I am using a fork of django-auth-ldap (django-auth-ldap-ng==1.7.6) with pyldap==2.4.25.1 to connect to ldap. I am able to successfully log in but I am running into errors. I am getting a DN_SYNTAX error even though I am able to still log in with ldap credentials and map attributes. Here is the main error code:
INFO "GET /login HTTP/1.1" 200 3141
DEBUG (0.000) SELECT "auth_user"."id", "auth_user"."password","auth_user"."last_login", "auth_user"."is_superuser", "auth_user"."username", "auth_user"."first_name", "auth_user"."last_name", "auth_user"."email", "auth_user"."is_staff", "auth_user"."is_active", "auth_user"."date_joined" FROM "auth_user" WHERE "auth_user"."username" LIKE 'zorpho' ESCAPE '\'; args=('zorpho',)
DEBUG Populating Django user zorpho
ERROR search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') raised INVALID_DN_SYNTAX({'desc': 'Invalid DN syntax', 'info': "0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:\n\t'zorpho@MyCompany.local'\n"},)
DEBUG search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') returned 0 objects:
WARNING zorpho@MyCompany.local does not have a value for the attribute mail
ERROR search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') raised INVALID_DN_SYNTAX({'desc': 'Invalid DN syntax', 'info': "0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:\n\t'zorpho@MyCompany.local'\n"},)
DEBUG search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') returned 0 objects:
WARNING zorpho@MyCompany.local does not have a value for the attribute sn
ERROR search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') raised INVALID_DN_SYNTAX({'desc': 'Invalid DN syntax', 'info': "0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:\n\t'zorpho@MyCompany.local'\n"},)
DEBUG search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') returned 0 objects:
WARNING zorpho@MyCompany.local does not have a value for the attribute givenName
DEBUG zorpho@MyCompany.local is not a member of cn=administrators,ou=security groups,ou=mybusiness,dc=mycompany,dc=local
DEBUG search_s('OU=MyBusiness,DC=MyCompany,DC=local', 2, '(&(objectClass=groupOfNames)(member=zorpho@MyCompany.local))') returned 0 objects:
Here is my settings.py setup:
# Set up LDAP Authentication
import ldap
from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType, GroupOfNamesType
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
# Connect to the LDAP server
AUTH_LDAP_SERVER_URI = "ldap://IP Address"
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
AUTH_LDAP_BIND_DN = "Administrator"
AUTH_LDAP_BIND_PASSWORD = "Password"
# How do we find users?
AUTH_LDAP_USER_DN_TEMPLATE = "%(user)s@MyCompany.local"
AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=MyBusiness,DC=MyCompany,DC=local",
ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")
# new code 3/3
AUTH_LDAP_FIND_GROUP_PERMS = True
# User groups refresh after login/logout new code 3/3
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# How do we find groups?
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=MyBusiness,DC=MyCompany,DC=local",
ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)")
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
#AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
# Map attributes to the user
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_staff": "CN=Administrators,OU=Security Groups,OU=MyBusiness,DC=MyCompany,DC=local",
}
# Use LDAP groups as Django groups
AUTH_LDAP_MIRROR_GROUPS = True
# Misc options
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}
I have tried using the "ActiveDirectoryGroupType" but that didn't seem to make a difference. Any suggestions?
