django-auth-ldap身份验证失败 | ldap身份验证失败

本文介绍了django-auth-ldap身份验证失败的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在我的项目中使用 Django-Auth-Ldap (Django 1.6 ，Python 2.7)，但无法正常工作.

I'm trying to use Django-Auth-Ldap in my project (Django 1.6, Python 2.7) but it is not working.

我的活动目录shema是:

My active Directory shema is:

我已经通过安装ldap-utils软件包在cmd线上测试了连接

I've tested the connection on the cmd line by installing the ldap-utils package

sudo apt-get install ldap-utils

ldapsearch -H ldap://domain.com -D "ou=Resources,ou=Company, dc=domain,dc=com" -U "user_name" -w "user_password" -v -d 1

连接测试工作正常.

我正在使用以下代码从外壳测试python-ldap连接:

I am using below code to test python-ldap connection from the shell:

import ldap

con = ldap.initialize('ldap://domain.com')

con.simple_bind_s('User_mail', 'User_password')

results = con.search_s('ou=Users,ou=Resources,ou=Company,dc=domain,dc=com', ldap.SCOPE_SUBTREE, "(cn=User_name)")

python-ldap连接工作正常.

python-ldap connection works fine.

我的问题是如何从django登录界面对AD用户进行身份验证?

settings.py:

import ldap
from django_auth_ldap.config import LDAPSearch

# The URL of the LDAP server.
AUTH_LDAP_SERVER_URI = "ldap://domain.com"
AUTH_LDAP_BIND_DN = "cn='User_name',ou=Resources,ou=Company,dc=domain,dc=com"
AUTH_LDAP_BIND_PASSWORD = "User_password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,ou=Resources,ou=Company,dc=domain,dc=com",ldap.SCOPE_SUBTREE, "(cn=%(user)s)")
AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_REFERRALS : False }

AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)

views.py:

from django_auth_ldap.backend import LDAPBackend
auth = LDAPBackend()
user = auth.authenticate(username="User_name", password="User_password")

在文件django-ldap-debug.log中，出现此错误:

In the file django-ldap-debug.log I have this error:

Caught LDAPError while authenticating User_name: INVALID_CREDENTIALS({'info': '80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc': 'Invalid credentials'},)

推荐答案

我找到了答案.

我通过添加(OU = Users)

I changed the AUTH_LDAP_BIND_DN by adding (OU=Users)

我必须使用samAccountName代替 AUTH_LDAP_USER_SEARCH

I must use samAccountName instead of CN in AUTH_LDAP_USER_SEARCH

我的新设置.py:

import ldap, logging
from django_auth_ldap.config import LDAPSearch

logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel(logging.DEBUG)

AUTH_LDAP_SERVER_URI = "ldap://domain.com"
AUTH_LDAP_BIND_DN = "CN=User_name,OU=Users,OU=Resources,OU=Company,DC=domain,DC=com"
AUTH_LDAP_BIND_PASSWORD = "User_password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=Users,OU=Resources,OU=Company,DC=domain,DC=com",ldap.SCOPE_SUBTREE, "(samAccountName=%(user)s)")

AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)

我的views.py

My views.py

from django_auth_ldap.backend import LDAPBackend

def login(request):
    if request.method == 'POST':
        form = MyLoginForm(data=request.POST)
        if form.is_valid():
            username = form.cleaned_data['username']
            password = form.cleaned_data['password']
            auth = LDAPBackend()
            user = auth.authenticate(username=username, password=password)
            if user is not None:
                ....
    else:
        form = MyLoginForm()

    ....

希望对所有人有帮助:)

Hope this help all :)

这篇关于django-auth-ldap身份验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！