Edx LDAP Auth setting

1433 views
Skip to first unread message

Yip Terence

unread,
Feb 9, 2015, 11:00:30 PM2/9/15
to django...@googlegroups.com
Dear All,

I have been installed the open edx and django_auth_ldap package (http://code.edx.org/) in our environment.  However, I'm not successful to config the Auth with LDAP.  Could anyone could provide the guide to me?  I don't know where is the settings.py file path in open edx.

Please help.

Thanks and Regards,
Terence Yip

Lachlan Musicman

unread,
Feb 9, 2015, 11:22:50 PM2/9/15
to django...@googlegroups.com
Yip, EDX looks complex - can you search for the settings file and report back?

AuthLDAP is annoying, but it does work - I've used it successfully
against an AD backend. The error messages are important to read.

But first, find your settings file.

You will need to provide us with more info too. What's not working?
What have you put into the settings file? What version of django is
EDX using, and does django_auth_ldap provide support for that django
version, what error messages are you getting? Can you attach to the
ldap server from just the django shell (ie, are the username and
password etc correct)?

cheers
L.
------
"This is a profound psychological violence here. How can one even
begin to speak of dignity in labor when one secretly feels one's job
should not exist?"

On the Phenomenon of Bullshit Jobs, David Graeber
http://strikemag.org/bullshit-jobs/


On 10 February 2015 at 15:00, 'Yip Terence' via Django users
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users...@googlegroups.com.
> To post to this group, send email to django...@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/65f0df30-c315-401c-9711-9228779a65ed%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

Yip Terence

unread,
Feb 12, 2015, 2:07:21 AM2/12/15
to django...@googlegroups.com
Hi L,
 
Actually, I has been input the LDAP string in /edx/app/edxapp/edx-platform/lms/envs/common.py.  But there a two problems after the configuration. Firstly, the script can't get the %user value I need to hardcode the username / email in the connection string than I can login to edx.  Secondly, can't to create an user profile when first login.
 
Is it need to modify the views.py and urls.py file for collect the %user value and create the user profile?
 
 
I have 2 version django in edx.
./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/lib/Django-1.3/django/bin/django-admin.py
./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/lib/Django-1.2.5/django/bin/django-admin.py
 
 
ldap_auth_ldap:
How can I find the version?  I using the apt-get to install the package.
 
The search settings.py result.
-----------Setttings.py-------------------
./edx/app/xqueue/xqueue/xqueue/settings.py
./edx/app/xqueue/venvs/xqueue/lib/python2.7/site-packages/django/conf/project_template/project_name/settings.py
./edx/app/xqueue/venvs/xqueue/lib/python2.7/site-packages/newrelic-2.18.1.15/newrelic/api/settings.py
./edx/app/edxapp/edx-platform/common/test/acceptance/pages/studio/settings.py
./edx/app/edxapp/edx-platform/lms/djangoapps/django_comment_client/settings.py
./edx/app/edxapp/edx-platform/lms/lib/comment_client/settings.py
./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/django_countries/tests/settings.py
./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/method_override/settings.py
./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/example/settings.py
./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/django/conf/project_template/project_name/settings.py
./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/dealer/contrib/django/settings.py
./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/newrelic-2.18.1.15/newrelic/api/settings.py
./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/django_extensions/settings.py
./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/appconf/tests/settings.py
./edx/app/edxapp/venvs/edxapp/src/django-pipeline/pipeline/conf/settings.py
./edx/app/edxapp/venvs/edxapp/src/django-pipeline/tests/settings.py
./edx/app/edxapp/venvs/edxapp/src/edx-val/edxval/settings.py
./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/lib/Django-1.3/django/conf/project_template/settings.py
./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/lib/Django-1.2.5/django/conf/project_template/settings.py
./usr/local/lib/python2.7/dist-packages/django/conf/project_template/project_name/settings.py
 
Thank you very much for your assistance.
 
Thanks and Regards,
Terence Yip

Yip Terence於 2015年2月10日星期二 UTC+8下午12時00分30秒寫道:

Yip Terence

unread,
Feb 23, 2015, 3:09:38 AM2/23/15
to django...@googlegroups.com
Thanks and Regards,
Terence Yip

Lachlan Musicman於 2015年2月10日星期二 UTC+8下午12時22分50秒寫道:

Lachlan Musicman

unread,
Feb 23, 2015, 6:15:46 PM2/23/15
to django...@googlegroups.com
Sorry, I've been organising a conference and have been awol. I'll be
able to take a look next week. But quickly:

I don't understand why you have two versions of Django, I would
suggest that is an issue.

