Code

Changes between Version 12 and Version 13 of MultipleAuthBackends


Ignore:
Timestamp:
05/12/06 13:41:33 (8 years ago)
Author:
Chris Isbell
Comment:

I got LDAP auth working using the multi-auth branch, which is nice. Copied contrib.auth.backends and added a few things to contrib.auth.models.

Legend:

Unmodified
Added
Removed
Modified
  • MultipleAuthBackends

    v12 v13  
    7272When you call {{{authenticate}}} or {{{get_user}}} on {{{MultiAuthBackend}}}, it will in turn call the same method on each backend in {{{MULTIAUTH_BACKENDS}}} in order. 
    7373 
     74Note: In the multi-auth branch (2892), you need to set AUTHENTICATION_BACKENDS to a tuple, similar to MULTIAUTH_BACKENDS above.  the {{{authenticate}}} method looks for this setting in your settings.py file.  I have it working and all I have is: 
     75 
     76{{{ 
     77#!python 
     78 
     79AUTHENTICATION_BACKENDS = ( 
     80    "django.contrib.auth.copy_of_backends.LDAPBackend", 
     81) 
     82}}} 
     83 
     84I made a copy of contrib.auth.backends so the svn can update it without overwriting my LDAPBackend class.  Don't know if that is the best way to do it or not, but it works. 
     85 
     86I also hacked the contrib.auth.models file to change the check_password function to check against our LDAP server, and added a few small functions to check the type of user account.  I know this will break next time I update the source, but I have a copy of that as well.  There is surely a better way, but I'm still learning. 
    7487 
    7588== Writing Backends == 
     
    87100{{{backend.get_user}}} simply takes a user id and returns the user that matches that id. The user id is not neccessarily numeric, and in most cases it won't be. It could be a username, an email address, whatever. The important part is that it uniquely identifies a user. 
    88101 
     102=== sample LDAPBackend class === 
    89103 
     104This is located in the contrib/auth/copy_of_backends.py file.  The two original models are still in the file as well.  I just added this one in the middle. 
    90105 
     106{{{ 
     107#!python 
     108 
     109class LDAPBackend: 
     110    """ 
     111    Authenticate against our LDAP Database 
     112    """ 
     113    def authenticate(self, username=None, password=None): 
     114        # bind and see if the user exists 
     115        if ldap.userExists(username): 
     116            # user exists in our LDAP, see if they exist in Django 
     117            # if not, add them to django's user database since django relies on that 
     118            try: 
     119                user = User.objects.get(username=username) 
     120                if ldap.check_ldap_password(username, password): 
     121                    return user 
     122            except User.DoesNotExist: 
     123                # get the first name, last name, email from ldap 
     124                u = ldap.getUser(username) 
     125                # get user attributes here as well, like mail, fname, lname 
     126                user = User(username=username, password='getmefromldap') 
     127                user.email = mail 
     128                user.first_name = fname 
     129                user.last_name = lname 
     130                user.is_staff = False 
     131                user.is_superuser = False 
     132                user.save() 
     133                return user 
     134        else: 
     135            return None 
     136 
     137    def get_user(self, user_id): 
     138        try: 
     139            return User.objects.get(pk=user_id) 
     140        except User.DoesNotExist: 
     141            return None 
     142}}} 
     143 
     144And it worked!  I was able to logon as a user who had no entry in Django, and then it added my entry and away I went.  Pretty nice stuff.