. Copied contrib.auth.backends and added a few things to contrib.auth.models.


  • MultipleAuthBackends

    v12 v13  
    7272When you call {{{authenticate}}} or {{{get_user}}} on {{{MultiAuthBackend}}}, it will in turn call the same method on each backend in {{{MULTIAUTH_BACKENDS}}} in order.
     74Note: In the multi-auth branch (2892), you need to set AUTHENTICATION_BACKENDS to a tuple, similar to MULTIAUTH_BACKENDS above.  the {{{authenticate}}} method looks for this setting in your file.  I have it working and all I have is:
     80    "django.contrib.auth.copy_of_backends.LDAPBackend",
     84I made a copy of contrib.auth.backends so the svn can update it without overwriting my LDAPBackend class.  Don't know if that is the best way to do it or not, but it works.
     86I also hacked the contrib.auth.models file to change the check_password function to check against our LDAP server, and added a few small functions to check the type of user account.  I know this will break next time I update the source, but I have a copy of that as well.  There is surely a better way, but I'm still learning.
    7588== Writing Backends ==
    87100{{{backend.get_user}}} simply takes a user id and returns the user that matches that id. The user id is not neccessarily numeric, and in most cases it won't be. It could be a username, an email address, whatever. The important part is that it uniquely identifies a user.
     102=== sample LDAPBackend class ===
     104This is located in the contrib/auth/ file.  The two original models are still in the file as well.  I just added this one in the middle.
     109class LDAPBackend:
     110    """
     111    Authenticate against our LDAP Database
     112    """
     113    def authenticate(self, username=None, password=None):
     114        # bind and see if the user exists
     115        if ldap.userExists(username):
     116            # user exists in our LDAP, see if they exist in Django
     117            # if not, add them to django's user database since django relies on that
     118            try:
     119                user = User.objects.get(username=username)
     120                if ldap.check_ldap_password(username, password):
     121                    return user
     122            except User.DoesNotExist:
     123                # get the first name, last name, email from ldap
     124                u = ldap.getUser(username)
     125                # get user attributes here as well, like mail, fname, lname
     126                user = User(username=username, password='getmefromldap')
     127       = mail
     128                user.first_name = fname
     129                user.last_name = lname
     130                user.is_staff = False
     131                user.is_superuser = False
     133                return user
     134        else:
     135            return None
     137    def get_user(self, user_id):
     138        try:
     139            return User.objects.get(pk=user_id)
     140        except User.DoesNotExist:
     141            return None
     144And it worked!  I was able to logon as a user who had no entry in Django, and then it added my entry and away I went.  Pretty nice stuff.
Back to Top