You should be using django-auth-ldap, and that's got Django > 1.3 as a
requirement.

You shouldn't need to create the %user - that is done automatically by
the django-auth-ldap

Finally, please please please use a virtual environment. It makes all
of this significantly easier - like finding django-auth-ldap is as
easy as "pip install django-auth-ldap".

It's recommended you don't install via apt-get. While apt-get is easy
and centralised, in the case of web apps, I would install via virt env
and pip every time.

cheers
L.
------
"This is a profound psychological violence here. How can one even
begin to speak of dignity in labor when one secretly feels one's job
should not exist?"

On the Phenomenon of Bullshit Jobs, David Graeber
http://strikemag.org/bullshit-jobs/


On 23 February 2015 at 19:09, 'Yip Terence' via Django users

Yip Terence

unread,
Feb 24, 2015, 1:37:20 AM2/24/15
to django...@googlegroups.com

Hi L,

 

Thanks for your reply.

 

I’m through pip to install the django-auth-ldap already.  But there are two question here.

1.       How can I check the django-auth-ldap version?

2.       What do you mean of install via virt env? I’m follow the edX Ubuntu 12.04 +64 bit installation guide to install the edX, is that virt env?

https://github.com/edx/configuration/wiki/edX-Ubuntu-12.04-64-bit-Installation

 

-----------------------------------------------------------------------------------------

root@ethiopia:/edx/app/edxapp/edx-platform/lms/envs# pip install django-auth-ldap

Requirement already satisfied (use --upgrade to upgrade): django-auth-ldap in /usr/local/lib/python2.7/dist-packages

Requirement already satisfied (use --upgrade to upgrade): django in /usr/local/lib/python2.7/dist-packages (from django-auth-ldap)

Requirement already satisfied (use --upgrade to upgrade): python-ldap>=2.0 in /usr/local/lib/python2.7/dist-packages (from django-auth-ldap)

Requirement already satisfied (use --upgrade to upgrade): setuptools in /usr/local/lib/python2.7/dist-packages (from python-ldap>=2.0->django-auth-ldap)

Cleaning up...

 

Thanks and Regards,

Terence Yip


Lachlan Musicman於 2015年2月24日星期二 UTC+8上午7時15分46秒寫道:

Mario Gudelj

unread,
Feb 24, 2015, 6:09:22 AM2/24/15
to django...@googlegroups.com
To check the version go to shell and run this:

>>> import django_auth_ldap

>>> django_auth_ldap.version

(1, 1, 2)

>>> 

As for virtualenv, it's a good practice but it's not necessary. 

By the way, have you tried performing a simple search on the LDAP server? I think that your best bet is to start with python-ldap (forget about django_auth_ldap), try to connect to the server, perform a bind and get a feel for it. 

I normally open the shell and run something like this in it https://bpaste.net/show/d4348eb1b3dd

You have to know the following:

- protocol (secure or not)

- IP or domain name of the LDAP server

- port

- A full DN of one of the users would be useful but once you establish the connection you can figure this out.

I remember that I was using Django 1.5.x and django_auth_ldap was still using User model by default. Not sure if that's still the case but you may have to patch it.

Good luck!

M









Yip Terence

unread,
Feb 26, 2015, 2:02:38 AM2/26/15
to django...@googlegroups.com
Hi M,
 
Actually, I can connect with our AD server, but I need to hardcode the user in the connection string so that I would like to ask for the solution about how can I get the %user value and create the profile. 
 
Maybe I can paste my connection string here for more easy to understand.  I have been pasted the following code in /edx/app/edxapp/edx-platform/lms/envs/common.py.  I can successful login to edX when I hardcode the user in "AUTH_LDAP_USER_SEARCH....".  Is that paste the code in the wrong location?
 
 
-------------------------------------------------------------------------------------------
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, PosixGroupType
#AUTH_LDAP_START_TLS = True
AUTH_LDAP_GLOBAL_OPTIONS = {
 ldap.OPT_X_TLS_REQUIRE_CERT: False,
 ldap.OPT_REFERRALS: False,
}
# Baseline configuration.
AUTH_LDAP_SERVER_URI = "ldap://dc.abc.hk:389"
AUTH_LDAP_BIND_DN = "CN=connection_account,OU=SystemAcct,DC=abc,DC=hk"
AUTH_LDAP_BIND_PASSWORD = "password"
user = request.user
AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=Users,DC=abc,DC=hk', ldap.SCOPE_SUBTREE, "(&(mail=user...@abc.hk)(objectClass=User)(objectCategory=person))")
 
