def authenticate(username, password):
records = get_user_records(username)
dila_permission = check_group_membership(username)
if records and dila_permission:
user_dn, user_attributes = records[0]
with initialize_connection() as connection:
try:
connection.simple_bind_s(user_dn, password)
except ldap.LDAPError:
return ANONYMOUS_USER
else:
encoding = config.LDAP_ENCODING
first_name = user_attributes.get(config.LDAP_USER_ATTRIBUTE_MAP['first_name'])[0].decode(encoding)
last_name = user_attributes.get(config.LDAP_USER_ATTRIBUTE_MAP['last_name'])[0].decode(encoding)
is_superuser = check_group_membership(username, config.LDAP_SUPERUSER_GROUP_CN)
return structures.User(
authenticated=True,
username=username,
first_name=first_name,
last_name=last_name,
is_superuser=is_superuser
)
else:
return ANONYMOUS_USER
评论列表
文章目录
