A-A+
python利用Flask快速搭建LDAP3登录Login环境
Flask LDAP3 Login允许您轻松地将烧瓶应用程序与LDAP目录集成。它可以用作Flask-Login的扩展,甚至可以与Flask-Principal一起用于权限和权限管理。
Flask LDAP3 Login使用ldap3库,与python 3.4和向后保持兼容。
Flask LDAP3登录将:
允许您查询用户的凭据是否正确
查询目录以获取用户详细信息
查询目录以获取组详细信息
查询用户组成员身份的目录
提供可在任何烧瓶请求上下文中使用的上下文ldap_manager.connection对象(ldap3.Connection)。用于编写自己的更高级查询。
Flask LDAP3登录不会:
提供登录/注销机制。你需要提供像flask-login这样的东西
提供应用程序会话的任何扩展。用户跟踪和组跟踪应通过flask-login和flask-principal完成
pip install flask-ldap3-login
基本应用
这是一个使用Flask-Login处理用户会话的基本应用程序。应用程序将用户存储在字典中users。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 | from flask import Flask, url_for from flask_ldap3_login import LDAP3LoginManager from flask_login import LoginManager, login_user, UserMixin, current_user from flask import render_template_string, redirect from flask_ldap3_login.forms import LDAPLoginForm app = Flask(__name__) app.config['SECRET_KEY'] = 'secret' app.config['DEBUG'] = True # Setup LDAP Configuration Variables. Change these to your own settings. # All configuration directives can be found in the documentation. # Hostname of your LDAP Server app.config['LDAP_HOST'] = 'ad.mydomain.com' # Base DN of your directory app.config['LDAP_BASE_DN'] = 'dc=mydomain,dc=com' # Users DN to be prepended to the Base DN app.config['LDAP_USER_DN'] = 'ou=users' # Groups DN to be prepended to the Base DN app.config['LDAP_GROUP_DN'] = 'ou=groups' # The RDN attribute for your user schema on LDAP app.config['LDAP_USER_RDN_ATTR'] = 'cn' # The Attribute you want users to authenticate to LDAP with. app.config['LDAP_USER_LOGIN_ATTR'] = 'mail' # The Username to bind to LDAP with app.config['LDAP_BIND_USER_DN'] = None # The Password to bind to LDAP with app.config['LDAP_BIND_USER_PASSWORD'] = None login_manager = LoginManager(app) # Setup a Flask-Login Manager ldap_manager = LDAP3LoginManager(app) # Setup a LDAP3 Login Manager. # Create a dictionary to store the users in when they authenticate # This example stores users in memory. users = {} # Declare an Object Model for the user, and make it comply with the # flask-login UserMixin mixin. class User(UserMixin): def __init__(self, dn, username, data): self.dn = dn self.username = username self.data = data def __repr__(self): return self.dn def get_id(self): return self.dn # Declare a User Loader for Flask-Login. # Simply returns the User if it exists in our 'database', otherwise # returns None. @login_manager.user_loader def load_user(id): if id in users: return users[id] return None # Declare The User Saver for Flask-Ldap3-Login # This method is called whenever a LDAPLoginForm() successfully validates. # Here you have to save the user, and return it so it can be used in the # login controller. @ldap_manager.save_user def save_user(dn, username, data, memberships): user = User(dn, username, data) users[dn] = user return user # Declare some routes for usage to show the authentication process. @app.route('/') def home(): # Redirect users who are not logged in. if not current_user or current_user.is_anonymous: return redirect(url_for('login')) # User is logged in, so show them a page with their cn and dn. template = """ <h1>Welcome: {{ current_user.data.cn }}</h1> <h2>{{ current_user.dn }}</h2> """ return render_template_string(template) @app.route('/manual_login') def manual_login(): # Instead of using the form, you can alternatively authenticate # using the authenticate method. # This WILL NOT fire the save_user() callback defined above. # You are responsible for saving your users. app.ldap3_login_manager.authenticate('username', 'password') @app.route('/login', methods=['GET', 'POST']) def login(): template = """ {{ get_flashed_messages() }} {{ form.errors }} <form method="POST"> <label>Username{{ form.username() }}</label> <label>Password{{ form.password() }}</label> {{ form.submit() }} {{ form.hidden_tag() }} </form> """ # Instantiate a LDAPLoginForm which has a validator to check if the user # exists in LDAP. form = LDAPLoginForm() if form.validate_on_submit(): # Successfully logged in, We can now access the saved user object # via form.user. login_user(form.user) # Tell flask-login to log them in. return redirect('/') # Send them home return render_template_string(template, form=form) if __name__ == '__main__': app.run() |
