Using django-auth-ldap with Active Directory (Authentication failed to map the username to a DN)

Question

I'am trying to use django-auth-ldap, without success, to authenticate a user in Django through my Active Directory.

My active directory has the following tree:

DC=test,DC=local
- CN=Users
  - CN=Administrator
  - CN=test

I have (in settings.py) :

AUTH_LDAP_SERVER_URI = "ldap://something.test.local"

AUTH_LDAP_BIND_DN = "cn=Administrator,cn=Users,dc=test,dc=local"
AUTH_LDAP_BIND_PASSWORD = "password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("cn=Users,dc=test,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")

and I always got (debugging in Django shell):

>>> from django.contrib.auth import authenticate, login
>>> authenticate(username='test', password='password')
search_s('cn=Users,dc=test,dc=local', 2, '(uid=%(user)s)') returned 0 objects:
Authentication failed for test: failed to map the username to a DN.

NBajanca NBajanca · Accepted Answer · 2016-05-04T16:19:04

Where there is:

AUTH_LDAP_USER_SEARCH = LDAPSearch("cn=Users,dc=test,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")

It should be:

AUTH_LDAP_USER_SEARCH = LDAPSearch("cn=Users,dc=test,dc=local",
ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")

Because the field uid is usually empty in Active Directory and so the search will not return the user pretended.

No I get:

search_s('cn=Users,dc=test,dc=local', 2, '(uid=%(user)s)') returned 1 objects: cn=test,cn=users,dc=test,dc=local
Created Django user test
Populating Django user test
<User: test>

Using django-auth-ldap with Active Directory (Authentication failed to map the username to a DN)

1 Answers