LDAPError 2, 'No such file or directory', and 34, 'Numerical result out of range'
1,137 views
Skip to first unread message
sv...@centrum.cz
Nov 4, 2014, 4:13:26 AM11/4/14
to django-a...@googlegroups.com
I'm trying to set up LDAP authentication for Django admin, but keep getting errors LDAPError(2, 'No such file or directory'), and LDAPError(34, 'Numerical result out of range').
I have a working LDAP authentication setup for an Apache server app (anonymized):
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://ldap.my-domain.eu:999/OU=Internal,OU=Users,DC=my-domain,DC=eu?sAMAccountName?sub
AuthLDAPBindDN "CN=MyApp,OU=System,OU=Users,DC=my-domain,DC=eu"
AuthLDAPBindPassword XXXXXXXX
I tried to copy these settings to a Django app like this:
But the Django login doesn't work. Admin tells me I have a wrong username/password, Apache error log for the Django site shows:
First time I try to login after restarting the Django app (running through mod_wsgi - I do a touch wsgi.py to "restart", but restarting apache has the same effect), I get LDAPError(2, 'No such file or directory'), subsequent login attempts give me a LDAPError(34, 'Numerical result out of range').
Any ideas on what am I doing wrong? I don't have admin access to the LDAP server, so I have to debug locally from the web server.
Thank you,
Jiri
I have a working LDAP authentication setup for an Apache server app (anonymized):
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://ldap.my-domain.eu:999/OU=Internal,OU=Users,DC=my-domain,DC=eu?sAMAccountName?sub
AuthLDAPBindDN "CN=MyApp,OU=System,OU=Users,DC=my-domain,DC=eu"
AuthLDAPBindPassword XXXXXXXX
I tried to copy these settings to a Django app like this:
AUTH_LDAP_SERVER_URI = "ldap://ldap.my-domain.eu:999/OU=Internal,OU=Users,DC=my-domain,DC=eu?sAMAccountName?sub"
AUTH_LDAP_BIND_DN = "CN=MyApp,OU=System,OU=Users,DC=my-domain,DC=eu"
AUTH_LDAP_BIND_PASSWORD = "XXXXXXXX"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=my-domain,dc=eu",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "OU=Users,DC=my-domain,DC=eu",
"is_staff": "OU=Users,DC=my-domain,DC=eu",
}
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
}
AUTH_LDAP_BIND_DN = "CN=MyApp,OU=System,OU=Users,DC=my-domain,DC=eu"
AUTH_LDAP_BIND_PASSWORD = "XXXXXXXX"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=my-domain,dc=eu",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "OU=Users,DC=my-domain,DC=eu",
"is_staff": "OU=Users,DC=my-domain,DC=eu",
}
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
}
But the Django login doesn't work. Admin tells me I have a wrong username/password, Apache error log for the Django site shows:
[Mon Nov 03 16:46:31 2014] [error] Caught LDAPError while authenticating jiri.vyskocil: LDAPError(2, 'No such file or directory')
[Mon Nov 03 16:46:36 2014] [error] Caught LDAPError while authenticating jiri.vyskocil: LDAPError(34, 'Numerical result out of range')
[Mon Nov 03 16:46:53 2014] [error] Caught LDAPError while authenticating jiri.vyskocil: LDAPError(34, 'Numerical result out of range')
[Mon Nov 03 16:46:36 2014] [error] Caught LDAPError while authenticating jiri.vyskocil: LDAPError(34, 'Numerical result out of range')
[Mon Nov 03 16:46:53 2014] [error] Caught LDAPError while authenticating jiri.vyskocil: LDAPError(34, 'Numerical result out of range')
First time I try to login after restarting the Django app (running through mod_wsgi - I do a touch wsgi.py to "restart", but restarting apache has the same effect), I get LDAPError(2, 'No such file or directory'), subsequent login attempts give me a LDAPError(34, 'Numerical result out of range').
Any ideas on what am I doing wrong? I don't have admin access to the LDAP server, so I have to debug locally from the web server.
Thank you,
Jiri
Peter Sagerson
Nov 5, 2014, 12:07:36 AM11/5/14
to django-a...@googlegroups.com
Step one is probably to open a Python shell and call ldap.initialize() with your server URL. If necessary, you can always put a breakpoint in LDAPBackend.authenticate() and print the exception (or change the logger.warning() to logger.exception()).
> --
> You received this message because you are subscribed to the Google Groups "django-auth-ldap" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to django-auth-ld...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> You received this message because you are subscribed to the Google Groups "django-auth-ldap" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to django-auth-ld...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Jiří Vyskočil
Nov 7, 2014, 3:59:04 PM11/7/14
to django-a...@googlegroups.com
OK thanks. After fiddling in the shell I figured it out - Django LDAP expects the
AUTH_LDAP_SERVER_URI to just identify the server - without the query path. The user query has to be
constructed from "(sAMAccountName=%(user)s)". I also had to add a AUTH_LDAP_GROUP_SEARCH group
query, and correct group name in AUTH_LDAP_USER_FLAGS_BY_GROUP (the correct group names will show up
in the logs while trying to authenticate wit appropriate logger settings)
For the benefit of future generations (the server is Windows AD):
AUTH_LDAP_SERVER_URI = "ldap://ldap.my-domain.eu:999"
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "CN=Department,OU=Users,DC=my-domain,DC=eu",
"is_staff": "CN=Department,OU=Users,DC=my-domain,DC=eu",
}
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=Groups,DC=my-domain,DC=eu",
ldap.SCOPE_SUBTREE, "(objectClass=group)")
AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType()
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
AUTH_LDAP_SERVER_URI to just identify the server - without the query path. The user query has to be
constructed from "(sAMAccountName=%(user)s)". I also had to add a AUTH_LDAP_GROUP_SEARCH group
query, and correct group name in AUTH_LDAP_USER_FLAGS_BY_GROUP (the correct group names will show up
in the logs while trying to authenticate wit appropriate logger settings)
For the benefit of future generations (the server is Windows AD):
AUTH_LDAP_SERVER_URI = "ldap://ldap.my-domain.eu:999"
AUTH_LDAP_BIND_DN = "CN=MyApp,OU=System,OU=Users,DC=my-domain,DC=eu"
AUTH_LDAP_BIND_PASSWORD = "XXXXXXXX"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=my-domain,dc=eu",
ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")
AUTH_LDAP_BIND_PASSWORD = "XXXXXXXX"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=my-domain,dc=eu",
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "CN=Department,OU=Users,DC=my-domain,DC=eu",
"is_staff": "CN=Department,OU=Users,DC=my-domain,DC=eu",
}
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=Groups,DC=my-domain,DC=eu",
ldap.SCOPE_SUBTREE, "(objectClass=group)")
AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType()
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
Di majo
May 12, 2024, 1:39:05 PM5/12/24
to django-auth-ldap
MT103/202 DIRECT WIRE TRANSFER
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER
Thanks.
NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.
DM ME ON WHATSAPP
+44 7529 555638
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER
Thanks.
NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.
DM ME ON WHATSAPP
+44 7529 555638
Reply all
Reply to author
Forward
0 new messages