Problem using AUTH_LDAP_REQUIRE_GROUP
479 views
Skip to first unread message
João Olavo Baião de Vasconcelos
Sep 22, 2010, 9:50:33 AM9/22/10
to django-a...@googlegroups.com
Hi there!
I'm using Django 1.2.3 and I'm trying to restrict access to Admin site by AD group.
I'm using django-auth-ldap 1.0.6 and everything is working, except restricting login to users of a specific Active Directory group.
My configurations in settings.py are like this:
"""
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=Globais,...,DC=company,DC=biz", ldap.SCOPE_SUBTREE, "(objectClass=activeDirectoryGroupType)")
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
AUTH_LDAP_REQUIRE_GROUP = LDAPGroupType("cn=GROUP_1,OU=Globais,...,DC=company,DC=biz")
AUTH_LDAP_USER_FLAGS_BY_GROUP = {"is_staff": "cn=GROUP_1,OU=Globais,...,DC=company,DC=biz"}
"""
If I comment AUTH_LDAP_REQUIRE_GROUP, everything works. Otherwise, I got this error on my browser during login:
And this one on /var/log/httpd/error_log:
"""
[Wed Sep 22 08:47:16 2010] [error] search_s('OU=Users,DC=company,DC=biz', 2, '(CN=USERNAME)') returned 1 objects: CN=USERNAME,OU=City,OU=Usuarios,OU=TI-ES,DC=company,DC=biz
[Wed Sep 22 08:47:16 2010] [error] Caught Exception while authenticating uqn9: <exceptions.AttributeError instance at 0x2b29f63c0b00>
[Wed Sep 22 08:47:16 2010] [error] File "/usr/lib/python2.4/site-packages/django_auth_ldap/backend.py", line 248, in authenticate
[Wed Sep 22 08:47:16 2010] [error] self._check_requirements()
[Wed Sep 22 08:47:16 2010] [error] File "/usr/lib/python2.4/site-packages/django_auth_ldap/backend.py", line 393, in _check_requirements
[Wed Sep 22 08:47:16 2010] [error] self._check_required_group()
[Wed Sep 22 08:47:16 2010] [error] File "/usr/lib/python2.4/site-packages/django_auth_ldap/backend.py", line 403, in _check_required_group
[Wed Sep 22 08:47:16 2010] [error] is_member = self._get_groups().is_member_of(required_group_dn)
[Wed Sep 22 08:47:16 2010] [error] File "/usr/lib/python2.4/site-packages/django_auth_ldap/backend.py", line 636, in is_member_of
[Wed Sep 22 08:47:16 2010] [error] is_member = self._group_type.is_member(self._ldap_user, group_dn)
[Wed Sep 22 08:47:16 2010] [error] File "/usr/lib/python2.4/site-packages/django_auth_ldap/config.py", line 330, in is_member
[Wed Sep 22 08:47:16 2010] [error] return ldap_user.connection.compare_s(group_dn.encode('utf-8'),
"""
I tried many others group classes, as PosixGroupType, LDAPGroupType, etc, changing also "objectClass" on AUTH_LDAP_GROUP_SEARCH, and the same problem happens.
What could be the problem?
Also, how do I know the exactly group type I should use? What should I ask to the AD admin?
Thanks any advice!
--
João Olavo Baião de Vasconcelos
Analista de Sistemas - Infraestrutura
joaoolavo.wordpress.com
I'm using Django 1.2.3 and I'm trying to restrict access to Admin site by AD group.
I'm using django-auth-ldap 1.0.6 and everything is working, except restricting login to users of a specific Active Directory group.
