LDAP
https://www.onelogin.com/learn/what-is-ldap
LDAP是一种软件协议, 用于查询一个网络内的信息和设备。
提供服务:
- 组织内的用户认证
- 简化访问内部服务器。
The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral software protocol used to lookup information or devices within a network. Whether you want to build a central authentication server for your organization or want to simplify access to internal servers and printers, LDAP is the answer.
What is LDAP?
LDAP is a standard protocol designed to maintain and access “directory services” within a network. Think of a directory service as a phonebook for different network resources like files, printers, users, devices, and servers, etc.
For example, an organization may store information for all their printers in a directory. LDAP can enable users to search for a specific printer, locate it on the network, and securely connect to it.
LDAP is widely used to build central authentication servers. These servers contain usernames and passwords for all the users within a network. Any-and-all applications and services can connect to the LDAP server to authenticate and authorize users.
LDAP directories typically contain data that is regularly accessed, but rarely changed. LDAP is designed to deliver exceptionally fast READ performance, even for larger datasets. However, the WRITE performance is significantly lower.
工作流程:
How does LDAP work?
To connect to a LDAP directory, a user must have an LDAP client installed on their device. Here’s how a typical LDAP workflow looks like:
- Using the client, the user establishes a secure connection with the LDAP directory.
- They send a “search” query to the directory for a specific printer.
- The LDAP directory authenticates the user.
- The search operation is performed within the directory, and the address of the requested printer is returned.
- The secure connection to the LDAP directory is closed.
- The user connects to the printer.
开发参考
python-ldap
https://github.com/python-ldap/python-ldap
python-ldap: LDAP client API for Python
What is python-ldap?
python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP client libs for that purpose.
Additionally the package contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs, LDAPv3 sub-schema, etc.).
all demos:
https://github.com/python-ldap/python-ldap/tree/master/Demo
authentication
https://www.cnblogs.com/linxiyue/p/10250243.html
https://www.cnblogs.com/dreamer-fish/p/5531339.html
https://www.cnblogs.com/linxiyue/p/10250243.html
ldap-groups
https://github.com/kavdev/ldap-groups
A python/django Active Directory group management abstraction that uses ldap3 as a backend for cross-platform compatibility.
ldap_add_user_to_group
https://github.com/suhassrivats/ldap_add_user_to_group
A Python utility to add users to groups and create their home directory
django-auth-ldap
https://github.com/django-auth-ldap/django-auth-ldapDjango authentication backend that authenticates against an LDAP service.
django-auth-ldap.readthedocs.io/
This is a Django authentication backend that authenticates against an LDAP service. Configuration can be as simple as a single distinguished name template, but there are many rich configuration options for working with users, groups, and permissions.
Difference between Authentication and Authorization
https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/
Both Authentication and Authorization area units are utilized in respect of knowledge security that permits the safety of an automatic data system. Each area unit terribly crucial topics usually related to the online as key items of its service infrastructure. However, each of the terms area units is completely different with altogether different ideas. whereas indeed, they’re usually employed in an equivalent context with an equivalent tool, they’re utterly distinct from one another. In the authentication process, the identity of users is checked for providing the access to the system. While in the authorization process, a person’s or user’s authorities are checked for accessing the resources. Authentication is done before the authorization process, whereas the authorization process is done after the authentication process.
