Having Trouble getting django-auth-ldap and MS AD to play nice

Matt Lind

unread,

Jun 13, 2013, 6:28:50 AM6/13/13

to django-a...@googlegroups.com

Here are my versions:

cat /etc/centos-release:

CentOS release 6.4 (Final)

rpm -qa | grep Django

Django-1.3.7-1.el6.noarch

python --version

Python 2.6.6

rpm -qa | grep python-ldap

python-ldap-2.3.10-1.el6.x86_64

Django-auth-ldap:

django-auth-ldap-1.1.4

My settings.py:

import os

import ldap

from django_auth_ldap.config import LDAPSearch, GroupOfNamesType

DEBUG = True

TEMPLATE_DEBUG = DEBUG

ADMINS = (

# ('Your Name', 'your_...@example.com'),

)

MANAGERS = ADMINS

DATABASES = {

'default': {

'ENGINE': 'django.db.backends.mysql', # Add 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'oracle'.

'NAME': '<redacted>', # Or path to database file if using sqlite3.

'USER': '<redacted>', # Not used with sqlite3.

'PASSWORD': '<redacted>', # Not used with sqlite3.

'HOST': '', # Set to empty string for localhost. Not used with sqlite3.

'PORT': '', # Set to empty string for default. Not used with sqlite3.

}

LOGIN_URL = '/login/'

SITE_ROOT = os.path.realpath(os.path.dirname(__file__))

AUTHENTICATION_BACKENDS = (

'django_auth_ldap.backend.LDAPBackend',

)

AUTH_LDAP_SERVER_URI = "ldap://<redacted>"

AUTH_LDAP_BIND_DN = "CN=wldapauth,CN=Users,DC=NAS,DC=GRP1,DC=com"

AUTH_BIND_PASSWORD = '<redacted>'

AUTH_LDAP_USER_SEARCH = LDAPSearch("dc=NAS,dc=GRP1,dc=com",

ldap.SCOPE_SUBTREE, "(uid=%(user)s")

AUTH_LDAP_USER_ATTR_MAP = {

"first name": "givenName",

"last name": "sn",

"email": "mail",

}

ALLOWED_HOSTS = []

TIME_ZONE = 'America/Chicago'

LANGUAGE_CODE = 'en-us'

SITE_ID = 1

USE_I18N = True

USE_L10N = True

MEDIA_ROOT = ''

MEDIA_URL = ''

STATIC_ROOT = ''

STATIC_URL = '/static/'

ADMIN_MEDIA_PREFIX = '/static/admin/'

STATICFILES_DIRS = (

# Put strings here, like "/home/html/static" or "C:/www/django/static".

# Always use forward slashes, even on Windows.

# Don't forget to use absolute paths, not relative paths.

)

STATICFILES_FINDERS = (

'django.contrib.staticfiles.finders.FileSystemFinder',

'django.contrib.staticfiles.finders.AppDirectoriesFinder',

)

SECRET_KEY = '<redacted>'

TEMPLATE_LOADERS = (

'django.template.loaders.filesystem.Loader',

'django.template.loaders.app_directories.Loader',

)

MIDDLEWARE_CLASSES = (

'django.middleware.common.CommonMiddleware',

'django.contrib.sessions.middleware.SessionMiddleware',

'django.middleware.csrf.CsrfViewMiddleware',

'django.contrib.auth.middleware.AuthenticationMiddleware',

'django.contrib.messages.middleware.MessageMiddleware',

)

ROOT_URLCONF = 'test_ath1.urls'

TEMPLATE_DIRS = (

os.path.join(SITE_ROOT, 'templates'),

)

INSTALLED_APPS = (

'django.contrib.auth',

'django.contrib.contenttypes',

'django.contrib.sessions',

'django.contrib.sites',

'django.contrib.messages',

'django.contrib.staticfiles',

'portal',

# Uncomment the next line to enable the admin:

# 'django.contrib.admin',

# Uncomment the next line to enable admin documentation:

# 'django.contrib.admindocs',

)

LOGGING = {

'version': 1,

'disable_existing_loggers': False,

'handlers': {

'mail_admins': {

'level': 'ERROR',

'class': 'django.utils.log.AdminEmailHandler'

},

'logfile': {

'class': 'logging.handlers.WatchedFileHandler',

'filename': 'test-ath1.log'

},

'loggers': {

'django.request': {

'handlers': ['mail_admins'],

'level': 'ERROR',

'propagate': True,

},

'test-ath1': {

'handlers': ['logfile'],

'level': 'DEBUG',

'propagate': False,

},

}

Issue: When I go to the http://mysiteURL/login page I am presented with the page. When I attempt to login via an AD user on the page I am greeted with a "Bad password".

Troubleshooting so far: Checking the logs of the AD server show that I am getting a bad password error when attempting to perform the BIND. So my Django site can't begin to even attempt a login verification.

I have also run the following command from my shell: ldapsearch -H ldap://<redacted> -b "dc=NAS,dc=GRP1,dc=com" -D "cn=wldapauth,CN=Users,DC=NAS,DC=GRP1,DC=com" -W

The above command, when I supply the correct password works.

I have double checked the password in settings.py, I have changed the password in AD and updated settings.py. I can't seem to get this module to perform the BIND in order to authenticate my users.

Also, the debug log file doesn't log anything at the moment. Not sure if I have coded that up wrong, but the server doesn't error with what I have written.

Thanks

Matt Lind

unread,

Jun 13, 2013, 7:11:12 AM6/13/13

to django-a...@googlegroups.com

I should also add the following works at the python interpreter:

$ python

>> import ldap, sys

>> con = ldap.initialize('ldap://<redacted>')

>> dn = 'CN=wldapauth,CN=Users,DC=NAS,DC=GRP1,DC=com'

>> pw = '<redacted>'

>> con.simple_bind_s(dn, pw)

(97, [])

>> con.simple_bind(dn, pw)

11

>> con.result(11)

(97, [])

Thanks

Matt Lind

unread,

Jun 13, 2013, 8:15:35 AM6/13/13

to django-a...@googlegroups.com

Also, see attached screenshots from Wireshark:

Both the standard Linux bind and the python interpreter catch the clear-text password sent across the wire.

However, when the request is sent by django-auth-ldap, the password is not sent.

Standard Linux/Python Interpreter Trace

Django-Auth-LDAP trace:

Matt Lind

unread,

Jun 13, 2013, 8:18:06 AM6/13/13

to django-a...@googlegroups.com

Disregard all previous posts.

I found my bug.

I had the line: AUTH_BIND_PASSWORD, when the correct line is AUTH_LDAP_BIND_PASSWORD

Sorry to bother anyone

Di majo

unread,

May 12, 2024, 1:45:40 PM5/12/24

to django-auth-ldap

MT103/202 DIRECT WIRE TRANSFER
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER

Thanks.

NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.

DM ME ON WHATSAPP
+44 7529 555638

Reply all

Reply to author

Forward