I am trying to authenticate the user with the LDAP server in django.
I have configured my settings.py as follows:
AUTH_LDAP_SERVER_URI = "ldap.forumsys.com"
AUTH_LDAP_BIND_DN = "cn=read-only-admin,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("dc=example,dc=com",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_START_TLS = True
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
In my views i have tried to authenticate it with the LDAPBACKEND
from django.http import HttpResponse
from django_auth_ldap.backend import LDAPBackend
from django.contrib.auth.models import User
from django.conf import settings
def login_user(request):
state = ""
username = settings.AUTH_LDAP_BIND_DN
password = settings.AUTH_LDAP_BIND_PASSWORD
auth = LDAPBackend()
try:
User = auth.authenticate(username=username,password=password)
if User is not None:
state = "Valid"
else:
state = "Invalid"
except LDAPError as e:
state = "Error"
return HttpResponse(state)
But i am getting an error as
LDAPError while authenticating cn=read-only-admin,dc=example,dc=com: LDAPError(0,'Error')
And I do have another doubt. Is the username
and password
is same as the bind_username
and bind_password
?
My experience with LDAP didn't call for any view changes. I used the django-auth-ldap library which only required additional settings to use:
#-----------------------------------------------------------------------------#
#
# LDAP Settings
#
#-----------------------------------------------------------------------------#
AUTHENTICATION_BACKENDS += ('django_auth_ldap.backend.LDAPBackend',)
AUTH_LDAP_SERVER_URI = "ldaps://your.ldap.server"
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=example,dc=com"
Using a bind login works as well with these additional settings:
import ldap
from django_auth_ldap.config import LDAPSearch
AUTH_LDAP_BIND_DN = "<user>"
AUTH_LDAP_BIND_PASSWORD = "<password>"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=example,dc=com",ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
Normal Django login views work fine with this setup.
EDIT: I should add that one should confirm that LDAP is working via the command line on the server before trying with Django. This is what held me up at first.
Make sure AUTH_LDAP_SERVER_URI should be hostname or IP address of AD. In django settings.py :
AUTH_LDAP_SERVER_URI = "ldap://hostname or Ip address of active directory"
AUTH_LDAP_BIND_DN = "CN=sAMAccountName,CN=Users,DC=yourdomain,DC=com"
AUTH_LDAP_BIND_PASSWORD = *******
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
}
AUTH_LDAP_USER_SEARCH = LDAPSearch('CN=Users,DC=yourdomain,DC=com',
ldap.SCOPE_SUBTREE, "userPrincipalName=%(user)s")
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend')
And views.py should be like this,
from django.contrib.auth import views as auth_views
from forms import ProjectRequestForm, ExAuthenticationForm
def login(request):
return auth_views.login(request, template_name='login.html', authentication_form=ExAuthenticationForm)
I would recommend to use the class based view. Also, you should assign username
and password
with the input of the user.
Also you should only use the authenticate()
function.
from django.contrib.auth import authenticate
class LoginView(FormView):
form_class = LoginForm
success_url = reverse_lazy('main')
template_name = 'module_name/login.html'
def form_valid(self, form):
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user = authenticate(username=username, password=password)
if user is not None and user.is_active:
login(self.request, user)
return super(LoginView, self).form_valid(form)
else:
return self.form_invalid(form)
Use the default Django LoginView to start with. It should work...
def login(request):
return LoginView.as_view(template_name='login.html')(request)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.