LDAP configuration

[robert.lyn...@gmail.com]

I can't figure out my LDAP configuration for the life of me. 

I am using a Synology NAS to manage my LDAP server. My base DN is dc=ecrl, my Bind DN is uid=root, cn=users,dc=ecrl. 

Secondly, how can I confirm it is working, simply trying to log in?

My current configuration is:

import ldap

# Server URI

AUTH_LDAP_SERVER_URI = "(FQDN here, should it be an IP?)"

# Set the DN and password for the NetBox service account.

AUTH_LDAP_BIND_DN = "uid=root,cn=users,dc=ecrl"

AUTH_LDAP_BIND_PASSWORD = "PASSWORD (Obviously not my actual password)"

# Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.

# Note that this is a NetBox-specific setting which sets:

#     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)

LDAP_IGNORE_CERT_ERRORS = True

from django_auth_ldap.config import LDAPSearch

# This search matches users with the sAMAccountName equal to the provided username. This is required if the user's

# username is not in their DN (Active Directory).

AUTH_LDAP_USER_SEARCH = LDAPSearch("dc=ecrl",

                                    ldap.SCOPE_SUBTREE,

                                    "(sAMAccountName=%(user)s)")

# If a user's DN is producible from their username, we don't need to search.

AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,dc=ecrl"

# You can map user attributes to Django attributes as so.

AUTH_LDAP_USER_ATTR_MAP = {

    "first_name": "givenName",

    "last_name": "sn",

    "email": "mail"

}

from django_auth_ldap.config import LDAPSearch, GroupOfNamesType

AUTH_LDAP_GROUP_SEARCH = LDAPSearch("dc=ecrl", ldap.SCOPE_SUBTREE,

                                    "(objectClass=group)")

# AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()

AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()  ### I changed this

# Define a group required to login

AUTH_LDAP_REQUIRE_GROUP = "CN=users,dc=ecrl"

# Define special user types using groups. Exercise great caution when assigning superuser status.

AUTH_LDAP_USER_FLAGS_BY_GROUP = {

    "is_active":    "cn=users,dc=ecrl",

    "is_staff":     "cn=users,dc=ecrl",

    "is_superuser": "cn=administrators,dc=ecrl"

}

AUTH_LDAP_FIND_GROUP_PERMS = True

AUTH_LDAP_CACHE_GROUPS = True

AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

### # Don't check the ldap server's certificate as much

### ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)

###

### # Don't check the cert at all

### ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)

[Matthew Yauch]

The URI could be a hostname as long as your Netbox server can resolve it from DNS, or it can be an IP.  Depending on whether the Synology device is capable of LDAPS will also change it.  You do need to specify the protocol, however.

I would try:

AUTH_LDAP_SERVER_URI = 'ldaps://<ip_address/hostname>'

or

AUTH_LDAP_SERVER_URI = 'ldap://<ip_address/hostname>'

Mine is quite different due to using the Docker image and environment variables to set the variables, as well as using Active Directory, but the rest looks like it should be right taking into account those differences.

[Ollie]

When you do try to login do not include the domain name, I was and I got stuck on it for a day. Login is simply 'user.name'.

Hope that helps!