Mapping LDAP users to Django users with Django Auth Ldap
I'm using Django 1.3 and Django Auth Ldap 1.0.6. and I'm trying to have the users who have a special status on the LDAP Server (admins) have the same status in my Django application.
These are my current settings:
AUTH_LDAP_SERVER_URI = 'ldap://path.to.server'
AUTH_LDAP_BIND_DN = ''
AUTH_LDAP_BIND_PASSWORD = ''
AUTH_LDAP_USER_DN_TEMPLA开发者_如何学编程TE = 'uid=%(user)s,cn=users,dc=server,dc=location,dc=lan'
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
'cn=groups,dc=server,dc=location,dc=lan',
ldap.SCOPE_SUBTREE,
'(objectClass=groupOfNames)',
)
AUTH_LDAP_USER_ATTR_MAP = {
'first_name': 'givenName',
'last_name': 'sn',
}
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
#'is_active': 'cn=groups,dc=server,dc=location,dc=lan',
#'is_staff': 'cn=admin,cn=groups,dc=server,dc=location,dc=lan',
#'is_superuser': 'cn=admin,cn=groups,dc=server,dc=location,dc=lan',
}
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_FIND_GROUPS_PERMS = True
Permissions aren't updated. If I uncomment the values in FLAGS_BY_GROUP, I can't authenticate any more (the error message says that the user and password don't match). I tried without the last setting with the same results.
Any ideas are highly appreciated.
If you set AUTH_LDAP_GROUP_SEARCH
, you also need to set AUTH_LDAP_GROUP_TYPE
. Since you're apparently using groupOfNames for grouping, you need AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
.
Everything else looks okay, although it's unlikely that you need both AUTH_LDAP_MIRROR_GROUPS
and AUTH_LDAP_FIND_GROUPS_PERMS
. It's probably not hurting anything, but those are meant to be alternatives.
In general, logging is your friend in cases like this.
With the help of psagers' tips, I managed to find the answer to my issue. First, I'm using Open Directory, so I need to use AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr='cn') instead of GroupOfNamesType(). Second, mapping the 'is_active' flag to the entire 'groups' container doesn't make sense, because I can't login when I use it, so I took it out.
精彩评论