LDAP Flask-Login snippet

At ${DAYWORK}, I am writing a simple Flask web frontend for our new information system. I wanted to have a simple authentication method and so I found the Flask-Login extention for Flask which takes care of user validation, session remembrance , and has a callback method in order to plug the authentication on whatever backend you’d like.

I came up with that little piece of code which makes Flask-Login check a user / password couple against a LDAP server, and validates a user regarding its user ID:

In short, when a user authenticates on the login form, its password is checked against the corresponding LDAP dn when the user object is created. When an id is checked by the load_user callback, the same kind of object, User, is built, only using a user ID. Both methods use the same function, ldap_fetch which replies a dict containing the necessary informations in order to build a User object.