django authentication active-directory ldap django-auth-ldap

django auth ldap



authentication active-directory (1)

He estado intentando que las asignaciones de LDAP -> Django grupos funcionen sin éxito. Todo parece funcionar bien, excepto la parte de mapeo grupal. Mi backend LDAP es Active Directory. Estoy usando django-auth-ldap 1.0.10.

settings.py:

import ldap, logging from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType logger = logging.getLogger(''django_auth_ldap'') logger.addHandler(logging.StreamHandler()) logger.setLevel(logging.DEBUG) AUTH_LDAP_SERVER_URI = "ldap://sub.domain.com" AUTH_LDAP_BIND_DN = ''CN=Bind Account,OU=Users,OU=Users,OU=Chicago,DC=sub,DC=domain,DC=com'' AUTH_LDAP_BIND_PASSWORD = ''passwd'' AUTH_LDAP_USER_SEARCH = LDAPSearch(''OU=Users,OU=Users,OU=Chicago,DC=sub,DC=domain,DC=com'', ldap.SCOPE_SUBTREE, "(uid=%(user)s)",) AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=Groups,OU=Chicago,DC=sub,DC=domain,DC=com", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)") AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType() AUTH_LDAP_FIND_GROUP_PERMS = True #AUTH_LDAP_CACHE_GROUPS = True #AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600 AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: False, ldap.OPT_REFERRALS: False, } AUTH_LDAP_USER_ATTR_MAP = { "first_name": "givenName", "last_name": "sn", "email": "mail" } AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_staff": "CN=SomeGroup,OU=Groups,OU=Chicago,DC=sub,DC=domain,DC=com", } AUTHENTICATION_BACKENDS = ( ''django_auth_ldap.backend.LDAPBackend'', ''django.contrib.auth.backends.ModelBackend'', )

y mis registros

search_s(''OU=Users,OU=Users,OU=Chicago,DC=sub,DC=domain,DC=com'', 2, ''(uid=myuser)'') returned 1 objects: CN=My User,OU=Users,OU=Users,OU=Chicago,DC=sub,DC=domain,DC=com Populating Django user myuser CN=My User,OU=Users,OU=Users,OU=Chicago,DC=sub,DC=domain,DC=com is a member of CN=SomeGroup,OU=Groups,OU=Chicago,DC=sub,DC=domain,DC=com search_s(''OU=Groups,OU=Chicago,DC=sub,DC=domain,DC=com'', 2, ''(&(objectClass=groupOfNames)(member=CN=My User,OU=Users,OU=Users,OU=Chicago,DC=sub,DC=domain,DC=com))'') returned 0 objects: Populating Django user profile for myuser

Encontré la respuesta. En la búsqueda de grupo, cambié el filtro para que fuera objectClass = group en lugar de objectClass = groupOfNames. Todo está bien.