python

2018-06-11 18:16:25

Looking for some help with the django-auth-ldap package.

Background - I am trying to add LDAP users to the default user roles STAFF, ACTIVE, and SUPERUSER. As you can no doubt see from the the debug.log that the django-auth-ldap successfully finds the LDAP username and populates DJANGO accordingly.

However it does not add the LDAP user to the relevant roles ieactive, staff, superuser, because it states that it does not belong to the relevant group although performing an LDAP search on both the username and group says otherwise.

Any help/advice would be greatly appreciated.

Thanks

debug.log

search_s('ou=xxxx,o=xx,c=uk', 2, '(uid=%(user)s)') returned 1 objects: cn=someusername,ou=xx,ou=xxxxx,ou=xxxx,o=xx,c=uk

Populating Django user someusername

cn=someusername,ou=xxxx,ou=xxx,ou=xxx,o=xx,c=uk is not a member of cn=somegroup,ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk

cn=someusername,ou=xxxx,ou=xxx,ou=xxx,o=xx,c=uk is not a member of cn=somegroup,ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk

cn=someusername,ou=xxxx,ou=xxx,ou=xxx,o=xx,c=uk is not a member of cn=somegroup,ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk

settings.py

import os
import ldap
import logging
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, PosixGroupType

** Omitted for clarity **


AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
LDAP_AUTH_URL = "ldaps://ldap.xxxxxxxxxxx.xx.uk/"
LDAP_AUTH_SEARCH_BASE = "ou=xxxx,o=xx,c=uk"

# Application definition
AUTH_LDAP_GLOBAL_OPTIONS = {
 ldap.OPT_X_TLS_REQUIRE_CERT: False,
 ldap.OPT_REFERRALS: False,
}

AUTH_LDAP_SERVER_URI = "ldaps://ldap.xxxxxxxxxx.xx.uk"
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=xxxx,o=xx,c=uk",    ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail"
}

AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk",
    ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_active": "cn=somegroup,ou=xxx,ou=xxx,ou=xxx,ou=xxxx,o=xx,c=uk",
    "is_staff": "cn=somegroup,ou=xxx,ou=xxx,ou=xxx,ou=xxxx,o=xx,c=uk",
    "is_superuser": "cn=somegroup,ou=xxx,ou=xxx,ou=xxx,ou=xxxx,o=xx,c=uk"
}


** Omitted for clarity**

Output from LDAP group search### (some lines omitted)

# ldapsearch -x -H ldap://ldap.xxxxxxxxxxx.xx.uk/  cn=somegroup
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: cn=somegroup
# requesting: ALL
#

# somegroup, xx, xxx, xxxx, xx, uk
dn: cn=somegroup,ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk
objectClass: groupOfNames
objectClass: top
member;x-static:cn=someusername,ou=xxxx,ou=xxx,ou=xxx,o=xx,c=uk

cn:somegroup

Output from LDAP username search ### (some lines omitted)

# ldapsearch -x -H ldap://ldap.xxxxxxxxxxx.xx.uk/  cn=someusername

someusername, xxxx, xxx, xxx, xx, uk
dn: cn=someusername,ou=xxxx,ou=xxx,ou=xxx,o=xx,c=uk
uniqueID: someusername
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ndsLoginProperties
objectClass: person
objectClass: top
objectClass: posixAccount
objectClass: posixGroup
groupMembership: cn=somegroup,ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk
cn: someusername

链接地址: http://www.djcxy.com/p/33700.html

上一篇: codename一个android拦截url的问题

下一篇: 蟒蛇