基本脚本用法(没有Flask应用程序)
这是一个示例,如果您希望简单地使用该模块,可能用于测试或在其他环境中使用。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | from flask_ldap3_login import LDAP3LoginManager config = dict() # Setup LDAP Configuration Variables. Change these to your own settings. # All configuration directives can be found in the documentation. # Hostname of your LDAP Server config['LDAP_HOST'] = 'ad.mydomain.com' # Base DN of your directory config['LDAP_BASE_DN'] = 'dc=mydomain,dc=com' # Users DN to be prepended to the Base DN config['LDAP_USER_DN'] = 'ou=users' # Groups DN to be prepended to the Base DN config['LDAP_GROUP_DN'] = 'ou=groups' # The RDN attribute for your user schema on LDAP config['LDAP_USER_RDN_ATTR'] = 'cn' # The Attribute you want users to authenticate to LDAP with. config['LDAP_USER_LOGIN_ATTR'] = 'mail' # The Username to bind to LDAP with config['LDAP_BIND_USER_DN'] = None # The Password to bind to LDAP with config['LDAP_BIND_USER_PASSWORD'] = None # Setup a LDAP3 Login Manager. ldap_manager = LDAP3LoginManager() # Init the mamager with the config since we aren't using an app ldap_manager.init_config(config) # Check if the credentials are correct response = ldap_manager.authenticate('username', 'password') print(response.status) |
自定义TLS上下文
这是一个示例,演示如何初始化自定义TLS上下文,以保护模块与安全LDAP(LDAPS服务器)之间的通信。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 | from flask_ldap3_login import LDAP3LoginManager from ldap3 import Tls import ssl config = dict() # Setup LDAP Configuration Variables. Change these to your own settings. # All configuration directives can be found in the documentation. # Hostname of your LDAP Server config['LDAP_HOST'] = 'ad.mydomain.com' # Port number of your LDAP server config['LDAP_PORT'] = 636 # Base DN of your directory config['LDAP_BASE_DN'] = 'dc=mydomain,dc=com' # Users DN to be prepended to the Base DN config['LDAP_USER_DN'] = 'ou=users' # Groups DN to be prepended to the Base DN config['LDAP_GROUP_DN'] = 'ou=groups' # The RDN attribute for your user schema on LDAP config['LDAP_USER_RDN_ATTR'] = 'cn' # The Attribute you want users to authenticate to LDAP with. config['LDAP_USER_LOGIN_ATTR'] = 'mail' # The Username to bind to LDAP with config['LDAP_BIND_USER_DN'] = None # The Password to bind to LDAP with config['LDAP_BIND_USER_PASSWORD'] = None # Specify the server connection should use SSL config['LDAP_USE_SSL'] = True # Instruct Flask-LDAP3-Login to not automatically add the server config['LDAP_ADD_SERVER'] = False # Setup a LDAP3 Login Manager. ldap_manager = LDAP3LoginManager() # Init the mamager with the config since we aren't using an app ldap_manager.init_config(config) # Initialize a `Tls` context, and add the server manually. See # http://ldap3.readthedocs.io/ssltls.html for more information. tls_ctx = Tls( validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1, ca_certs_file='/path/to/cacerts', valid_names=[ 'ad.mydomain.com', ] ) ldap_manager.add_server( config.get('LDAP_HOST'), config.get('LDAP_PORT'), config.get('LDAP_USE_SSL'), tls_ctx=tls_ctx ) # Check if the credentials are correct response = ldap_manager.authenticate('username', 'password') print(response.status) |
文章来源:https://flask-ldap3-login.readthedocs.io/en/latest/quick_start.html
布施恩德可便相知重
微信扫一扫打赏
支付宝扫一扫打赏