0

In my LDAP directory, Users are added to Organizational Units instead of groups. How can I check whether a user is a part of an Organizational Unit using Django LDAP ?

My settings.py file:

AUTH_LDAP_SERVER_URI = 'ldap://qwery'
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
AUTH_LDAP_BIND_DN = 'dndndn'
AUTH_LDAP_BIND_PASSWORD = 'pwdpwd'
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
    LDAPSearch('ou=abbb,dc=xxx,dc=net', ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"),
    LDAPSearch('ou=ammmm,dc=xxx,dc=net', ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"),
    LDAPSearch('ou=addddd,dc=xxx,dc=net', ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"),
    LDAPSearch('ou=ahhhhh,dc=xxx,dc=net', ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"),
)
AUTH_LDAP_CACHE_TIMEOUT = 0

AUTHENTICATION_BACKENDS = [
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
]


# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
    "name": "cn",
    "username": "sAMAccountName",
    "department":"distinguishedName"
}
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    "OU=addddd,DC=xxx,DC=net",
    ldap.SCOPE_SUBTREE,
    "(objectClass=*)")
    
AUTH_LDAP_FIND_GROUP_PERMS = True  

AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_ALWAYS_UPDATE_USER = True

AUTH_USER_MODEL = 'login.Account'

AUTH_LDAP_USER_FLAGS_BY_GROUP= {
    "is_it": "OU=IT,OU=ahhhh,DC=xxx,DC=net",

 }

Thank you

alucor-it
  • 133
  • 3
  • 15

1 Answers1

0

You would need to determine the FDN into the RDN parts to determine which OU the user in within.

You can look at an example at: https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap-dn.html#examples

jwilleke
  • 10,467
  • 1
  • 30
  • 51