A-A+

python利用Flask快速搭建LDAP3登录Login环境

2019年03月20日 17:49 汪洋大海 暂无评论 阅读 1,532 views 次

Flask LDAP3 Login允许您轻松地将烧瓶应用程序与LDAP目录集成。它可以用作Flask-Login的扩展,甚至可以与Flask-Principal一起用于权限和权限管理。

Flask LDAP3 Login使用ldap3库,与python 3.4和向后保持兼容。

Flask LDAP3登录将:
允许您查询用户的凭据是否正确
查询目录以获取用户详细信息
查询目录以获取组详细信息
查询用户组成员身份的目录
提供可在任何烧瓶请求上下文中使用的上下文ldap_manager.connection对象(ldap3.Connection)。用于编写自己的更高级查询。
Flask LDAP3登录不会:
提供登录/注销机制。你需要提供像flask-login这样的东西
提供应用程序会话的任何扩展。用户跟踪和组跟踪应通过flask-login和flask-principal完成

pip install flask-ldap3-login

基本应用
这是一个使用Flask-Login处理用户会话的基本应用程序。应用程序将用户存储在字典中users。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
from flask import Flask, url_for
from flask_ldap3_login import LDAP3LoginManager
from flask_login import LoginManager, login_user, UserMixin, current_user
from flask import render_template_string, redirect
from flask_ldap3_login.forms import LDAPLoginForm
 
app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret'
app.config['DEBUG'] = True
 
# Setup LDAP Configuration Variables. Change these to your own settings.
# All configuration directives can be found in the documentation.
 
# Hostname of your LDAP Server
app.config['LDAP_HOST'] = 'ad.mydomain.com'
 
# Base DN of your directory
app.config['LDAP_BASE_DN'] = 'dc=mydomain,dc=com'
 
# Users DN to be prepended to the Base DN
app.config['LDAP_USER_DN'] = 'ou=users'
 
# Groups DN to be prepended to the Base DN
app.config['LDAP_GROUP_DN'] = 'ou=groups'
 
# The RDN attribute for your user schema on LDAP
app.config['LDAP_USER_RDN_ATTR'] = 'cn'
 
# The Attribute you want users to authenticate to LDAP with.
app.config['LDAP_USER_LOGIN_ATTR'] = 'mail'
 
# The Username to bind to LDAP with
app.config['LDAP_BIND_USER_DN'] = None
 
# The Password to bind to LDAP with
app.config['LDAP_BIND_USER_PASSWORD'] = None
 
login_manager = LoginManager(app)              # Setup a Flask-Login Manager
ldap_manager = LDAP3LoginManager(app)          # Setup a LDAP3 Login Manager.
 
# Create a dictionary to store the users in when they authenticate
# This example stores users in memory.
users = {}
 
 
# Declare an Object Model for the user, and make it comply with the
# flask-login UserMixin mixin.
class User(UserMixin):
    def __init__(self, dn, username, data):
        self.dn = dn
        self.username = username
        self.data = data
 
    def __repr__(self):
        return self.dn
 
    def get_id(self):
        return self.dn
 
 
# Declare a User Loader for Flask-Login.
# Simply returns the User if it exists in our 'database', otherwise
# returns None.
@login_manager.user_loader
def load_user(id):
    if id in users:
        return users[id]
    return None
 
 
# Declare The User Saver for Flask-Ldap3-Login
# This method is called whenever a LDAPLoginForm() successfully validates.
# Here you have to save the user, and return it so it can be used in the
# login controller.
@ldap_manager.save_user
def save_user(dn, username, data, memberships):
    user = User(dn, username, data)
    users[dn] = user
    return user
 
 
# Declare some routes for usage to show the authentication process.
@app.route('/')
def home():
    # Redirect users who are not logged in.
    if not current_user or current_user.is_anonymous:
        return redirect(url_for('login'))
 
    # User is logged in, so show them a page with their cn and dn.
    template = """
    <h1>Welcome: {{ current_user.data.cn }}</h1>
    <h2>{{ current_user.dn }}</h2>
    """
 
    return render_template_string(template)
 
 
@app.route('/manual_login')
def manual_login():
    # Instead of using the form, you can alternatively authenticate
    # using the authenticate method.
    # This WILL NOT fire the save_user() callback defined above.
    # You are responsible for saving your users.
    app.ldap3_login_manager.authenticate('username', 'password')
 
 
@app.route('/login', methods=['GET', 'POST'])
def login():
    template = """
    {{ get_flashed_messages() }}
    {{ form.errors }}
    <form method="POST">
        <label>Username{{ form.username() }}</label>
        <label>Password{{ form.password() }}</label>
        {{ form.submit() }}
        {{ form.hidden_tag() }}
    </form>
    """
 