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch('OU=Users,DC=vtc,DC=hk', ldap.SCOPE_SUBTREE, "(&(objectClass=User)(objectCategory=person))")
 
# set group type
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
AUTH_LDAP_CONNECTION_OPTIONS = {
     ldap.OPT_REFERRALS: 0,
}
 
# Simple group restrictions
#~ AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=django,ou=groups,dc=example,dc=com"
#~ AUTH_LDAP_DENY_GROUP = "cn=disabled,ou=django,ou=groups,dc=example,dc=com"
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
 "username": "cn",
 "first_name": "givenName",
 "last_name": "sn",
 "email": "mail"
}
 
AUTH_LDAP_PROFILE_ATTR_MAP = {
 "name": "cn"
}

# important! to use the group's permission
AUTH_LDAP_MIRROR_GROUPS = True
# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True
# Cache group memberships for an hour to minimize LDAP traffic
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
-----------------------------------------------------------------------------------------------------------------
 
Looking for your reply.  Thanks!
 
Thanks and Regards,
Terence Yip

somecallitblues於 2015年2月24日星期二 UTC+8下午7時09分22秒寫道:

Yip Terence

unread,
Feb 26, 2015, 4:24:22 AM2/26/15
to django...@googlegroups.com
Hi M and L,
 
Attached please find the output in /edx/var/log/lms/edx.log
Django can't to get the %user value.
 
 
Config:
--------------------------------------------------------------------
AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=Users', ldap.SCOPE_SUBTREE, "(&(mail=%(user)s))(objectClass=User)(objectCategory=person))")
---------------------------------------------------------------------
 
Error MSG:
-------------------------------------------------------------------------------
Feb 26 17:18:33 ethiopia [service_variant=lms][django_auth_ldap][env:sandbox] ERROR [ethiopia  3016] [config.py:166] - search_s('OU=Users', 2, '(&(mail=))(objectClass=User)(objectCategory=person))') raised FILTER_ERROR({'desc': 'Bad search filter'},)
-------------------------------------------------------------------------------
 
Thanks and Regards,
Terence Yip

Yip Terence於 2015年2月26日星期四 UTC+8下午3時02分38秒寫道:

pigl...@emergya.com

unread,
Aug 5, 2016, 7:00:21 AM8/5/16
to Django users
Hi guys,

I'm having some problems to add LDAP auth to my edx app. I've follow your steps but I'm not getting any exit in edx log... I can connect and make querys against my ldap server using shell. Could you help me? I'm using fullstack dogwood environment
AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=Users,DC=abc,DC=hk', ldap.SCOPE_SUBTREE, "(&(mail=u...@abc.hk)(objectClass=User)(objectCategory=person))")

Faruk D.

unread,
Dec 19, 2016, 8:20:34 AM12/19/16
to Django users
Hi Y.,

could you slove this issue? If yes could you post your solution.

Best regards 
F.D.

bc a

unread,
Jan 3, 2017, 4:09:33 AM1/3/17
to django...@googlegroups.com
Hi F.D.,

I'm not sure is it the correct setting, but the setting is working for me.  Please find the steps as follows.

1.      Download LDAP packages
sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
sudo pip install python-ldap
 
2.      Install Django LDAP Library
pip install django-auth-ldap
 
3.      LDAP connection setup
 
4.      Add DB model for select database record
 內嵌圖像

5.      Add the checking function in “if save_user”
內嵌圖像

 
6.      Edit “LDAPSettings(object)”
內嵌圖像

 
7.      Save and Exit.
 
8.      Collect the user value and add create profile function in “views.py”
 

 
9.      Add the following code after “if not third_party_auth_successful:”
內嵌圖像

 
10.  Add the backend function to “common.py”
vi /edx/app/edxapp/edx-platform/lms/envs/common.py
 
11.  Edit “AUTHENICATION_BACKENDS”
 內嵌圖像

 
12.  Edit “INSTALLED_APPS”
內嵌圖像

 
13.  Add the backend function to “common.py”
vi /edx/app/edxapp/edx-platform/cms/envs/common.py
 
14.  Edit “AUTHENICATION_BACKENDS”
內嵌圖像

  
15.  Edit “INSTALLED_APPS”
內嵌圖像
 

16.  Update the database record
cd /edx/app/edxapp/edx-platform
sudo -H -u edxapp bash
source /edx/app/edxapp/edxapp_env
paver update_db --settings=aws
 
17.  Restart Service

Thanks and Regards,
Terence Yip


'Faruk D.' via Django users <django...@googlegroups.com> 於 2016年12月19日 (週一) 9:20 PM 寫道﹕


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Message has been deleted

Yip Terence

unread,
Jan 3, 2017, 4:19:10 AM1/3/17
to Django users
Dear all,

I'm not sure is it the correct setting, but the setting is working for me.  Please find the steps as follows.

