4

I am developing django website and I want to use ldap authontation with my application. I am using Django 1.11 to authenticate with the django-python3-ldap. I tested the connection to my ldap using ldapsearch and it was succeeded and I got the following result: 

ally@websrv:/web/demo_project_ally$ ldapsearch -x -W -D 'cn=admin,dc=myldap,dc=com' -b "dc=myldap,dc=com" "cn=ally ally" -H ldap://myldap.com 
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <dc=myldap,dc=com> with scope subtree
# filter: cn=ally ally
# requesting: ALL
#

# ally ally, my_ou, myldap.com
dn: cn=ally ally,ou=my_ou,dc=myldap,dc=com
cn: ally ally
givenName: ally
gidNumber: 500
homeDirectory: /home/users/aally
sn: ally
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: e01ENX1kNVJuSkw0bTV3RzR3PT0=
uidNumber: 1000
uid: aally

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

When I try to connect from django I will get this error:

System check identified no issues (0 silenced).
July 24, 2017 - 20:40:26
Django version 1.11, using settings 'demo_project.settings'
Starting development server at http://0:8002/
Quit the server with CONTROL-C.
LDAP connect failed: LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - None - bindResponse - None
[24/Jul/2017 20:40:37] "POST /accounts/login/ HTTP/1.1" 200 917

Error:

LDAP connect failed: LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - None - bindResponse - None

Here is my django configuration for the ldap connection from setting.py file:

LDAP_AUTH_URL = "ldap://myldap.com:389"

LDAP_AUTH_USE_TLS = False

LDAP_AUTH_SEARCH_BASE = "dc=myldap,dc=com"

LDAP_AUTH_OBJECT_CLASS = "inetOrgPerson"

LDAP_AUTH_USER_FIELDS = {
    "username": "uid",
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}


LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)

LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"

LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"


LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"

LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_openldap"


LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = None


LDAP_AUTH_CONNECTION_USERNAME = "admin"
LDAP_AUTH_CONNECTION_PASSWORD = "password" 

#Print information about failed logins to your console by adding the following to your settings.py file.

LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,
    "handlers": {
        "console": {
            "class": "logging.StreamHandler",
        },
    },
    "loggers": {
        "django_python3_ldap": {
            "handlers": ["console"],
            "level": "INFO",
        },
    },
}

I am working under Ubuntu 16.04 and using python3.5

I used this reference for my setting: https://github.com/etianen/django-python3-ldap

I am able to perform an initial sync of LDAP users using: ./manage.py ldap_sync_users

Please advice how to solve this issue.

Eyla
  • 5,751
  • 20
  • 71
  • 116
  • This may help: https://dashdrum.com/blog/2016/02/django-and-ldap/ – Dashdrum Jul 25 '17 at 12:25
  • @Dashdrum what you referenced is different ldap back-end connection model, I tried to use it but there is no luck. Thank you – Eyla Jul 25 '17 at 18:07

3 Answers3

5

I had the same issue, try changing the following:

from this

LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_openldap"

to this:

LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"
Richard Ellison
  • 315
  • 6
  • 14
1

I have encountered the same issue. Below change fix my issue

LDAP_AUTH_CONNECTION_USERNAME = "cn=admin,dc=myldap,dc=com"
LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"
Pillar Zhou
  • 11
  • 2
0

ldap3 always authorizes using the "displayName" field. If the values of your LDAP_AUTH_USER_FIELDS["username"] fields are not equal to the values of the "displayName" fields, you will have errors.

Eugene Bybin
  • 1