    # Instantiate a LDAPLoginForm which has a validator to check if the user
    # exists in LDAP.
    form = LDAPLoginForm()
 
    if form.validate_on_submit():
        # Successfully logged in, We can now access the saved user object
        # via form.user.
        login_user(form.user)  # Tell flask-login to log them in.
        return redirect('/')  # Send them home
 
    return render_template_string(template, form=form)
 
 
if __name__ == '__main__':
    app.run()

基本脚本用法(没有Flask应用程序)
这是一个示例,如果您希望简单地使用该模块,可能用于测试或在其他环境中使用。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
from flask_ldap3_login import LDAP3LoginManager
 
config = dict()
 
# Setup LDAP Configuration Variables. Change these to your own settings.
# All configuration directives can be found in the documentation.
 
# Hostname of your LDAP Server
config['LDAP_HOST'] = 'ad.mydomain.com'
 
# Base DN of your directory
config['LDAP_BASE_DN'] = 'dc=mydomain,dc=com'
 
# Users DN to be prepended to the Base DN
config['LDAP_USER_DN'] = 'ou=users'
 
# Groups DN to be prepended to the Base DN
config['LDAP_GROUP_DN'] = 'ou=groups'
 
 
# The RDN attribute for your user schema on LDAP
config['LDAP_USER_RDN_ATTR'] = 'cn'
 
# The Attribute you want users to authenticate to LDAP with.
config['LDAP_USER_LOGIN_ATTR'] = 'mail'
 
# The Username to bind to LDAP with
config['LDAP_BIND_USER_DN'] = None
 
# The Password to bind to LDAP with
config['LDAP_BIND_USER_PASSWORD'] = None
 
# Setup a LDAP3 Login Manager.
ldap_manager = LDAP3LoginManager()
 
# Init the mamager with the config since we aren't using an app
ldap_manager.init_config(config)
 
# Check if the credentials are correct
response = ldap_manager.authenticate('username', 'password')
print(response.status)

自定义TLS上下文
这是一个示例,演示如何初始化自定义TLS上下文,以保护模块与安全LDAP(LDAPS服务器)之间的通信。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
from flask_ldap3_login import LDAP3LoginManager
from ldap3 import Tls
import ssl
 
config = dict()
 
# Setup LDAP Configuration Variables. Change these to your own settings.
# All configuration directives can be found in the documentation.
 
# Hostname of your LDAP Server
config['LDAP_HOST'] = 'ad.mydomain.com'
 
# Port number of your LDAP server
config['LDAP_PORT'] = 636
 
# Base DN of your directory
config['LDAP_BASE_DN'] = 'dc=mydomain,dc=com'
 
# Users DN to be prepended to the Base DN
config['LDAP_USER_DN'] = 'ou=users'
 
# Groups DN to be prepended to the Base DN
config['LDAP_GROUP_DN'] = 'ou=groups'
 
 
# The RDN attribute for your user schema on LDAP
config['LDAP_USER_RDN_ATTR'] = 'cn'
 
# The Attribute you want users to authenticate to LDAP with.
config['LDAP_USER_LOGIN_ATTR'] = 'mail'
 
# The Username to bind to LDAP with
config['LDAP_BIND_USER_DN'] = None
 
# The Password to bind to LDAP with
config['LDAP_BIND_USER_PASSWORD'] = None
 
# Specify the server connection should use SSL
config['LDAP_USE_SSL'] = True
 
# Instruct Flask-LDAP3-Login to not automatically add the server
config['LDAP_ADD_SERVER'] = False
 
# Setup a LDAP3 Login Manager.
ldap_manager = LDAP3LoginManager()
 
# Init the mamager with the config since we aren't using an app
ldap_manager.init_config(config)
 
 
# Initialize a `Tls` context, and add the server manually. See
# http://ldap3.readthedocs.io/ssltls.html for more information.
tls_ctx = Tls(
    validate=ssl.CERT_REQUIRED,
    version=ssl.PROTOCOL_TLSv1,
    ca_certs_file='/path/to/cacerts',
    valid_names=[
        'ad.mydomain.com',
    ]
)
 
ldap_manager.add_server(
    config.get('LDAP_HOST'),
    config.get('LDAP_PORT'),
    config.get('LDAP_USE_SSL'),
    tls_ctx=tls_ctx
)
 
# Check if the credentials are correct
response = ldap_manager.authenticate('username', 'password')
print(response.status)

文章来源:https://flask-ldap3-login.readthedocs.io/en/latest/quick_start.html

布施恩德可便相知重

微信扫一扫打赏

支付宝扫一扫打赏

×
标签:

给我留言