My configurations in settings.py are like this:
"""
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=Globais,...,DC=company,DC=biz", ldap.SCOPE_SUBTREE, "(objectClass=activeDirectoryGroupType)")
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
AUTH_LDAP_REQUIRE_GROUP = LDAPGroupType("cn=GROUP_1,OU=Globais,...,DC=company,DC=biz")
AUTH_LDAP_USER_FLAGS_BY_GROUP = {"is_staff": "cn=GROUP_1,OU=Globais,...,DC=company,DC=biz"}
"""
If I comment AUTH_LDAP_REQUIRE_GROUP, everything works. Otherwise, I got this error on my browser during login:
'LDAPGroupType' object has no attribute 'encode'
And this one on /var/log/httpd/error_log:
"""
[Wed Sep 22 08:47:16 2010] [error] search_s('OU=Users,DC=company,DC=biz', 2, '(CN=USERNAME)') returned 1 objects: CN=USERNAME,OU=City,OU=Usuarios,OU=TI-ES,DC=company,DC=biz
[Wed Sep 22 08:47:16 2010] [error] Caught Exception while authenticating uqn9: <exceptions.AttributeError instance at 0x2b29f63c0b00>
[Wed Sep 22 08:47:16 2010] [error] File "/usr/lib/python2.4/site-packages/django_auth_ldap/backend.py", line 248, in authenticate
[Wed Sep 22 08:47:16 2010] [error] self._check_requirements()
[Wed Sep 22 08:47:16 2010] [error] File "/usr/lib/python2.4/site-packages/django_auth_ldap/backend.py", line 393, in _check_requirements
[Wed Sep 22 08:47:16 2010] [error] self._check_required_group()
[Wed Sep 22 08:47:16 2010] [error] File "/usr/lib/python2.4/site-packages/django_auth_ldap/backend.py", line 403, in _check_required_group
[Wed Sep 22 08:47:16 2010] [error] is_member = self._get_groups().is_member_of(required_group_dn)
[Wed Sep 22 08:47:16 2010] [error] File "/usr/lib/python2.4/site-packages/django_auth_ldap/backend.py", line 636, in is_member_of
[Wed Sep 22 08:47:16 2010] [error] is_member = self._group_type.is_member(self._ldap_user, group_dn)
[Wed Sep 22 08:47:16 2010] [error] File "/usr/lib/python2.4/site-packages/django_auth_ldap/config.py", line 330, in is_member
[Wed Sep 22 08:47:16 2010] [error] return ldap_user.connection.compare_s(group_dn.encode('utf-8'),
"""
I tried many others group classes, as PosixGroupType, LDAPGroupType, etc, changing also "objectClass" on AUTH_LDAP_GROUP_SEARCH, and the same problem happens.
What could be the problem?
Also, how do I know the exactly group type I should use? What should I ask to the AD admin?
Thanks any advice!
--
João Olavo Baião de Vasconcelos
Analista de Sistemas - Infraestrutura
joaoolavo.wordpress.com
João Olavo Baião de Vasconcelos
Sep 22, 2010, 10:02:50 AM9/22/10
to django-a...@googlegroups.com
Correcting two things:
The correct objectClass is "activeDirectoryGroup" and the error output was "'ActiveDirectoryGroupType' object has no attribute 'encode'".
As I tried many configurations, I got confused collecting logs.
The correct objectClass is "activeDirectoryGroup" and the error output was "'ActiveDirectoryGroupType' object has no attribute 'encode'".
As I tried many configurations, I got confused collecting logs.
2010/9/22 João Olavo Baião de Vasconcelos <joao...@gmail.com>
Peter Sagerson
Sep 22, 2010, 12:35:42 PM9/22/10
to django-a...@googlegroups.com
It looks like the problem is that you're setting AUTH_LDAP_REQUIRE_GROUP to a group type. It should just be the distinguished name of the group itself. The exception is raised when we try to encode the group type object as UTF-8. Try:
AUTH_LDAP_REQUIRE_GROUP = "cn=GROUP_1,OU=Globais,...,DC=company,DC=biz"
João Olavo Baião de Vasconcelos
Sep 22, 2010, 12:46:20 PM9/22/10
to django-a...@googlegroups.com
On Wed, Sep 22, 2010 at 1:35 PM, Peter Sagerson <psa...@ignorare.net> wrote:
Thanks Peter, that solved the issue!It looks like the problem is that you're setting AUTH_LDAP_REQUIRE_GROUP to a group type. It should just be the distinguished name of the group itself. The exception is raised when we try to encode the group type object as UTF-8. Try:
AUTH_LDAP_REQUIRE_GROUP = "cn=GROUP_1,OU=Globais,...,DC=company,DC=biz"
Di majo
May 12, 2024, 3:53:18 PM5/12/24
to django-auth-ldap
MT103/202 DIRECT WIRE TRANSFER
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER
Thanks.
NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.
DM ME ON WHATSAPP
+44 7529 555638
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
LOAN DEAL
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
IPIP/DTC
SLBC PROVIDER
CREDIT CARD TOP UP
DUMPS/ PINS
SEPA TRANSFER
WIRE TRANSFER
BITCOIN TOP UP
GLOBALPAY INC US
SKRILL USA
UNIONPAY RECEIVER
Thanks.
NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.
DM ME ON WHATSAPP
+44 7529 555638
Reply all
Reply to author
Forward
0 new messages