使用 django_auth_ldap 检查多个组织单位 (ou)
我们的 ldap 的设置使我们有多个不同的组织单位 (ou)。我目前有一个 django 项目,使用 django_auth_ldap 连接到我们的 ldap 服务器,以便人们可以使用他们的 ldap 凭据登录。然而,当我需要它与多个 ou 一起工作时,我只能让它为一个 ou 工作。我目前已将其设置为这样,
import ldap
from django_auth_ldap.config import LDAPSearch
AUTH_LDAP_SERVER_URI = "ldap://ldap.example.net"
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=people_1,dc=example,dc=net",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName",
"last_name": "sn",
"email": "email",
}
这可以从 people_1 组中获取人员。我如何设置它,以便它也可以从另一个容器(例如 people_2)中进行选择?我尝试过添加“ou=people_1,ou=people_2”,但这似乎不起作用。我对 ldap 的理解还很陌生,所以如果这实际上可能是一些微不足道的问题需要修复并且只是没有正确搜索以找到答案,我深表歉意。我花了一段时间才让 django_auth_ldap 为我工作(当我这样做时我非常高兴!)。
Our ldap is set up so that we have multiple different organizational units (ou). I currently have a django project using django_auth_ldap to connect to our ldap server so people can login with their ldap credentials. However I can only get it to work for one ou when I need it to work with multiple ones. I currently have it set up as thus
import ldap
from django_auth_ldap.config import LDAPSearch
AUTH_LDAP_SERVER_URI = "ldap://ldap.example.net"
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=people_1,dc=example,dc=net",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName",
"last_name": "sn",
"email": "email",
}
This works to get people from the people_1 group. How can I set it up so that it will also select from another container such as people_2? I have tried just adding "ou=people_1,ou=people_2" which doesn't seem to work. I am still fairly new to understanding ldap so I apologize if this may be in fact something trivial to fix and just haven't been searching properly to find the answer. Took me awhile to just get django_auth_ldap just to work for me (extremely happy when I did!).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
将基础对象更改为
dc=example,dc=net:则您指定的subtree搜索范围将搜索dc=example,dc=下的所有子树网。有关 LDAP 搜索请求和响应操作的更多信息,请参阅我的博客文章 "使用ldap 搜索”。尽管示例使用命令行工具,但这些概念将为您提供帮助。另外,作为良好的编程实践,您应该提供 大小限制 和时间限制。这些参数的默认值根据您的 API 的不同而有所不同,并且可能不适合您的需求。
Change the base object to
dc=example,dc=net: then the search scope ofsubtreeyou have specified will search all subtrees underdc=example,dc=net. For more information about the LDAP search request and response operations, see my blog entry "Using ldapsearch". Even though the examples use command-line tools, the concepts will assist you.Also, as a good programming practice, you should supply a size limit and a time limit. The defaults for these parameters differ based on your API and may not suit your needs.