Django user does not have a profile to populate. LDAP Authentication
538 views
Skip to first unread message
Jason Kirby
Apr 10, 2013, 10:28:45 AM4/10/13
to django-a...@googlegroups.com
Hi all,
For some reason, my LDAP authentication quit working when I deployed my Django site to another server. Here are my settings:
import ldap
from django_auth_ldap.config import LDAPSearch
#LDAP SETUP
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_SERVER_URI = "ldap://ldap.mycompany.com"
AUTH_LDAP_BIND_DN = "CN=MyCompany ,OU=cabletest,OU=Teamwork,OU=community,DC=cablelabs,DC=com"
AUTH_LDAP_BIND_PASSWORD = "Password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=community,dc=mycompany,dc=com",ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn","username":"sAMAccountName","email": "mail"}
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
It looks like everything is authenticating properly. If I intentionally use bad credentials, I get taken back to the login screen, but when I use good credentials, I'm brought back to the main page which should happen. The only problem is that and IF statements that look to see if the user is authenticated fail. For instance, in my template, I have:
<div id="header-bottom">
<div id='dashboard'>Dashboard</div>
<div id='authinfo'>
{% if context.user.is_authenticated %}
Welcome {{ context.user.first_name }}
(<a href="/logout">Logout</a>)
{% else %}
<a href="/login">Login</a>
{% endif %}
</div>
</div>
Always executes the 'else' portion.
My error logs show the following:
[Wed Apr 10 08:27:10 2013] [error] search_s('ou=community,dc=mycompany,dc=com', 2, '(sAMAccountName=%(user)s)') returned 1 objects: cn=theuser ,ou=it,ou=employees,ou=internal,ou=community,dc=mycompany,dc=com
[Wed Apr 10 08:27:10 2013] [error] Populating Django user jakirby
[Wed Apr 10 08:27:10 2013] [error] Django user jakirby does not have a profile to populate
Can anyone see what I may be doing wrong?
Jason
For some reason, my LDAP authentication quit working when I deployed my Django site to another server. Here are my settings:
import ldap
from django_auth_ldap.config import LDAPSearch
#LDAP SETUP
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_SERVER_URI = "ldap://ldap.mycompany.com"
AUTH_LDAP_BIND_DN = "CN=MyCompany ,OU=cabletest,OU=Teamwork,OU=community,DC=cablelabs,DC=com"
AUTH_LDAP_BIND_PASSWORD = "Password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=community,dc=mycompany,dc=com",ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn","username":"sAMAccountName","email": "mail"}
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
It looks like everything is authenticating properly. If I intentionally use bad credentials, I get taken back to the login screen, but when I use good credentials, I'm brought back to the main page which should happen. The only problem is that and IF statements that look to see if the user is authenticated fail. For instance, in my template, I have:
<div id="header-bottom">
<div id='dashboard'>Dashboard</div>
<div id='authinfo'>
{% if context.user.is_authenticated %}
Welcome {{ context.user.first_name }}
(<a href="/logout">Logout</a>)
{% else %}
<a href="/login">Login</a>
{% endif %}
</div>
</div>
Always executes the 'else' portion.
My error logs show the following:
[Wed Apr 10 08:27:10 2013] [error] search_s('ou=community,dc=mycompany,dc=com', 2, '(sAMAccountName=%(user)s)') returned 1 objects: cn=theuser ,ou=it,ou=employees,ou=internal,ou=community,dc=mycompany,dc=com
[Wed Apr 10 08:27:10 2013] [error] Populating Django user jakirby
[Wed Apr 10 08:27:10 2013] [error] Django user jakirby does not have a profile to populate
Can anyone see what I may be doing wrong?
Jason
Peter Sagerson
Apr 10, 2013, 12:57:29 PM4/10/13
to django-a...@googlegroups.com
You don't include any details on your template context, but 'context.user.is_authenticated' is an unusual construction. If you're using django.contrib.auth.context_processors.auth (which is installed by default) with a RequestContext, then 'user' is a top-level template context variable. Hence, '{% if user.is_authenticated %}'.
https://docs.djangoproject.com/en/1.5/topics/auth/default/#authentication-data-in-templates
> --
> You received this message because you are subscribed to the Google Groups "django-auth-ldap" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to django-auth-ld...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
https://docs.djangoproject.com/en/1.5/topics/auth/default/#authentication-data-in-templates
> You received this message because you are subscribed to the Google Groups "django-auth-ldap" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to django-auth-ld...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Jason Kirby
Apr 11, 2013, 10:21:00 AM4/11/13
to django-a...@googlegroups.com
Ah Perfect! That worked like a charm. Thank you so much!
Jason
Jason
Reply all
Reply to author
Forward
0 new messages