- 汉化
- ldap登录
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "Python: Current File",
"type": "python",
"request": "launch",
"program": "${workspaceRoot}/manage.py",
"args": ["run", "-p 6333"],
"console": "integratedTerminal"
}
]
}
- build
docker-compose build
- 创建数据库
docker-compose run --rm server create_db
- 启动所有组件
docker-compose up -d
ldap可以看做一个目录存储结构 进入路由,调用auth_ldap_user认证函数
@blueprint.route(org_scoped_rule("/ldap/login"), methods=["GET", "POST"])
def login(org_slug=None):
index_url = url_for("redash.index", org_slug=org_slug)
unsafe_next_path = request.args.get("next", index_url)
next_path = get_next_path(unsafe_next_path)
if not settings.LDAP_LOGIN_ENABLED:
logger.error("Cannot use LDAP for login without being enabled in settings")
return redirect(url_for("redash.index", next=next_path))
if current_user.is_authenticated:
return redirect(next_path)
if request.method == "POST":
ldap_user = auth_ldap_user(request.form["email"], request.form["password"])
if ldap_user is not None:
user = create_and_login_user(
current_org,
ldap_user[settings.LDAP_DISPLAY_NAME_KEY][0],
ldap_user[settings.LDAP_EMAIL_KEY][0],
)
if user is None:
return logout_and_redirect_to_index()
return redirect(next_path or url_for("redash.index"))
else:
flash("Incorrect credentials.")
def auth_ldap_user(username, password):
# 连接服务
server = Server(settings.LDAP_HOST_URL, use_ssl=settings.LDAP_SSL)
if settings.LDAP_BIND_DN is not None:
# 绑定
conn = Connection(
server,
# user
settings.LDAP_BIND_DN,
# password
password=settings.LDAP_BIND_DN_PASSWORD,
# 认证方式,一般不改
authentication=settings.LDAP_AUTH_METHOD,
auto_bind=True,
)
else:
conn = Connection(server, auto_bind=True)
# 查询用户是否存在
conn.search(
# 查询根目录
settings.LDAP_SEARCH_DN,
# 查询条件
settings.LDAP_SEARCH_TEMPLATE % {"username": username},
# 查询属性
attributes=[settings.LDAP_DISPLAY_NAME_KEY, settings.LDAP_EMAIL_KEY],
)
if len(conn.entries) == 0:
return None
# 返回用户
user = conn.entries[0]
# 查询用户名和密码是否匹配
if not conn.rebind(user=user.entry_dn, password=password):
return None
return user
配置
# 用户名和密码
LDAP_BIND_DN = os.environ.get("REDASH_LDAP_BIND_DN", "cn=using,dc=xxx,dc=com")
LDAP_BIND_DN_PASSWORD = os.environ.get("REDASH_LDAP_BIND_DN_PASSWORD", "xxxxxx")
# 展示的用户名和邮箱,寻找ldap中对应的key
LDAP_DISPLAY_NAME_KEY = os.environ.get("REDASH_LDAP_DISPLAY_NAME_KEY", "uid")
LDAP_EMAIL_KEY = os.environ.get("REDASH_LDAP_EMAIL_KEY", "email")
# 查询条件
LDAP_SEARCH_TEMPLATE = os.environ.get(
"REDASH_LDAP_SEARCH_TEMPLATE", "(uid=%(username)s)"
)
# 查询根目录
LDAP_SEARCH_DN = os.environ.get(
"REDASH_LDAP_SEARCH_DN", os.environ.get("REDASH_SEARCH_DN", "ou=People,dc=xx,dc=com")
)