1.      Download LDAP packages
sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
sudo pip install python-ldap
 
2.      Install Django LDAP Library
pip install django - auth - ldap
 
3.      LDAP connection setup
 
4.      Add DB model for select database record











5.      Add the checking function in “if save_user”







6.      Edit “LDAPSettings(object)”
















7.      Save and Exit.
 
8.      Collect the user value and add create profile function in “views.py
 

 
9.      Add the following code after “if not third_party_auth_successful:”













10.  Add the backend function to “common.py
vi /edx/app/edxapp/edx-platform/lms/envs/common.py
 
11.  Edit “AUTHENICATION_BACKENDS”






12.  Edit “INSTALLED_APPS”








13.  Add the backend function to “common.py
vi /edx/app/edxapp/edx-platform/cms/envs/common.py
 
14.  Edit “AUTHENICATION_BACKENDS”






15.  Edit “INSTALLED_APPS”








16.  Update the database record
cd /edx/app/edxapp/edx-platform
sudo -H -u edxapp bash
source /edx/app/edxapp/edxapp_env
paver update_db --se ttings=aws
 
17.  Restart Service

Thanks and Regards,
Terence Yip


Yip Terence於 2015年2月10日星期二 UTC+8下午12時00分30秒寫道:

Yip Terence

unread,
Jan 3, 2017, 4:19:59 AM1/3/17
to Django users
16.  Update the database record
cd /edx/app/edxapp/edx-platform
sudo -H -u edxapp bash
source /edx/app/edxapp/edxapp_env
paver update_db --se ttings=aws
 
17.  Restart Service

Thanks and Regards,
Terence Yip

Yip Terence於 2015年2月10日星期二 UTC+8下午12時00分30秒寫道:

Pierre-Philippe Fady

unread,
Jan 11, 2017, 5:50:32 AM1/11/17
to Django users

Thank you from this explications.

Please could you help me about that ?

I can connect with an account from LDAP the first time, but next, i've an error : IntegrityError: (1062, "Duplicate entry '37' for key 'user_id'")

Pierre-Philippe Fady

unread,
Jan 11, 2017, 8:10:53 AM1/11/17
to Django users
I found one solution :

in this section :

9.      Add the following code after “if not third_party_auth_successful:”

I've replace

if db_profile is user:

by

if db_profile is None:

Faruk D.

unread,
Jan 18, 2017, 3:10:56 PM1/18/17
to Django users
Hi Yip,

Thanks for your Instruction.

While trying to update the database record like you explained on step 16. I got some error messages. 
Im not so familar with that django and python stuff.

Im going to give a description of my errors. I hope someone can help me. 

I am using the following Fullstack Version in a Vagrantbox:

Eucalyptus.1

2016-08-26
open-release/eucalyptus.1
f
After finishing all steps I try to update the database record with:  paver update_db --settings=aws

Then i got following message:

/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django_auth_ldap/backend.py", line 55, in <module>
    from django.db import *
AttributeError: 'module' object has no attribute 'backend'

I try to fix the issue with changing 
from django.db import *
to 
from django.db import models

I try it again and after that following error was printed:

  File "/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/apps/registry.py", line 131, in check_models_ready
    raise AppRegistryNotReady("Models aren't loaded yet.")
django.core.exceptions.AppRegistryNotReady: Models aren't loaded yet.

My question now is:

With which OpenEdX version was it working for you.
Have you set the THIRD_PARTY_AUTHENTICATION variable in the lms.env.json to true?

If you need more information just let me know.

Best regards
F.D.


Pierre-Philippe Fady

unread,
Jan 25, 2017, 5:21:31 AM1/25/17
to Django users
Sorry, i was wrong, you need to write :

if not db_profile:

Faruk D.

unread,
Feb 13, 2017, 5:10:53 AM2/13/17
to Django users
Hi Yip,

I could fix the issues. 

Thank you very much for your help. 

Kind regard 
Faruk 


Abdelkrime Agrou

unread,
May 23, 2018, 11:23:29 AM5/23/18
to Django users
Hi could you help me please,
I would like to configure LDAP Active directory with my new installation of open edx native.

Please help me to get that working.
Thnaks
Regards,
Reply all
Reply to author
Forward
0 new messages