I have a Flask webapp that allows user's to login using Active Directory credentials. What I would like to have is the AD 'displayName' which is just an attribute of the username, to be used throughout the session.
What I have tried:
- User can login and authenticate successfully
- When login occurs it makes a call to LDAP to get the 'displayName' attribute
- I make the 'displayName' a global variable so that I can use it in a form later in the session
- The problem is if another user tries to access that page the previous logged in user shows up as the displayName because this was a global variable
What is the best way to be able to call on LDAP attributes but on a per user session basis?
def get_ldap_connection():
conn = ldap.initialize(app.config['LDAP_PROVIDER_URL'])
return conn
class User(db.Model):
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(100))
def __init__(self, username, password, display_name):
self.username = username
self.display_name = display_name
@staticmethod
def try_login(username, password):
conn = get_ldap_connection()
conn.simple_bind_s(domain+username, password)
@staticmethod
def whoami(username, password):
conn = get_ldap_connection()
conn.simple_bind_s(domain + username, password)
base = "OU=Users,OU=Corp,DC=mydomain,DC=ad"
criteria = ldap.filter.filter_format('(&(objectClass=user)(sAMAccountName=%s))', [username])
userattribute = ['displayName']
result = conn.search_s(base, ldap.SCOPE_SUBTREE, criteria, userattribute)
global displayName
displayName = result[0][1]['displayName'][0]
def is_authenticated(self):
return True
def is_active(self):
return True
def is_anonymous(self):
return False
def get_id(self):
return unicode(self.id)