Flask-LDAP3-Login-如何基于组成员身份进行身份验证
[英]Flask-LDAP3-Login - How to authenticate based on group membership
问题描述
I'm new to Flask and i'm trying out Flask-LDAP3-Login. 
我是Flask的新手,正在尝试Flask-LDAP3-Login。
I've followed the documentation here and i have it working which is great: 我已经按照此处的文档进行操作,效果很好:
https://flask-ldap3-login.readthedocs.io/en/latest/index.html https://flask-ldap3-login.readthedocs.io/en/latest/index.html
How would i go about authenticating a user based on whether they are a member of a specific group? 如何根据用户是否是特定组的成员来对用户进行身份验证? I see the docs mention group filtering but i'm not sure how to put it all together. 我看到文档中提到了组过滤,但是我不确定如何将它们放在一起。
Thanks! 谢谢!
2 个解决方案
解决方案1
1 已采纳 2019-02-02 08:30:08
If anyone is curious, i solved this myself doing the following: 如果有人好奇,我可以通过以下操作自己解决:
First, i integrated flask-ldap3-login with Flask-SQLAlchemy using steps here - https://github.com/nickw444/flask-ldap3-login/issues/26 首先,我使用此处的步骤将Flask-ldap3-login与Flask-SQLAlchemy集成在一起-https: //github.com/nickw444/flask-ldap3-login/issues/26
My save user method now looks like this: 我的保存用户方法现在如下所示:
@ldap_manager.save_user
def save_user(dn, username, data, memberships):
id=int(data.get("uidNumber"))
if 'group-goes-here' in data.get("memberOf"):
user=User.query.filter_by(id=id).first()
if not user:
user=User(
id=int(id),
dn=dn,
username=username,
email=data['mail'],
firstname=data['givenName'],
lastname=data['sn']
)
db.session.add(user)
db.session.commit()
return user
So basically provided the user enters valid LDAP credentials it goes to AD to retrieve their group memberships and its a simple if 'group-goes-here' in data.get("memberOf"): determines whether to save the user in my User model and return it back to the handler. 因此,基本上,只要用户输入了有效的LDAP凭据,它就会进入AD来检索其组成员身份,并在data.get(“ memberOf”)中添加一个简单的if'group-goes-here':确定是否将用户保存在我的User模型中并将其返回给处理程序。
@auth.route('/login', methods=['GET', 'POST'])
def login():
# Redirect users who are not logged in.
form = LDAPLoginForm()
if form.validate_on_submit():
if form.user:
login_user(form.user)
else:
flash('Login Failed', 'warning')
return redirect(url_for('auth.login'))
return redirect(url_for('main.home'))
Hope this helps! 希望这可以帮助!
解决方案2
-1 2018-11-16 17:22:14
Do you have a ldap server ? 您有ldap服务器吗? if not go to https://www.openldap.org/ and follow instructions on how to install openldap server if you prefer a docker container then go here https://github.com/osixia/docker-openldap and follow steps to get the container up and running then go here https://ldap3.readthedocs.io/tutorial.html 如果不喜欢,请转到https://www.openldap.org/并按照有关如何安装openldap服务器的说明进行操作(如果您更喜欢Docker容器),然后请转到https://github.com/osixia/docker-openldap并按照以下步骤进行操作容器启动并运行,然后转到此处https://ldap3.readthedocs.io/tutorial.html
pip install ldap3 on the machine which has your python env or another python container (same bridge network as your ldap container) 在装有python env或另一个python容器(与ldap容器相同的网桥网络)的机器上pip安装ldap3
open python console and type the following commands 打开python控制台并键入以下命令
>>> from ldap3 import Server, Connection, ALL
>>> server = Server('ipa.demo1.freeipa.org')
>>> conn = Connection(server)
>>> conn.bind()
True
first with this free ldap server ipa.demo1.freeipa.org and then with your own ldap server ip address 首先使用此免费的ldap服务器ipa.demo1.freeipa.org,然后使用您自己的ldap服务器ip地址
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.