django-auth-ldap

[Cody Scott]

I am trying to get django-auth-ldap working with an Active Directory LDAP Server.

I don't understand the documentation for the Search/Bind or Direct Bind.

Is 'uid' the LDAP attribute uid? My LDAP doesn't use this attribute.

I tried putting 'samaccountName' an attribute that is used for logon. 

Where does the 'user' come from? Is that the username field from the login form?

[Anurag Chourasia]

Hi Cody,

I am also using a Search Bind in a similar situation as yours.... You could easily use the samaccountName for User Search.

Here is what I have in settings.py to give you a clearer picture.

AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
    LDAPSearch("OU=Users, OU=Central,OU=IDD,DC=client,DC=corp",ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"),
    LDAPSearch("OU=Users,OU=Renca_CD,OU=Locales,OU=IDD,DC=client,DC=corp",ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"),
    )

And yes, the user in %(user)s comes from the login form.

Regards,

Guddu

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Cody Scott]

Do I need to set up groups? I have a setting for 

AUTH_LDAP_SERVER_URI

AUTH_LDAP_BIND_DN

AUTH_LDAP_BIND_PASSWORD

AUTH_LDAP_USER_SEARCH

AUTH_LDAP_USER_ATTR_MAP = {

    "username": "sAMAccountName",

    "email": "mail"

}

I am using a custom auth model. Maybe that is the reason it is not working?

from django.db import models
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin, BaseUserManager
from django.conf import settings
from django.utils.translation import ugettext_lazy as _

class MyUserManager(BaseUserManager):
    def create_user(self, username, email, name, company, password=None):
        if not email:
            raise ValueError('User must have an email address')
        if not username:
            raise ValueError('User must have a username')

        user = self.model(
            email=MyUserManager.normalize_email(email),
        )
        user.username = username
        user.set_password(password)
        user.name = name
        user.company = company
        user.save(using=self._db)
        return user

    def create_superuser(self, username, email, name, company, password):
        user = self.create_user(username,
            email,
            name,
            company,
            password=password
        )
        user.is_admin = True
        user.is_manager = True
        user.is_superuser = True
        user.save(using=self._db)
        return user

class Users(AbstractBaseUser,PermissionsMixin):
    email           = models.EmailField(verbose_name=_('email address'), max_length=255,unique=True,db_index=True,)
    username        = models.CharField(verbose_name=_('Username'), max_length=50,blank=True,unique=True)
    name            = models.CharField(verbose_name=_('Name'), max_length=50,blank=True)
    company         = models.CharField(verbose_name=_('Company'), max_length=255,blank=True)
    is_manager      = models.BooleanField(default=False)
    is_active       = models.BooleanField(default=True)
    is_admin        = models.BooleanField(default=False)
    is_customer     = models.BooleanField(default=False)
    datecreated     = models.DateField(auto_now=True)

    objects         = MyUserManager()
    USERNAME_FIELD  = 'username'
    REQUIRED_FIELDS = ['name', 'company', 'email']

    class Meta:
        verbose_name_plural = "Users"

    def get_full_name(self):
        return self.email

    def get_short_name(self):
        return self.email

    def __unicode__(self):
        return self.email

    def get_attempts_list(self, quiz):
        attempts = []
        for attempt in self.attempts.all():
            if attempt.quiz == quiz:
                attempts.append(attempt)
        return attempts

    @property
    def is_staff(self):
        return self.is_admin

[Anurag Chourasia]

Setting up of groups is not a requirement. In my case I am searching for group membership just to grant/deny access based on Group membership also. I sent my settings to you just to show you how I was using sAMAccountName for user search.

So what exactly is not working in your case? You are not able to login? Do you have any logs to share?

Can you try a small snippet like this (replacing the variables) to see if bind works at all?

import ldap

l=ldap.initialize('ldap://<LDAP SERVER>:<LDAP PORT>')

who=<AUTH_LDAP_BIND_DN>

cred=<AUTH_LDAP_BIND_PASSWORD>

result=l.bind(who,cred)

l.result(result)

Regards,

Guddu

[Cody Scott]

I put that code in a separate python file and ran it without django or django-auth-ldap. 

l = ldap.initialize()

AttributeError: 'module' object has no attribute 'initialize'

so python-ldap is not installed properly? 

I am not able to login, no error just invalid credentials. 

How do I get logs from ldap? I don't have a login view I am using django's

On Tuesday, 14 May 2013 17:01:44 UTC-4, Guddu wrote:

[Anurag Chourasia]

What does this give you?

import ldap

dir(ldap)

Regards

Guddu

[Cody Scott]

http://dpaste.org/EboQU/

[Cody Scott]

Ok The problem was that I had the file named ldap.py. I got it to work, I had to add a print to 

l.result(result)

put I get 

a tuple of a number and an empty list

(#, [])

[Anurag Chourasia]

Hi Cody

In the link that you sent i see that initialize is a valid attribute.

Also did you name your python file as ldap.py? If yes then that's the problem i guess. Please rename it to something else and see what it gives you.

Could you run these in a Python interpreter and tell me what does this show you?

import ldap

print ldap.__file__

We should try to get this working first before moving to django-auth-ldap

Regards

Guddu

[Anurag Chourasia]

Ok. Now try to get django-ldap-auth working. See if you can enable the logging handler and grab some more information.

http://pythonhosted.org/django-auth-ldap/logging.html

Regards

Guddu

[Cody Scott]

I have that code but where does the logging go?

[Anurag Chourasia]

Its just basic python logging

http://docs.python.org/2/library/logging.html

Look at logging to a file

http://docs.python.org/2/howto/logging.html#logging-advanced-tutorial

Regards,

Guddu

[Cody Scott]

The problem was that the LDAPSearch had to start with a OU= I had it start with a DC=.

[Anurag Chourasia]

Glad that it worked....