0

I have seen almost every question and tutorial about this topic and i still cannot connect to my ldap with the django. Here are my settings.py and views.py below this. I really need to solve this, if anybody could help me I would really appreciate it, just somebody tell me what am I doing wrong because i cannot figure it out.

settings.py

AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend'
'django.contrib.auth.backends.ModelBackend',
)

main_dn = 'dc=fx3x,dc=com'
groups_dn = 'ou=Groups,' + main_dn
users_dn = 'ou=Users,' + main_dn

AUTH_LDAP_SERVER_URI = 'ldap://ldap.xxxmk.com'
#AUTH_LDAP_BIND_DN = 'dc=fx3x,dc=com'
#AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=Users,dc=fx3x,dc=com"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=fx3x,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Groups,dc=fx3x,dc=com", ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)")
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}
AUTH_LDAP_USER_ATTR_MAP = {
"full_name": "sn",
"username": "uid",
"password": "userPassword"
}

AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 2

views.py

from django.contrib.auth import authenticate, login, logout
import ldap
from django_auth_ldap.backend import LDAPBackend


def log_in_form_event(request):

response = {'success': False}


if request.method == "POST":

    try:
        ldap_username = request.POST["name"]
        ldap_password = request.POST["password"]
        #l_username = django_auth_ldap.django_to_ldap_username(ldap_username)
        #ip_server = settings.LDAP_BASES.get('ip')
        #userdn = settings.LDAP_BASES.get('users')
        ldap_connection = ldap.initialize('ldap://ldap.xxxmk.com')
        ldap_connection.simple_bind_s(username=ldap_username, password=ldap_password)
        auth = LDAPBackend()
        #user = ldap_connection.
        user = auth.authenticate(username=ldap_username, password=ldap_password)
        res = ldap_connection.search_ext_s(settings.AUTH_LDAP_USER_SEARCH, ldap.SCOPE_SUBTREE, "uid=%s" % ldap_username)
        login(request, user)
        response = {'success': True, 'note': "logged in"}

    except:
        response = {'success': False, 'note': "not logged in"}

return HttpResponse(simplejson.dumps(response), mimetype='application/json')
VictoriaWasp
  • 11
  • 2
  • What are the symptoms? Any errors? Provide a traceback in case. – alecxe May 29 '14 at 13:41
  • this is what it gives me in the console: [29/May/2014 13:43:37] "GET / HTTP/1.1" 200 2621 /usr/lib/python2.6/site-packages/django/http/response.py:327: DeprecationWarning: Using mimetype keyword argument is deprecated, use content_type instead super(HttpResponse, self).__init__(*args, **kwargs) [29/May/2014 13:43:45] "POST /log_in_form_event/ HTTP/1.1" 200 43 I believe that i cannot even connect to the ldap – VictoriaWasp May 29 '14 at 13:45
  • Nope, it is just a deprecation warning - it is not the problem. As I see, the view returns 200. Could you please omit the `try/except` and see what would be the error shown? – alecxe May 29 '14 at 13:47
  • in the response it said: log_in_form_event: simple_bind_s() got an unexpected keyword argument 'ldap_username' and when i removed that, in the console it said: "POST /log_in_form_event/ HTTP/1.1" 500 14863, internal server error – VictoriaWasp May 29 '14 at 13:54
  • Ok, any errors in logs, console or the browser page? Do you have `DEBUG=True` - set it to `True` if not. – alecxe May 29 '14 at 14:03
  • @alecxe do you know what is going on? it is set to true in the settings.py, and no errors nowhere. I really think that it is the format of this: AUTH_LDAP_SERVER_URI = 'ldap://ldap.xxxmk.com' ... but that's how the IT guy from the company told me to do it, in the browser we access it differently, with https://ldap.xxxmk:10000/ – VictoriaWasp May 29 '14 at 14:10

1 Answers1

1

It looks like you can just get rid of django-auth-ldap and write your own, simpler, backend. Or adapt the logic into your own login view.

# your_project/auth.py
import ldap
class MyLdapBackend(object):
    def authenticate(self, username = None, password = None):
         connection = ldap.initialize('ldap://ldap.xxxmk.com')

         # check user credentials
         try:
             connection.simple_bind_s(username, password)
         except ldap.INVALID_CREDENTIALS:
             return None # that's what your backend has to return on fail

         # authentication against the ldap succeed from here
         try:
             user = User.objects.get( username = username )
         except User.DoesNotExist:
             user = User( username = username, password = password )
             user.is_active = True
             user.save()
         return user # that's what your backend has to return on success

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

# your_project/settings.py
AUTHENTICATION_BACKENDS = (
    # both Django and you will use the same authentication logic:
    'your_project.auth.MyLdapBackend',
    # 'django.contrib.auth.backends.ModelBackend'
)

Hope this helps

Javed
  • 5,904
  • 4
  • 46
  • 71
Sebastien Briois
  • 56
  • 5