How to login using LDAP in Django

1
votes

I am trying to enable LDAP server for login and authenticate in my Django application. I read django-auth-ldap tutorial and done all the changes in settings.py.

But I not able to login from LDAP server users, Django always try to login only form local database.

What i have to do and change any thing while login user? any changes is required in view.py authenticate() function for login.

My code snippets are below : 

settings.py

AUTH_LDAP_SERVER_URI = 'ldap://my_domain.com'
AUTH_LDAP_BIND_DN = 'cn=admin,dc=my_domain,dc=com'
AUTH_LDAP_BIND_PASSWORD = 'My_password'
AUTH_LDAP_USER_SEARCH = LDAPSearch(
'ou=users,dc=my_domain,dc=com',
ldap.SCOPE_SUBTREE,
'(uid=%(user)s)',
)

AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}

# Set up the basic group parameters.

AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
'ou=django,dc=my_domain,dc=com',
ldap.SCOPE_SUBTREE,
'(objectClass=groupOfNames)',
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr='cn')

# Simple group restrictions

AUTH_LDAP_REQUIRE_GROUP = 'cn=enabled,ou=django,ou=groups,dc=my_domain,dc=com'
AUTH_LDAP_DENY_GROUP = 'cn=disabled,ou=django,ou=groups,dc=my_domain,dc=com'

# Populate the Django user from the LDAP directory.

AUTH_LDAP_USER_ATTR_MAP = {
"username": "uid",
"passsword": "userPassword"
}

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
'is_active': 'cn=active,ou=django,ou=groups,dc=my_domain,dc=com',
'is_staff': 'cn=staff,ou=django,ou=groups,dc=my_domain,dc=com',
'is_superuser': 'cn=superuser,ou=django,ou=groups,dc=my_domain,dc=com',
}

# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True
# Cache distinguised names and group memberships for an hour to minimize
# LDAP traffic.
AUTH_LDAP_CACHE_TIMEOUT = 3600
# Keep ModelBackend around for per-user permissions and maybe a local

# superuser.

AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)


#view.py

from django.contrib.auth import authenticate, login

def user_login(request):
    user = authenticate(username = username, password = password)
    login(request, user)
    return HttpResponseRedirect('/')

Any code changes required in user_login() function or djagno automatically checks and authenticate users from LDAP as well as local database.

I am not sure which Django function will used for login purpose.

Any one please help me.

1
djangoldap

1 Answers

0
votes

I was struggling for this soo long. and finally its working with django-auth-ldap on Django 2.2 + Python 3.6.8 .

This is my settings.py and its working fine.

import ldap
from django_auth_ldap.config import LDAPSearch, LDAPGroupQuery,GroupOfNamesType

AUTH_LDAP_SERVER_URI = 'ldap://192.168.122.222'
AUTH_LDAP_BIND_DN = 'CN=Django Admin,CN=Users,DC=hqvfx,DC=com'
AUTH_LDAP_BIND_PASSWORD = 'MyPassword'
AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=all,OU=LSA_Users,DC=hqvfx,DC=com',ldap.SCOPE_SUBTREE, '(sAMAccountName=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch('OU=HQ_Groups,DC=hqvfx,DC=com',ldap.SCOPE_SUBTREE, '(objectClass=top)')
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_MIRROR_GROUPS = True

# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
    'username': 'sAMAccountName',
    'first_name': 'displayName',
    'last_name': 'sn',
    'email': 'mail',
}

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    'is_active': 'CN=all, OU=HQ_Groups, DC=hqvfx, DC=com',
    'is_staff': 'CN=all, OU=HQ_Groups, DC=hqvfx, DC=com',
    'is_superuser': 'CN=all, OU=HQ_Groups, DC=hqvfx, DC=com',
}

AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_TIMEOUT = 3600
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)