在Django中修改Active Directory用户

  • Z时代
  • 2024-01-10
  • 分类:问答

所以我试图修改我的活动目录中的用户。截至目前,我可以以AD用户的身份登录,但当我尝试编辑我的个人资料时,它并未在AD中实施。在Django中修改Active Directory用户

我使用django-auth-ldap作为AD后端。

我与具有读写权限的用户建立了连接。

AUTH_LDAP_SERVER_URI = "ldap://192.168.1.12" 
AUTH_LDAP_BIND_DN = "user" 
AUTH_LDAP_BIND_PASSWORD = "password" 
AUTH_LDAP_CONNECTION_OPTIONS = { 
    ldap.OPT_DEBUG_LEVEL: 1, 
    ldap.OPT_REFERRALS: 0 
} 
AUTH_LDAP_USER_SEARCH = LDAPSearch("DC=sb,DC=ch", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)") 
# Set up the basic group parameters. 
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=sb,DC=ch", ldap.SCOPE_SUBTREE, "(objectClass=group)") 
AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType() 
# What to do once the user is authenticated 
AUTH_LDAP_USER_ATTR_MAP = { 
    "first_name": "givenName", 
    "last_name": "sn", 
    "email": "mail" 
} 
AUTH_LDAP_USER_FLAGS_BY_GROUP = { 
    "is_active": "CN=ipa-users,cn=users,DC=sb,DC=ch", 
    "is_staff": "CN=ipa-users,cn=users,DC=sb,DC=ch", 
    "is_superuser": "CN=ipa-users,cn=users,DC=sb,DC=ch" 
} 
# This is the default, but be explicit. 
AUTH_LDAP_ALWAYS_UPDATE_USER = True 
# Use LDAP group membership to calculate group permissions. 
AUTH_LDAP_FIND_GROUP_PERMS = True 
# Cache settings 
AUTH_LDAP_CACHE_GROUPS = True 
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600 
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend', 
    'django.contrib.auth.backends.ModelBackend', 
)

那么我需要什么设置或得到什么东西?

这是我edit_profile.html:

<form method="post"> 
     {% csrf_token %} 
     <label for="first_name">Vorname </label> 
     <input style="margin-bottom: 1em;" id="first_name" class="form-control" type="text" name="first_name" value="{{ user.first_name }}"><br> 
     <label for="last_name">Nachname </label> 
     <input style=" margin-bottom: 1em;" id="last_name" class="form-control" type="text" name="last_name" value="{{ user.last_name }}"><br> 
     <label for="email">E-Mail </label> 
     <input style="margin-bottom: 1em;" id="email" class="form-control" type="email" required=True unique=True name="email" value="{{ user.email }}"><br> 
     <button class="btn btn-success btn-sm" type="submit">Bestätigen</button>

回答:

这是不可能的,只有django-auth-ldap

粗糙guesstimation表明你正在使用django-auth-ldap(我更新了你的问题)。看一眼就可以看出它只有一个后端,而且不能做任何其他事情。

如果你真的想更新AD中的一些数据,你需要自己做。我正在使用python-ldap3,我可以为此推荐。它还包括一些专门针对AD的帮手。

UPD:根据要求,一个例子使用python-ldap3

类似的东西,不知道下面的作品是否代码(它是现有的代码位的混搭)。但它应该给你一个你应该做什么的想法。欢迎来到LDAP的地狱。

import ldap3 
conn = ldap3.Connection(
    server="ldaps://foobar", 
    user="[email protected]", # normally full DN, but AD supports this format as well 
    password="password", 
    auto_bind=ldap3.AUTO_BIND_NONE, 
    authentication=ldap3.SIMPLE, 
    raise_exceptions=True, 
    auto_referrals=False, # 90% you want it set to False 
    receive_timeout=10, # seconds, exception afterwards 
) 
conn.start_tls() 
conn.bind() 
search = conn.extend.standard.paged_search(
    search_base="dc=domain", 
    search_filter="([email protected])", # or (cn=username) or (sAMAccountName=username) or whatever 
    search_scope=ldap3.SUBTREE, 
    attributes=ldap3.ALL_ATTRIBUTES, 
    dereference_aliases=ldap3.DEREF_NEVER, 
    generator=True, 
) 
entries = [entry for entry in search if entry["type"] == "searchResEntry"] # not sure how to get rid of all the aliases otherwise 
assert len(entries) is 1, "got {0} entries".format(len(entries)) 
entry = entries[0] 
dn = entry["dn"] 
changes = { 
    "attributeName": [ 
     [ldap3.MODIFY_DELETE, ["old value 1", "old value 2",]], 
     [ldap3.MODIFY_ADD, ["a new value"]], 
    ] 
} 
conn.modify(dn, changes) 
conn.unbind()

以上是 在Django中修改Active Directory用户 的全部内容, 来源链接: utcz.com/qa/266042.html

回到顶部