[英]Python ldap3 authenticate using mail or user id
I am using the ldap3 library ( https://ldap3.readthedocs.io/en/latest/ ) with Python and authenticating against LDAP我将 ldap3 库 ( https://ldap3.readthedocs.io/en/latest/ ) 与 Python 一起使用并针对 LDAP 进行身份验证
conn = Connection(server, user='CN=person,OU=Service Accounts,DC=mydc,DC=mydomain,DC=co,DC=uk', password='Password123', auto_bind=True)
The below works but only because I know the person
value.下面的工作,但只是因为我知道
person
的价值。 How would I set this up so someone can authenticate using their mail
or user ID eg forename.surname
我将如何设置它以便某人可以使用他们的
mail
或用户 ID 进行身份验证,例如forename.surname
At the moment they would need to use the dn
form which of course no user will ever be likely to know目前他们需要使用
dn
形式,当然没有用户可能知道
Thanks谢谢
Using this page https://ldap3.readthedocs.io/en/latest/tutorial_intro.html#logging-into-the-server使用此页面https://ldap3.readthedocs.io/en/latest/tutorial_intro.html#logging-into-the-server
I got the following to work我得到以下工作
from ldap3 import Server, Connection, ALL, NTLM
server = Server('ldap://my_ldap_server', get_info='ALL')
conn = Connection(server, user="mydomain\\user", password='Password123', authentication=NTLM)
conn.bind()
authenticated = conn.bound
print(authenticated)
conn.unbind()
At the moment they would need to use the dn form which of course no user will ever be likely to know
目前他们需要使用 dn 形式,当然没有用户可能知道
With standard LDAP directories, you're supposed to bind with the application's own account first, then perform a search for some attribute as the username (eg search Active Directory for sAMAccountName=theuser
), and finally use the found entry's DN as the actual bind DN for password verification.对于标准的 LDAP 目录,您应该首先绑定应用程序自己的帐户,然后搜索某个属性作为用户名(例如,在 Active Directory 中搜索
sAMAccountName=theuser
),最后使用找到的条目的 DN 作为实际绑定用于密码验证的 DN。
For Active Directory in particular, you can directly specify either the UPN theuser@ad.example.com
or the legacy SAM account name EXAMPLE\theuser
in place of the bind DN.特别是对于 Active Directory,您可以直接指定 UPN
theuser@ad.example.com
或旧版 SAM 帐户名称EXAMPLE\theuser
来代替绑定 DN。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.