I almost broke my mind trying to adjust my test django project to connect with my Active Directory. The goal is to create a simple login page that will check credentials with AD users data. AD located on the same machine as Django. AD users involved into process: admin, bind AD groups involved: django-admins AD has a default structure, with default Users folder where I created my users and a group.
My settings.py file is below
import os
from pathlib import Path
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
AUTH_LDAP_SERVER_URI = "ldap://192.168.149.10"
AUTH_LDAP_AUTHORIZE_ALL_USERS = True
AUTH_LDAP_PERMIT_EMPTY_PASSWORD = True
AUTH_LDAP_BIND_DN = "CN=bind,CN=Users,DC=ATK,DC=BIZ"
AUTH_LDAP_BIND_PASSWORD = "Hahalala90!"
AUTH_LDAP_USER_SEARCH = LDAPSearch(
"dc=ATK,dc=BIZ", ldap.SCOPE_SUBTREE, "(uid=%(user)s"
)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
"dc=ATK,dc=BIZ",
ldap.SCOPE_SUBTREE,
"(objectCategory=Group)",
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
AUTH_LDAP_START_TLS = True
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "cn=active,CN=django-admins,CN=Users,DC=ATK,DC=BIZ",
"is_staff": "cn=staff,cn=django-admins,cn=Users,dc=ATK,dc=BIZ",
"is_superuser": "cn=superuser,cn=django-admins,cn=Users,dc=ATK,dc=BIZ",
}
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_TIMEOUT = 3600
AUTH_LDAP_CACHE_GROUPS = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
DRAL_CHECK_DOMAIN = False
I followed the official documentation of django-auth-ldap and many others sources.
And when I try to login into django-admin panel I receive Please enter the correct username and password for a staff account. Note that both fields may be case-sensitive..
Moreover, I tried to login through my login page and received response 200 with
data:{success: false, error: 'Invalid username or password'}
So obviously it doesn't recognize my credentials.
Please, show me the direction, I tried almost everything in these 3 weeks.
P.S. Ldap is running, the only thing that worked is a ldap3 library.
Tried this: https://techexpert.tips/django/django-ldap-authentication-active-directory/ Tried this: https://django-auth-ldap.readthedocs.io/en/latest/ Tried: ldap3 django-auth-ldap3 django-auth-ldap3-ad Tried to use django remoteAuth The only thing that gave me a hope is ldap3, through which I received the list of all members of django-admins AD group.
