How to maintain LDAP authentication across Django views?

Question

Here is the current situation: I created a login.html page where I enter my username and password in a form. In my views.py I get the POST data and use the username and password to authenticate against my LDAP server (mechanism works). If the username/password is wrong, I am redirected back to the login page with an error message. Otherwise, I am redirected to a landing page where I will have a message like: "Hello Lastname, Firstname". I am able to get the first and last names from the LDAP query.

The problem:

When I go to the new view, i.e the landing page, I lose my authentication. When I trace request.user, I get the admin user I used while creating my Django project. I would expect the Django_auth ecosystem to do all this for me but maybe I am wrong.

I am not sure whether I should place the user in a session because I could not find anywhere on Google where people use Django's LDAP and Session together.

I would appreciate any help from the gurus out there.

Thanks.

Edit with actual code:

def login(request):
    error = False
    DN = 'None'
    user = 'None'
    user_attr = 'None'
    if request.method == 'POST': #if form has been submitted
        DN = request.POST['login']
        PWD = request.POST['password']
        DN_FULL_EMAIL = DN + '@'+user_domain+'.mysite.com'
        print 'DN_FULL_EMAIL', DN_FULL_EMAIL
        try:
            l = ldap.initialize('ldap://mysite.com:3268')
            print 'bind_res = ' , l.simple_bind_s(DN_FULL_EMAIL, PWD)
            BASE_DN = 'DC=eng,DC=mysite,DC=com'
            SCOPE = ldap.SCOPE_SUBTREE
            Filter = '(&(objectClass=person)(sAMAccountName='+DN+'*)(objectClass=organizationalPerson)(objectClass=user))'
            Attrs = ['displayName', 'employeeID'] #The only data we need

            r= l.search_ext(BASE_DN, SCOPE, Filter, Attrs)
            Type, user = l.result(r,10)
            if user :
                Name, Attrs = user[0]
                if hasattr(Attrs, 'has_key') and Attrs.has_key('displayName') and Attrs.has_key('employeeID'):
                    displayName = Attrs['displayName'][0]
                    WWID = Attrs['employeeID'][0]
                request.user = user
                user_attr = Attrs
                return HttpResponseRedirect('/', {  'user' : user,
                                                    'user_attr' : user_attr
                                                })

        except ImportError:
            error = True
            pass
        except ldap.INVALID_CREDENTIALS:
            error = True
            pass
    return render_to_response( 'login.html', {
        'error' : error,
        'user' : user,
        'user_attr' : user_attr
        }, context_instance = RequestContext(request))

You don't give enough information to solve the problem. What are you doing with the result of the LDAP authentication? Are you using a library to integrate LDAP with Django's authentication framework? — Daniel Roseman, Aug 12 '13 at 10:45
Are you using a ldap authentication backend, or are you "manually" doing the authentication? — Burhan Khalid, Aug 12 '13 at 10:46
@Daniel and Burhan, thank you for the quick response. I added the code I used in my project. From the hint from Burhan, I believe I am doing things manually, and I am not really doing anything with the result of the LDAP. `request.user = user` is also not useful since changing data you already received does nothing. Then maybe, how I I really use the LDAP authentication backend? I do have settings like AUTH_LDAP_SERVER, AUTH_BASE_USER etc. in my `settings.py`and I did add `django_ldapbackend.LDAPBackend` in my AUTHENTICATION_BACKENDS. From there, I am am not sure how to do things properly. — Shailen, Aug 12 '13 at 10:58

score 2 · Accepted Answer · answered Aug 12 '13 at 23:21

2

You almost certainly want to use an LDAP authentication backend like django-auth-ldap. If the backend is installed and configured properly, your views should not require any LDAP-specific code. If you've gotten tangled up, don't be afraid to start over and follow the backend's documentation from the beginning.

answered Aug 12 '13 at 23:21

psagers

859
4
5

Shortly after posting this question, I moved on to `django-auth-ldap`. I have all the LDAP settings in my `settings.py`. In my `login.html`, I have a username/password form. When I click Login, the POST data is sent to the respective method in my `views.py`. Big question: What do I do there to authenticate against my LDAP server, using settings from my `settings.py`? Thanks for the support! – Shailen Aug 13 '13 at 09:13
Just use the standard Django APIs (https://docs.djangoproject.com/en/1.5/topics/auth/default/#authentication-in-web-requests). django.contrib.auth even includes a standard login view, so you don't have to write any view code for simple cases. – psagers Aug 14 '13 at 16:02

score 0 · Answer 2 · answered Feb 16 '15 at 07:12

Now that you've implemented LDAP authentication manually with python-ldap, all you need to know is how to use session across different views.

Fortunately Django provides good document about it: How to use sessions.

Example code:

request.session['name'] = 'Jack'  # set
name = request.session['name']    # get

How to maintain LDAP authentication across Django views?

2 Answers2

Linked