New Django and Django-Auth-Ldap User: View Question

625 views
Skip to first unread message

Zac

unread,
Jan 26, 2011, 9:48:19 AM1/26/11
to django-auth-ldap
Hello,

I'm a new user to Django and Django-Auth-Ldap. I have made a site and
up until this point I was using the django auth system to handle my
users. Now I would like to authenticate against an ldap server. I've
set up all the proper settings in settings.py but when I try to log in
with my LDAP user names nothing happens. I'm fairly certain it is
because I'm using the default login view
(django.contrib.auth.views.login) and I need to write a custom login
view and template to handle both authenticating against LDAP and my
Django site only accounts.

Am I on the right track with my thinking or am I doing something
wrong? Also, does anyone have a login view that authenticates against
LDAP and Django they wouldn't mind sharing to help me get started?

Thanks!
-Zac

Jeff Schroeder

unread,
Jan 26, 2011, 10:05:12 AM1/26/11
to django-a...@googlegroups.com

You're mistaken actually. django-auth-ldap creates a User object for
each user in ldap so it would will work with both so long as you've
got AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend')

The default login view works perfectly with django-auth-ldap. Just
like in django, you'll need to create your own templates. You likely
think you've got it setup properly but don't actually. A debug log is
the easiest way to figure out what is going on.

Here is a django-auth-ldap relevant example from one of my test projects:

############################## django-auth-ldap ##############################
from django_auth_ldap.config import LDAPSearch, PosixGroupType
# Needed if AUTH_LDAP_USER_SEARCH is used
#import ldap

if DEBUG:
import logging, logging.handlers
logfile = "/tmp/django-ldap-debug.log"
my_logger = logging.getLogger('django_auth_ldap')
my_logger.setLevel(logging.DEBUG)

handler = logging.handlers.RotatingFileHandler(
logfile, maxBytes=1024 * 500, backupCount=5)

my_logger.addHandler(handler)

# django-auth-ldap configuration starts here
AUTH_LDAP_SERVER_URI = "ldap://ldap.server1 ldap://ldap.server2
ldap://ldap.server3"

# The full ldap tree search isn't necessary for now
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=People,o=int"
#AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,o=int",
# ldap.SCOPE_SUBTREE, "(uid=%(user)s)")

# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Groups,o=int",
ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)"
)
AUTH_LDAP_GROUP_TYPE = PosixGroupType()

# Only users in this group can log in.
AUTH_LDAP_REQUIRE_GROUP = "cn=it,ou=Groups,o=int"

# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "cn=it,ou=Groups,o=int",
"is_staff": "cn=neteng,ou=Groups,o=int",
"is_superuser": "cn=netadmin,ou=Groups,o=int",
}

# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True

# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True

# Cache group memberships for an hour to minimize LDAP traffic
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600


# Keep ModelBackend around for per-user permissions and maybe a local
# superuser.
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
############################ end django-auth-ldap ############################

--
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com

Zac

unread,
Jan 26, 2011, 7:49:07 PM1/26/11
to django-auth-ldap
You were very right about that. I changed some settings and got it
working. Thanks! I think my biggest hurdle is not knowing enough
about LDAP and how my active directory is set up. Is it possible to
authenticate against multiple ldap servers or different ou on the same
server?



On Jan 26, 10:05 am, Jeff Schroeder <jeffschroe...@computer.org>
wrote:

Peter Sagerson

unread,
Jan 26, 2011, 9:43:57 PM1/26/11
to django-a...@googlegroups.com
There's no capacity to authenticate against multiple servers. In principle. you could do it by forking the backend and installing two independent copies, but that would be a pretty big hack. I don't believe you can search for users under more than one base DN, although that would be easier to add if it's useful.

Di majo

unread,
May 12, 2024, 3:55:37 PM5/12/24
to django-auth-ldap
MT103/202 DIRECT WIRE TRANSFER
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER

Thanks.


NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.

DM ME ON WHATSAPP
+44 7529 555638

Reply all
Reply to author
Forward
0 new messages