3 # import ldap for LDAP authentication - Edelberto
6 from django.contrib.auth.models import User
8 from manifoldapi.manifoldapi import ManifoldAPI, ManifoldException, ManifoldResult
9 from manifold.core.query import Query
11 # Name my backend 'ManifoldBackend'
12 class ManifoldBackend:
15 # Create an authentication method
16 # This is called by the standard Django login procedure
17 def authenticate(self, token=None):
19 # LDAP local/global var
26 print "ManifoldBackend authenticate()"
27 # Mandatory fields in token
28 username = token['username']
29 request = token['request']
31 # usernameldap is optional - from LDAP user form.
32 # If it is filled - See portal/homeview.py too
33 if 'usernameldap' in token:
34 usernameldap = token['usernameldap']
37 password = token['password']
38 # if data are not from LDAP form then normal (local) login
40 print "not userldap ManifoldBackend authenticate()"
41 auth = {'AuthMethod': 'password', 'Username': username, 'AuthString': password}
42 api = ManifoldAPI(auth)
43 sessions_result = api.forward(Query.create('local:session').to_dict())
45 sessions = sessions_result.ok_value()
48 print "GetSession failed", sessions_result.error()
50 print "first", sessions
53 # Change to session authentication
54 api.auth = {'AuthMethod': 'session', 'session': session['session']}
58 # the new API would expect Get('local:user') instead
59 persons_result = api.forward(Query.get('local:user').to_dict())
60 persons = persons_result.ok_value()
62 print "GetPersons failed",persons_result.error()
65 print "PERSON=", person
67 request.session['manifold'] = {'auth': api.auth, 'person': person, 'expires': session['expires']}
68 ################################
69 # Edelberto LDAP authentication
70 # if data are from LDAP form, so
72 print "userldap ManifoldBackend authenticate()"
74 # Needing to create an specific entries at settings.py (or myslice.ini) for these vars
75 ##################################################
76 # Edelberto - UFF - esilva@ic.uff.br
77 # v1 - ldap authentication module
78 # Note: focus on LDAP FIBRE-BR for DN
79 # if uses other DN, configuration are needed
80 ###################################################
81 #Searching an LDAP Directory
84 #uid = "debora@uff.br"
86 # Receiving an email address, how can we split and mount it in DN format?
87 #mail = "debora@uff.br"
89 login = mail.split('@')[0]
90 org = mail.split('@')[1]
92 dc = org.split('.')[1]
101 # DN format to authenticate - IMPORTANT!
103 uid = "uid="+mail+",ou=people,o="+o+",dc="+dc
104 #uid = "uid=debora@uff.br,ou=people,o=uff,dc=br"
105 # User password from LDAP form
106 #userPassword = "fibre"
107 userPassword = password
110 # wrong password for test
111 # userPassword = "fibre2"
113 # Parameters to connect on LDAP
114 ldap.set_option(ldap.OPT_REFERRALS, 0)
115 # LDAP Server Address
116 l = ldap.open("127.0.0.1")
118 l.protocol_version = ldap.VERSION3
120 #l.simple_bind(uid, userPassword)
121 # l.bind_s is necessary to do the authentication with a normal LDAP user
122 l.bind_s(uid, userPassword, ldap.AUTH_SIMPLE)
123 #print l.bind_s(uid, userPassword, ldap.AUTH_SIMPLE)
125 # DN base - Our root dc (dc=br)
127 searchScope = ldap.SCOPE_SUBTREE
128 retrieveAttributes = None
129 # User only can see its credentials. He search only his attributes
130 searchFilter = "uid="+mail
132 # Getting all attributes
134 ldap_result_id = l.search(baseDN, searchScope, searchFilter, retrieveAttributes)
136 # while exist attributes, save them in a list!
138 # print l.result(ldap_result_id, 0)
139 result_type, result_data = l.result(ldap_result_id, 0)
140 if (result_data == []):
141 #print ("User %s don't allowed to bind in LDAP", uid)
144 ## Appendng to a list
145 if result_type == ldap.RES_SEARCH_ENTRY:
146 result_set.append(result_data)
148 except ldap.LDAPError, e:
151 # Matching if the user is really who his say
153 if l.compare_s(uid, 'uid', mail):
158 # Now, based on default Manifold Auth
159 auth = {'AuthMethod': 'password', 'Username': usernameldap, 'AuthString': password}
160 api = ManifoldAPI(auth)
161 sessions_result = api.forward(Query.create('local:session').to_dict())
163 sessions = sessions_result.ok_value()
166 print "GetSession failed", sessions_result.error()
168 print "first", sessions
169 session = sessions[0]
171 # Change to session authentication
172 api.auth = {'AuthMethod': 'session', 'session': session['session']}
175 # Get account details
176 # the new API would expect Get('local:user') instead
177 persons_result = api.forward(Query.get('local:user').to_dict())
178 persons = persons_result.ok_value()
180 print "GetPersons failed",persons_result.error()
183 print "PERSON=", person
185 request.session['manifold'] = {'auth': api.auth, 'person': person, 'expires': session['expires']}
188 print "no match. User doesnt allowed"
191 except ldap.LDAPError, e:
192 print "E: LDAP Search user", e
195 # Follow the same of Manifold
196 except ManifoldException, e:
197 print "ManifoldBackend.authenticate caught ManifoldException, returning corresponding ManifoldResult"
198 return e.manifold_result
200 print "E: manifoldbackend", e
202 traceback.print_exc()
207 # Check if the user exists in Django's local database
208 user = User.objects.get(username=username)
209 except User.DoesNotExist:
210 # Create a user in Django's local database
211 user = User.objects.create_user(username, usernamep, 'passworddoesntmatter')
212 user.email = person['email']
216 # Check if the user exists in Django's local database
217 user = User.objects.get(username=usernameldap)
218 except User.DoesNotExist:
219 # Create a user in Django's local database
220 user = User.objects.create_user(username, usernameldap, 'passworddoesntmatter')
221 user.email = person['email']
223 if 'firstname' in person:
224 user.first_name = person['firstname']
225 if 'lastname' in person:
226 user.last_name = person['lastname']
229 # Required for your backend to work properly - unchanged in most scenarios
230 def get_user(self, user_id):
232 return User.objects.get(pk=user_id)
233 except User.DoesNotExist: