将 LDAP 用户导入 django 数据库
我想将 ActiveDirectory 数据库的用户导入 Django。为此,我尝试使用 django_auth_ldap 模块。
这是我已经尝试过的:
在我的settings.py中:
AUTH_LDAP_SERVER_URI = "ldap://example.fr"
AUTH_LDAP_BIND_DN = 'cn=a_user,dc=example,dc=fr'
AUTH_LDAP_BIND_PASSWORD=''
AUTH_LDAP_USER_SEARCH = LDAPSearch('ou=users,dc=example,dc=fr', ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch('ou=groups,dc=example,dc=fr', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)')
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
#Populate the Django user from the LDAP directory
AUTH_LDAP_USER_ATTR_MAP = {
'first_name': 'sAMAccountName',
'last_name': 'displayName',
'email': 'mail'
}
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
然后我调用python manage.pysyncdb但没有结果。没有警告,没有错误,auth_user 表中没有任何更新。有什么明显我忘记做的事情吗?
I want to import the users of a ActiveDirectory database into Django. To this end I'm trying to use the django_auth_ldap module.
Here is what I tried already :
in my settings.py :
AUTH_LDAP_SERVER_URI = "ldap://example.fr"
AUTH_LDAP_BIND_DN = 'cn=a_user,dc=example,dc=fr'
AUTH_LDAP_BIND_PASSWORD=''
AUTH_LDAP_USER_SEARCH = LDAPSearch('ou=users,dc=example,dc=fr', ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch('ou=groups,dc=example,dc=fr', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)')
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
#Populate the Django user from the LDAP directory
AUTH_LDAP_USER_ATTR_MAP = {
'first_name': 'sAMAccountName',
'last_name': 'displayName',
'email': 'mail'
}
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
Then I call python manage.py syncdb with no result. No warning, no error, nothing updataed in the auth_user table. Is there something obvious I forgot to do ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
查看
django_auth_ldap的文档,似乎该模块实际上并没有遍历 LDAP 用户并将其加载到数据库中。相反,它根据 LDAP 对用户进行身份验证,然后使用用户登录时从 LDAP 获取的信息在auth_users中添加或更新用户。如果您想用 Active Directory 中的所有用户预先填充数据库,那么您似乎需要编写一个直接查询 AD 并插入用户的脚本。
像这样的事情应该可以帮助您开始:
我已将数据库更新留给您,因为我没有有关您的设置的任何信息。
如果您需要有关 LDAP 查询的更多信息,请查看 Stackoverflow 上的 LDAP 问题 - 我还发现 这篇文章是一个帮助。
Looking at the documentation for
django_auth_ldapit appears that the module doesn't actually walk through LDAP users and load them into the database. Instead, it authenticates a user against LDAP, and then adds or updates them inauth_userswith the information it gets from LDAP when the user logs in.If you want to pre-populate the database with all of the users in Active Directory then it looks like you'll need to write a script that queries AD directly and insert the users.
Something like this should get you started:
I have left the database update to you, since I don't have any information about your setup.
If you need more information about LDAP queries, check out the LDAP questions here on Stackoverflow -- and I also found this article to be a help.
我想说你真的不想在这里使用 django_auth_ldap ,因为这只是在登录时按需创建用户(正如其他人指出的那样)。相反,您可以只使用原始 python_ldap 模块来执行原始 LDAP 查询:
然后迭代结果以将它们填充到您的模型中。
I'd say that you really don't want to use the django_auth_ldap here, since that just creates users on demand as they log in (as others have noted). Instead, you can just use the raw python_ldap module to do a raw LDAP query:
And then iterate over the results to stuff them into your model.
我需要做类似的事情,并发现 LDAPBackend.populate_user(user_name) API 很有用。
鉴于每个调用都会发出 LDAP 查询和一堆数据库选择/更新/插入查询,这更适合获取或创建临时用户(用于伪装成他们/检查应用程序如何查找他们),而不是批量创建它们。
I needed to do something similar, and found the LDAPBackend.populate_user(user_name) API useful.
Given each call is going to issue LDAP queries and a bunch of DB select/ updated/ insert queries, this is more suited to getting or creating occasional users (for masquerading as them/ check how the app looks for them) rather than bulk creating them.