堆栈内存溢出
  简体   繁体   English

python-ldap:我应该使用哪种编码来针对Microsoft AD检查密码?

[英]python-ldap: what encoding should I use to check password against Microsoft AD?

 原文  2014-08-12 09:53:42       python/ active-directory/ ldap

问题描述

I have a django application for which i wrote an ActiveDirectoryAuthBackend , based on this snippet (it uses python-ldap). 我有一个django应用程序,我根据此代码段为其编写了ActiveDirectoryAuthBackend (它使用python-ldap)。

It works fine most of the time. 大多数情况下,它都能正常工作。

Now it happens that some users have non-ASCII characters in their domain passwords, which leads to authentication failure, because of an encoding coercion going bad in the simple_bind_s(username, password) function. 现在,由于某些用户在simple_bind_s(username, password)函数中的编码强制性simple_bind_s(username, password) ,因此某些用户的域密码中包含非ASCII字符,这会导致身份验证失败。

Actually, the password value that django passes is a unicode. 实际上,django传递的密码值是unicode。 So I guess I would need to encode this unicode before passing it to simple_bind_s , thus avoiding a failing default encoding translation. 因此,我想我需要对该unicode进行编码,然后再将其传递给simple_bind_s ,从而避免默认编码转换失败。

But I have no clue as for what encoding to use. 但是我不知道使用什么编码。 The password server is a Microsoft Active Directory. 密码服务器是Microsoft Active Directory。

Any idea? 任何想法?

Cheers. 干杯。

O. O.

1 个解决方案

解决方案1
 2 已采纳  2014-08-13 09:07:33

After some tests and reading users' CN containing non ASCII characters, I've found that the most probable encoding for my domain is "latin-1". 经过一些测试并读取了包含非ASCII字符的用户CN,我发现我域中最可能的编码是“ latin-1”。

A good way to check credentials would look like: 一种检查凭据的好方法如下所示: 

class ActiveDirectoryAuthBackend(backends.ModelBackend):
    def authenticate(self, username=None, password=''):
        try:
            from django.contrib.auth.model import User
            user = User.objects.get(username=username):
        except User.DoesNotExist:
            return None

        from django.conf import settings
        import ldap
        con = ldap.initialize('ldap://{0}'.format(settings.get('LDAP_SERVER', None)))
        con.set_option(ldap.OPT_REFERRALS, 0)

        try:
            con.simple_bind_s(username, password.encode('latin1'))
            return user
        exceot ldap.INVALID_CREDENTIALS:
            return None

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用python-ldap更改密码 - change password with python-ldap 是否可以使用python-ldap获取用户密码? - Is it possible to use python-ldap get user's password? 使用 python-ldap 添加 AD 组 - Adding AD group with python-ldap 我无法安装 python-ldap - I can't install python-ldap 使用 python-ldap 在 AD 中搜索已删除的用户/组 - Search deleted users/groups in AD with python-ldap Python-ldap绑定 - Python-ldap bind python-ldap和Microsoft Active Directory:连接并删除用户 - python-ldap and Microsoft Active Directory: connect and delete user Python-ldap:是否可以在不显式编写密码的情况下进行绑定? - Python-ldap: is it possible to bind without explicitly writing the password? 使用python-ldap将python连接到ldap服务器:获取'desc':'无效凭据'虽然用户名和密码有效 - Connecting python to ldap server using python-ldap: getting 'desc': 'Invalid credentials' though username and password are valid 如何使用python-ldap修改openldap的配置DIT? - How to use python-ldap to modify configuration DIT of openldap?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM