stackoom
  简体   繁体   中英

Flask-LDAP3-Login - How to authenticate based on group membership

 原文  2018-11-16 17:11:54       python/ flask/ ldap/ ldap3

Question

I'm new to Flask and i'm trying out Flask-LDAP3-Login.

I've followed the documentation here and i have it working which is great:

https://flask-ldap3-login.readthedocs.io/en/latest/index.html

How would i go about authenticating a user based on whether they are a member of a specific group? I see the docs mention group filtering but i'm not sure how to put it all together.

Thanks!

2 answers

solution1
 1 ACCPTED  2019-02-02 08:30:08

If anyone is curious, i solved this myself doing the following:

First, i integrated flask-ldap3-login with Flask-SQLAlchemy using steps here - https://github.com/nickw444/flask-ldap3-login/issues/26

My save user method now looks like this: 

@ldap_manager.save_user
def save_user(dn, username, data, memberships):
    id=int(data.get("uidNumber"))
    if 'group-goes-here' in data.get("memberOf"):
        user=User.query.filter_by(id=id).first()
        if not user:
            user=User(
                id=int(id),
                dn=dn,
                username=username,
                email=data['mail'],
                firstname=data['givenName'],
                lastname=data['sn']
            )
            db.session.add(user)
            db.session.commit()

        return user

So basically provided the user enters valid LDAP credentials it goes to AD to retrieve their group memberships and its a simple if 'group-goes-here' in data.get("memberOf"): determines whether to save the user in my User model and return it back to the handler. 

@auth.route('/login', methods=['GET', 'POST'])
def login():
    # Redirect users who are not logged in.
    form = LDAPLoginForm()
    if form.validate_on_submit():
        if form.user:
            login_user(form.user)
        else:
            flash('Login Failed', 'warning')
            return redirect(url_for('auth.login'))
        return redirect(url_for('main.home'))

Hope this helps!

solution2
 -1  2018-11-16 17:22:14

Do you have a ldap server ? if not go to https://www.openldap.org/ and follow instructions on how to install openldap server if you prefer a docker container then go here https://github.com/osixia/docker-openldap and follow steps to get the container up and running then go here https://ldap3.readthedocs.io/tutorial.html

pip install ldap3 on the machine which has your python env or another python container (same bridge network as your ldap container)

open python console and type the following commands 

>>> from ldap3 import Server, Connection, ALL
>>> server = Server('ipa.demo1.freeipa.org')
>>> conn = Connection(server)
>>> conn.bind()
True

first with this free ldap server ipa.demo1.freeipa.org and then with your own ldap server ip address

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get LDAP group based on login username in Django Flask-login and LDAP LDAP-login FLASK Flask-login and LDAP authentification Flask ldap3 issue with login Flask Authentication with LDAP using flask_ldap3_login No module named 'flask_ldap3_login' How to Authenticate with LDAP in R Shiny App How to safely authenticate a user using LDAP? HOW-TO: LDAP bind+authenticate using python-ldap
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM