1

anyone using django_auth_ldap against an active directory server

I am trying to set up auth through django_auth_ldap and am having an issue. if i run my auth from the django interactive shell the auth works fine. example from the shell

>>> from django.contrib.auth import authenticate
>>> authenticate(username='#############',password='*************')
search_s('ou=People, o=hp.com', 2, '(uid=%(user)s)') returned 1 objects: uid=###########,ou=people,o=hp.com
Populating Django ###########
Django user ########## does not have a profile to populate
<User:########## >

but the same code from within a view in the app fails with

Caught LDAPError while authenticating ##########: SERVER_DOWN({'desc': "Can't contact LDAP server"},)
psagers
  • 859
  • 4
  • 5
Isaac Jessop
  • 110
  • 7
  • Make sure you have AUTH_LDAP_SERVER_URI = 'ldap://etc.com' configured correctly in settings, for your ldap server. You may want to check and see if you can ping the server you are using from your production environment if it's on a different server. – Michael Burns Feb 28 '14 at 00:13
  • I am running the app and the shell on the same server shell works app fails – Isaac Jessop Feb 28 '14 at 17:57
  • Is the server process running under the same system user as the shell? Does it work running `manage.py runserver` in the same context as `manage.py shell`? Is AUTH_LDAP_SERVER_URI an ldapi:// URI? An ldapi:// URI might not be equally accessible to all processes due to permissions, chroot, etc. – psagers Feb 28 '14 at 18:28
  • no the app is running as Apache. I figured it out. I decided I would set up remote debugging so that I could step through the process and see where it was failing in that process I found that the httpd process was being prevented (by selinux) from making a network connection back to my eclipse IDE fixing this fixed the app. I think selinux was preventing the app from connecting to the ldap server. When I got my debug environment all worked out and stepped through it all worked fine ! – Isaac Jessop Mar 01 '14 at 20:46

1 Answers1

3

I figured it out. I decided I would set up remote debugging so that I could step through the process and see where it was failing in that process I found that the httpd process was being prevented (by selinux) from making a network connection back to my eclipse IDE fixing this fixed the app. I think selinux was preventing the app from connecting to the ldap server. When I got my debug environment all worked out and stepped through it all worked fine !

the command to allow httpd to make a network connection as root setsebool -P httpd_can_network_connect 1

Isaac Jessop
  • 110
  • 7