| 8 | | ---- |
| 9 | | |
| 10 | | Start: Added by a relative newbie on May 12, 2006 |
| 11 | | |
| 12 | | Note: In the multi-auth branch (2892), you need to set AUTHENTICATION_BACKENDS to a tuple, similar to MULTIAUTH_BACKENDS above. the {{{authenticate}}} method looks for this setting in your settings.py file. I have it working and all I have is: |
| 13 | | |
| 14 | | {{{ |
| 15 | | #!python |
| 16 | | |
| 17 | | AUTHENTICATION_BACKENDS = ( |
| 18 | | "django.contrib.auth.copy_of_backends.LDAPBackend", |
| 19 | | ) |
| 20 | | }}} |
| 21 | | |
| 22 | | I made a copy of contrib.auth.backends so the svn can update it without overwriting my LDAPBackend class. Don't know if that is the best way to do it or not, but it works. |
| 23 | | |
| 24 | | ''I recommend you put it someplace like {{{myapp.auth.LDAPBackend}}}. Maintianing patches to Django is going to be a PITA. --Joseph Kocherhans'' |
| 25 | | |
| 26 | | I also hacked the contrib.auth.models file to change the check_password function to check against our LDAP server, and added a few small functions to check the type of user account. I know this will break next time I update the source, but I have a copy of that as well. There is surely a better way, but I'm still learning. |
| 27 | | |
| 28 | | ''You shouldn't have to hack the {{{check_password}}} function at all. It isn't called directly by Django's views anymore... only indirectly via {{{django.contrib.auth.backends.ModelBacked}}}, which you aren't using. -Joseph Kocherhans'' |
| 29 | | |
| 30 | | End of newbie addition |
| 31 | | |
| 32 | | ---- |
| 36 | | From the same newbie as above on May 12, 2006 |
| 37 | | |
| 38 | | This is located in the contrib/auth/copy_of_backends.py file. The two original models are still in the file as well. I just added this one in the middle. |
| 39 | | |
| 40 | | {{{ |
| 41 | | #!python |
| 42 | | |
| 43 | | class LDAPBackend: |
| 44 | | """ |
| 45 | | Authenticate against our LDAP Database |
| 46 | | """ |
| 47 | | def authenticate(self, username=None, password=None): |
| 48 | | # bind and see if the user exists |
| 49 | | if ldap.userExists(username): |
| 50 | | # user exists in our LDAP, see if they exist in Django |
| 51 | | # if not, add them to django's user database since django relies on that |
| 52 | | try: |
| 53 | | user = User.objects.get(username=username) |
| 54 | | if ldap.check_ldap_password(username, password): |
| 55 | | return user |
| 56 | | except User.DoesNotExist: |
| 57 | | # get the first name, last name, email from ldap |
| 58 | | u = ldap.getUser(username) |
| 59 | | # get user attributes here as well, like mail, fname, lname |
| 60 | | user = User(username=username, password='getmefromldap') |
| 61 | | user.email = mail |
| 62 | | user.first_name = fname |
| 63 | | user.last_name = lname |
| 64 | | user.is_staff = False |
| 65 | | user.is_superuser = False |
| 66 | | user.save() |
| 67 | | return user |
| 68 | | else: |
| 69 | | return None |
| 70 | | |
| 71 | | def get_user(self, user_id): |
| 72 | | try: |
| 73 | | return User.objects.get(pk=user_id) |
| 74 | | except User.DoesNotExist: |
| 75 | | return None |
| 76 | | }}} |
| 77 | | |
| 78 | | And it worked! I was able to logon as a user who had no entry in Django, and then it added my entry and away I went. Pretty nice stuff. |
| | 11 | See #2507 |