python
Looking for some help with the django-auth-ldap package.
Background - I am trying to add LDAP users to the default user roles STAFF, ACTIVE, and SUPERUSER. As you can no doubt see from the the debug.log that the django-auth-ldap successfully finds the LDAP username and populates DJANGO accordingly.
However it does not add the LDAP user to the relevant roles ieactive, staff, superuser, because it states that it does not belong to the relevant group although performing an LDAP search on both the username and group says otherwise.
Any help/advice would be greatly appreciated.
Thanks
debug.log
search_s('ou=xxxx,o=xx,c=uk', 2, '(uid=%(user)s)') returned 1 objects: cn=someusername,ou=xx,ou=xxxxx,ou=xxxx,o=xx,c=uk
Populating Django user someusername
cn=someusername,ou=xxxx,ou=xxx,ou=xxx,o=xx,c=uk is not a member of cn=somegroup,ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk
cn=someusername,ou=xxxx,ou=xxx,ou=xxx,o=xx,c=uk is not a member of cn=somegroup,ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk
cn=someusername,ou=xxxx,ou=xxx,ou=xxx,o=xx,c=uk is not a member of cn=somegroup,ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk
settings.py
import os
import ldap
import logging
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, PosixGroupType
** Omitted for clarity **
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
LDAP_AUTH_URL = "ldaps://ldap.xxxxxxxxxxx.xx.uk/"
LDAP_AUTH_SEARCH_BASE = "ou=xxxx,o=xx,c=uk"
# Application definition
AUTH_LDAP_GLOBAL_OPTIONS = {
ldap.OPT_X_TLS_REQUIRE_CERT: False,
ldap.OPT_REFERRALS: False,
}
AUTH_LDAP_SERVER_URI = "ldaps://ldap.xxxxxxxxxx.xx.uk"
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=xxxx,o=xx,c=uk", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk",
ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "cn=somegroup,ou=xxx,ou=xxx,ou=xxx,ou=xxxx,o=xx,c=uk",
"is_staff": "cn=somegroup,ou=xxx,ou=xxx,ou=xxx,ou=xxxx,o=xx,c=uk",
"is_superuser": "cn=somegroup,ou=xxx,ou=xxx,ou=xxx,ou=xxxx,o=xx,c=uk"
}
** Omitted for clarity**
Output from LDAP group search### (some lines omitted)
# ldapsearch -x -H ldap://ldap.xxxxxxxxxxx.xx.uk/ cn=somegroup
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: cn=somegroup
# requesting: ALL
#
# somegroup, xx, xxx, xxxx, xx, uk
dn: cn=somegroup,ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk
objectClass: groupOfNames
objectClass: top
member;x-static:cn=someusername,ou=xxxx,ou=xxx,ou=xxx,o=xx,c=uk
cn:somegroup
Output from LDAP username search ### (some lines omitted)
# ldapsearch -x -H ldap://ldap.xxxxxxxxxxx.xx.uk/ cn=someusername
someusername, xxxx, xxx, xxx, xx, uk
dn: cn=someusername,ou=xxxx,ou=xxx,ou=xxx,o=xx,c=uk
uniqueID: someusername
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ndsLoginProperties
objectClass: person
objectClass: top
objectClass: posixAccount
objectClass: posixGroup
groupMembership: cn=somegroup,ou=xx,ou=xxx,ou=xxxx,o=xx,c=uk
cn: someusername
链接地址: http://www.djcxy.com/p/33700.html
上一篇: codename一个android拦截url的问题
下一篇: 蟒蛇