Jason Tesser wrote:
Has nobody tried to do this kind of thing?
-----Original Message-----
From: python-list-bounces+jtesser=nbbc.edu at python.org
[mailto:python-list-bounces+jtesser=nbbc.edu at python.org]On Behalf Of
Jason Tesser
Sent: Monday, November 24, 2003 7:00 AM
To: Python List (E-mail)
Subject: Web Authentication to AD
I would like to write a python web service that would take a username and
password entered on a
web form and authenticate to Active directory. A few questions about
this.
1. How can I do it :-)
2. I would like the script to be in the same server as the websites which
is a linux box. So I need it to call active
directory on a M$ box. If this is too hard could someone at least explain
the process if I make this a service on the M$ box. Which I guess I can do
if keeping it on the Linux box is too much.
3. I would like to expand the service so that I could check the computer
the user is on and not make them enter a
username and password if they are already logged in to the domain. I
huess I would have to use Java Script for
this. Any ideas here?
Thank you in advance.
Jason Tesser
Web/Multimedia Programmer
Northland Ministries Inc.
(715)324-6900 x3050
You mean probably something like the following script.
This could be used to get info about other users, so basicly, there must be
a already a fixed known user on AD to bind to.
At the heart of it: if you can bind successfully with specific user
credentials, the user is authenticated.
With my script, the predefined user is needed, because users want to
authenticate against their sAMAccountName and not their LDAP USER DN (which
nobody knows anyway).
By the way, I wouldn't consider this script as secure since everything is
transported over the network in cleartext.
---------------------------------------------------------------------
import ldap
from pprint import pprint
HOST = "IP OF AD SERVER"
USER = "SEARCH USER DN"
PASSWD = "SEARCH USER PASSWORD"
SEARCHDN = "SEARCHDN"
class LDAPAuth:
def __init__(self,host=HOST,user=USER,passwd=PASSWD):
self.host = host
self.conn = conn = ldap.open(host)
conn.protocol_version = ldap.VERSION3
conn.simple_bind_s(user,passwd)
def authenticate(self,user='',passwd=''):
userdata = self.conn.search_s(SEARCHDN,
ldap.SCOPE_SUBTREE,
'sAMAccountName=%s' % user)
if len(userdata) == 1:
dn = userdata[0][0]
try:
l = ldap.open(self.host)
l.protocol_version = ldap.VERSION3
l.simple_bind_s(dn,passwd)
l.search_s(SEARCHDN,ldap.SCOPE_SUBTREE,'objectType=bla')
l.unbind_s()
return True
except ldap.LDAPError:
return False
else:
return False
def getInfoAbout(self,user):
return self.conn.search_s(SEARCHDN,
ldap.SCOPE_SUBTREE,
'sAMAccountName=%s' % user)
if __name__ == '__main__':
import getopt
import sys
helpmsg = """USAGE: ldapauth -h : print this message
ldapauth -u <name> -p <passwd> : check user credentials
ldapauth -i <name> : info about user"""
opts,args = getopt.getopt(sys.argv[1:],'u:p:i:h')
od = {}
for o,v in opts:
od[o[1:]] = v
if od.has_key('h'):
print helpmsg
else:
l = LDAPAuth()
if od.has_key('i'):
pprint(l.getInfoAbout('%s' % od['i']))
elif od.has_key('u') and od.has_key('p'):
res = l.authenticate(od['u'],od['p'])
if res:
print "Right credentials"
else:
print "Wrong credentials"
else: print helpmsg
