Nested groups not working for LDAP require group

783 views
Skip to first unread message

Zoltán Kelemen

unread,
Feb 4, 2016, 1:01:13 PM2/4/16
to django-auth-ldap
Hi,

django-auth-ldap 1.2.7, django 1.8.5, I have the following LDAP config:

AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=Employees,OU=Cisco Users,DC=cisco,DC=com",
    ldap.SCOPE_SUBTREE, "(&(objectClass=user)(sAMAccountName=%(user)s))")


AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=Cisco Groups,DC=cisco,DC=com",
    ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
)
AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType()

AUTH_LDAP_REQUIRE_GROUP = "CN=users,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com"

Authentication works ok with normal group members of "users".

however, Group "admins" is also a member of group "users" and I was expecting that members of "admin" who are not members of "users" would be allowed to log in.

Yet, I'm getting the following error:
Feb  4 18:51:02 dynalab uwsgi: search_s('OU=Employees,OU=Cisco Users,DC=cisco,DC=com', 2, '(&(objectClass=user)(sAMAccountName=%(user)s))') returned 1 objects: cn=kelzolta,ou=employees,ou=cisco users,dc=cisco,dc=com
Feb  4 18:51:02 dynalab uwsgi: search_s('OU=Cisco Groups,DC=cisco,DC=com', 2, '(&(objectClass=groupOfNames)(|(member=cn=kelzolta,ou=employees,ou=cisco users,dc=cisco,dc=com)))') returned 0 objects:
Feb  4 18:51:02 dynalab uwsgi: cn=kelzolta,ou=employees,ou=cisco users,dc=cisco,dc=com is not a member of cn=users,ou=standard,ou=cisco groups,dc=cisco,dc=com
Feb  4 18:51:02 dynalab uwsgi: Authentication failed for kelzolta: user is not a member of AUTH_LDAP_REQUIRE_GROUP

Where kelzolta is  a member of admins.

What am I missing?

Cheers,
  Zoltan

Zoltán Kelemen

unread,
Feb 4, 2016, 4:38:21 PM2/4/16
to django-auth-ldap
My AUTH_LDAP_GROUP_SEARCH was off, (objectClass=group) worked in my particular case.


Di majo

unread,
May 12, 2024, 4:58:42 AM5/12/24
to django-auth-ldap
MT103/202 DIRECT WIRE TRANSFER
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER

Thanks.


NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.

DM ME ON WHATSAPP
+44 7529 555638
Reply all
Reply to author
Forward
0 new messages