I
I
Iqbol2021-01-29 10:59:58
Django
Iqbol, 2021-01-29 10:59:58

How to solve LDAP user attributes empty problem?

The Django project uses the django-python3-ldap module for integration with AD, and upon authorization it produces the following logs:
LDAP connect succeeded
LDAP user attributes empty
[29/Jan/2021 12:01:14] "POST /admin/login/?next= /admin/ HTTP/1.1" 200 2359

Web interface error Incorrect username and password.
It is not clear what attributes she cannot find.

configurations:

LDAP_AUTH_URL = "ldap://192.168.0.4:389"
LDAP_AUTH_USE_TLS = False
LDAP_AUTH_SEARCH_BASE = "DC=Mydomain,DC=ru"

LDAP_AUTH_OBJECT_CLASS = "Users"

LDAP_AUTH_USER_FIELDS = {
"username": "sAMAccountName",
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}

LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)

LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"

LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"

LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"

LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"
LDAP_AUTH_CONNECTION_USERNAME = 'ldapadmin'
LDAP_AUTH_CONNECTION_PASSWORD = 'PassLdapAdmin'
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "Mydomain"

AUTHENTICATION_BACKENDS = (
'django_python3_ldap.auth.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)

LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,
    "handlers": {
        "console": {
            "class": "logging.StreamHandler",
        },
    },
    "loggers": {
        "django_python3_ldap": {
            "handlers": ["console"],
            "level": "INFO",
        },
    },
}

Answer the question

In order to leave comments, you need to log in

2 answer(s)
R
Roman Bezrukov, 2021-01-29
@Ikbolnav

LDAP_AUTH_OBJECT_CLASS = "Users"

in LDAP this class is usually just user (objectclass = user)
LDAP_AUTH_USER_LOOKUP_FIELDS = ("username")

If I understand correctly, you are trying to get the "username" attribute, which does not exist. It seems to me that sAMAccountName should be here

A
alfss, 2021-01-29
@alfss

Enable debug and see?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question