All geek questions in one place

LDAP in Django default admin

UPDATED

How can I authenticate default Django administrator on an LDAP server instead of the default database? I found the Django Auth LDAP package, but do not know anything about configuring it to log in to the administrator. I tried putting the lines below in settings.py besides the LDAP configuration:

AUTHENTICATION_BACKENDS = ( 'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', )

But that does not work. If I delete the last line, it will not authenticate to LDAP and will show me a default auth error, since ModelBackend is a backup. I tried to copy and modify the configurations listed in the documentation , and I get this error on the console:

 Caught LDAPError while authenticating karlisson: INVALID_DN_SYNTAX({'info': 'invalid DN', 'desc': 'Invalid DN syntax'},)

My .py settings:

 AUTH_LDAP_SERVER_URI = "ldap://192.168.0.2" AUTH_LDAP_BIND_DN = "example_nt" AUTH_LDAP_BIND_PASSWORD = "example" AUTH_LDAP_USER_SEARCH = LDAPSearch("cn=admin,dc=example_nt,dc=com,dc=br", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")

Not sure where the syntax error is, new to LDAP.

+4
source share
2 answers

The administrator login should work just like a normal login. Just adding a backend is not enough, you need to configure it. The docs say a lot:

You probably need to install this:

 AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": "cn=active,ou=groups,dc=example,dc=com", "is_staff": "cn=staff,ou=groups,dc=example,dc=com", "is_superuser": "cn=superuser,ou=groups,dc=example,dc=com" }

These flags are IIRC used by the administrator, at least is_superuser .

But the most important thing is this material in settings.py :

 AUTH_LDAP_SERVER_URI = "ldap://ldap.example.com" import ldap from django_auth_ldap.config import LDAPSearch AUTH_LDAP_BIND_DN = "" AUTH_LDAP_BIND_PASSWORD = "" AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")

Try setting up all of these materials to connect to your ldap, and if you still have problems, we can try to debug it from there.

Also try to get debugging information so that you have information if requests have been sent to your ldap (perhaps you can also check the logs made by your ldap to see if it receives requests from your application).

+8
source

The coherent name must be a distinguished name. example_nt not a distinguished name.

0
source

Source: https://habr.com/ru/post/1389273/

More articles:


All Articles