stackoom
  简体   繁体   中英

django + ldap3 error on prod envirounment

 原文  2015-12-08 14:56:33       python/ django/ ldap

Question

Please help, i have next issue. I have django 1.8 (python 3.3.5, centos 7) app with ldap authentication through external MS AD server. On my local dev envirounment everything is working fine and it is possible to authorize in the app, but after migration to the prod with Apache server it fails with Error permission denied. I am using ldap3 with django-python3-ldap https://github.com/etianen/django-python3-ldap

Error: 

DAPSocketOpenError at /login/
('unable to open socket', [(datetime.datetime(2015, 12, 8, 14, 53, 5, 22728), <class 'ldap3.core.exceptions.LDAPSocketOpenError'>, LDAPSocketOpenError('socket connection error: [Errno 13] Permission denied',), ('172.20.48.12', 389)), (datetime.datetime(2015, 12, 8, 14, 53, 5, 23125), <class 'ldap3.core.exceptions.LDAPSocketOpenError'>, LDAPSocketOpenError('socket connection error: [Errno 13] Permission denied',), ('172.20.48.11', 389))])

 Exception Location:    /usr/local/lib/python3.3/site-packages/ldap3/strategy/base.py in open, line 136

Connection line from the exception: 

Connection(server=Server(host='ldap.server.corp', port=389, use_ssl=False, get_info='NO_INFO'), user='COMPANY\\user', password=u'value_password', auto_bind='NO_TLS', version=3, authentication='SIMPLE', client_strategy='SYNC', auto_referrals=True, check_names=True, read_only=False, lazy=False, raise_exceptions=False, fast_decoder=True)

When i start the app on dev django server - it is working fine, but when i run it through the apache it fails. I can share any details if there is such need. Thank you.

2 answers

solution1
 2  2018-07-04 10:00:52

This is probably due to SELinux permissions. httpd is unable to create the socket to connect to the LDAP. There is no need to disable SELinux completely.

First do a check with 

getsebool -a | grep ldap # check SE booleans

You should see 

authlogin_nsswitch_use_ldap --> off
dhcpd_use_ldap --> off
httpd_can_connect_ldap --> off

Set the boolean with the following command 

setsebool -P httpd_can_connect_ldap 1 #-P turns sets the boolean permanently (persist across reboots)

End result 

authlogin_nsswitch_use_ldap --> off
dhcpd_use_ldap --> off
httpd_can_connect_ldap --> on

solution2
 0  2015-12-10 07:20:44

With which user are you running Apache? probably it can't open sockets. Also if you're using wsgi check the user that run the python interpreter.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question authentication django app with ldap3 Django LDAP3 security with TLS: am I secure? Python ldap3 rebind method doesn't raise error I'm getting an "invalid filter" error with an LDAP3 search Flask ldap3 issue with login Python ldap3 create group python ldap3 search LDAPOperationsErrorResult Python ldap3 Search whenCreated LDAP filter with ldap3 library not working Python ldap3 connection fails when django app is deployed on ecs, but not on local
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM