I'm getting crazy cause of Django LDAP authentication.
I'm able to connect to the LDAP server (MS Active Directory), search for the user but unable to verify against groups (using the config param AUTH_LDAP_REQUIRE_GROUP).
Asking more detail about the AD structure, I found that the group use a multi-valued DN to store the users, named member
Studying the documentation, I found many AUTH_LDAP_GROUP_TYPE that manage that attribute, like:
MemberDNGroupTypeNestedMemberDNGroupTypeand their subclasses, but none of it can find the user in one of two groups
A screenshot of the group member attribute:
member list
This is the Django configuration related to LDAP
AUTH_LDAP_CONNECTION_OPTIONS ={
ldap.OPT_PROTOCOL_VERSION:ldap.VERSION3,
ldap.OPT_REFERRALS:0
}
AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType()
# Baseline configuration.
AUTH_LDAP_SERVER_URI = 'ldap://ldap.xxxx.com'
AUTH_LDAP_BIND_DN = '[email protected]'
AUTH_LDAP_BIND_PASSWORD = 'qwerty'
AUTH_LDAP_REQUIRE_GROUP = (
LDAPGroupQuery('cn=group_1,ou=group_container,dc=xxxx,dc=com') |
LDAPGroupQuery('cn=group_2,ou=group_container,dc=xxxx,dc=com'))
AUTH_LDAP_USER_SEARCH = LDAPSearch(
'ou=user_container,dc=xxxx,dc=com',
ldap.SCOPE_SUBTREE,
'(UserPrincipalName=%(user)s)',
)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
'ou=group_container,dc=xxxx,dc=com',
ldap.SCOPE_SUBTREE,
'(objectClass=nestedActiveDirectoryGroup)',
)
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_CACHE_TIMEOUT = 3600
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
The DN,OU,DC are correct for both users and groups.
Could be the problem related to the member attribute type?
Any idea on how to resolve it?
