1. 首页
  2. 问答
  3. 如何为Active Directoy配置django-python3-ldap身份验证?

如何为Active Directoy配置django-python3-ldap身份验证?

2017-05-25 196 views
2

我目前正在尝试安装django 1.11以使用django-python3-ldap 0.9.14模块进行身份验证。我在这里找到了这个模块https://github.com/etianen/django-python3-ldap如何为Active Directoy配置django-python3-ldap身份验证?

我首先使用我的凭据测试了与Active Directory Studio(http://directory.apache.org/studio/)的通信。我注意到我必须使用以下设置进行身份验证。

网络参数 主机名:serversipaddress 端口:389 加密方法:启动TLS扩展 提供者:Apache目录LDAP客户端API

认证 绑定用户:用户名 密码:XXXXX

然后我可以连接。

我在settings.py文件中设置了ldap配置,注意到MS Active Directory有特定的设置。为了测试通信我然后跑

python3 manage.py ldap_sync_users -v 3

我可以看到,沟通工作,因为它是抓住用户并将它们插入到Django数据库。

我进而促进用户

python3 manage.py ldap_promote rmilo

但这一设置后,我无法登录使用LDAP从一个rmilo用户管理页面。 http://127.0.0.1:8000/admin/login/?next=/admin/

有人可以帮我弄清楚我的配置有什么问题吗?

,日志

[25/May/2017 23:17:03] "POST /admin/login/?next=/admin/ HTTP/1.1" 200 1813 
LDAP connect failed: LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - 80090308: 
LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1

settings.py

""" 
Django settings for project1 project. 

Generated by 'django-admin startproject' using Django 1.11. 

For more information on this file, see 
https://docs.djangoproject.com/en/1.11/topics/settings/ 

For the full list of settings and their values, see 
https://docs.djangoproject.com/en/1.11/ref/settings/ 
""" 

import os 

# Build paths inside the project like this: os.path.join(BASE_DIR, ...) 
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) 


# Quick-start development settings - unsuitable for production 
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/ 

# SECURITY WARNING: keep the secret key used in production secret! 
SECRET_KEY = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' 

# SECURITY WARNING: don't run with debug turned on in production! 
DEBUG = True 

ALLOWED_HOSTS = [] 



# LDAP auth settings. 

LDAP_AUTH_URL = "ldap://XXX.XXX.XXX.XXX:389" 
LDAP_AUTH_USE_TLS = None 
LDAP_AUTH_SEARCH_BASE = "DC=ecdc,DC=edgecast,DC=com" 

LDAP_AUTH_OBJECT_CLASS = "organizationalPerson" 

LDAP_AUTH_USER_FIELDS = { 
"username": "sAMAccountName", 
"first_name": "givenName", 
"last_name": "sn", 
"email": "mail", 
} 

LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",) 

LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data" 

LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations" 

LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters" 

LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory" 
LDAP_AUTH_CONNECTION_USERNAME = 'username' 
LDAP_AUTH_CONNECTION_PASSWORD = 'password' 


AUTHENTICATION_BACKENDS = (
'django_python3_ldap.auth.LDAPBackend', 
'django.contrib.auth.backends.ModelBackend', 
) 

LOGGING = { 
    "version": 1, 
    "disable_existing_loggers": False, 
    "handlers": { 
     "console": { 
      "class": "logging.StreamHandler", 
     }, 
    }, 
    "loggers": { 
     "django_python3_ldap": { 
      "handlers": ["console"], 
      "level": "INFO", 
     }, 
    }, 
} 

# Application definition 





INSTALLED_APPS = [ 

    'django.contrib.admin', 
    'django.contrib.auth', 
    'django.contrib.contenttypes', 
    'django.contrib.sessions', 
    'django.contrib.messages', 
    'django.contrib.staticfiles', 
    'django_python3_ldap', 
] 

MIDDLEWARE = [ 
    'django.middleware.security.SecurityMiddleware', 
    'django.contrib.sessions.middleware.SessionMiddleware', 
    'django.middleware.common.CommonMiddleware', 
    'django.middleware.csrf.CsrfViewMiddleware', 
    'django.contrib.auth.middleware.AuthenticationMiddleware', 
    'django.contrib.messages.middleware.MessageMiddleware', 
    'django.middleware.clickjacking.XFrameOptionsMiddleware', 
] 

ROOT_URLCONF = 'project1.urls' 

TEMPLATES = [ 
    { 
     'BACKEND': 'django.template.backends.django.DjangoTemplates', 
     'DIRS': ['./templates',], 
     'APP_DIRS': True, 
     'OPTIONS': { 
      'context_processors': [ 
       'django.template.context_processors.debug', 
       'django.template.context_processors.request', 
       'django.contrib.auth.context_processors.auth', 
       'django.contrib.messages.context_processors.messages', 
      ], 
     }, 
    }, 
] 

WSGI_APPLICATION = 'project1.wsgi.application' 


# Database 
# https://docs.djangoproject.com/en/1.11/ref/settings/#databases 
DATABASES = { 
    'default': { 
     'NAME': 'project1', 
     'ENGINE': 'django.db.backends.mysql', 
     'USER': 'root', 
     'PASSWORD': 'XXXXX', 
     'HOST': 'localhost', 
     'PORT': '3306', 

    } 
} 

# Password validation 
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators 

AUTH_PASSWORD_VALIDATORS = [ 
    { 
     'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', 
    }, 
    { 
     'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 
    }, 
    { 
     'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', 
    }, 
    { 
     'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', 
    }, 
] 


# Internationalization 
# https://docs.djangoproject.com/en/1.11/topics/i18n/ 

LANGUAGE_CODE = 'en-us' 

TIME_ZONE = 'UTC' 

USE_I18N = True 

USE_L10N = True 

USE_TZ = True 


# Static files (CSS, JavaScript, Images) 
# https://docs.djangoproject.com/en/1.11/howto/static-files/ 

STATIC_URL = '/static/' 


EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'

来源

2017-05-25 pitchblack408

回答

1

,我跑进了一个域名问题,最后一个问题中显示出来的错误。在添加下面的行后,我可以使用ldap凭证登录。

LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "ECDC"

来源

2017-05-26 00:09:45 pitchblack408

相关问题

 相关问题