Django-python3-ldap - only certain active directory user groups can login?

Question

I'm using the django-python3-ldap module located here https://github.com/etianen/django-python3-ldap#available-settings

I only want users who are a member of certain groups to be able to login, so I have created a function as suggested

def app_users(ldap_fields):
    # Add in simple filters.
    ldap_fields["memberOf"] = "App_Admin"
    # Call the base format callable.
    search_filters = format_search_filters(ldap_fields)
    # Advanced: apply custom LDAP filter logic.
    search_filters.append("(|(memberOf=App_Admin)(memberOf=App_ITUser)(memberOf=App_NetworkUser))")
    # All done!
    return search_filters

however this returns the below then debugging

LDAP connect succeeded
LDAP user attributes empty

I think its something to do with with the foo sample but I'm not sure how to fix it

Thanks

Answer 1

I can't remember what I did its so long ago now, but this is my LDAP config and I am using the ldap module for python 3

I didn't write this code I will have obtained it from somewhere, but I'm not sure where.

import ldap
# The URL of the LDAP server.
LDAP_AUTH_URL = 'ldap://domain.com:389'

# Initiate TLS on connection.
LDAP_AUTH_USE_TLS = False

# The LDAP search base for looking up users.
LDAP_AUTH_SEARCH_BASE = 'DC=domain,DC=com'

# The LDAP class that represents a user.
LDAP_AUTH_OBJECT_CLASS = 'organizationalPerson'

# User model fields mapped to the LDAP
# attributes that represent them.
LDAP_AUTH_USER_FIELDS = {
    'username': 'sAMAccountName',
    'first_name': 'givenName',
    'last_name': 'sn',
    'email': 'mail',
}

# A tuple of django model fields used to uniquely identify a user.
LDAP_AUTH_USER_LOOKUP_FIELDS = ('username',)

# Path to a callable that takes a dict of {model_field_name: value},
# returning a dict of clean model data.
# Use this to customize how data loaded from LDAP is saved to the User model.
LDAP_AUTH_CLEAN_USER_DATA = 'django_python3_ldap.utils.clean_user_data'

# Path to a callable that takes a user model and a dict of {ldap_field_name: [value]},
# and saves any additional user relationships based on the LDAP data.
# Use this to customize how data loaded from LDAP is saved to User model relations.
# For customizing non-related User model fields, use LDAP_AUTH_CLEAN_USER_DATA.
LDAP_AUTH_SYNC_USER_RELATIONS = 'django_python3_ldap.utils.sync_user_relations'

# Path to a callable that takes a dict of {ldap_field_name: value},
# returning a list of [ldap_search_filter]. The search filters will then be AND'd
# together when creating the final search filter.
LDAP_AUTH_FORMAT_SEARCH_FILTERS = 'django_python3_ldap.utils.format_search_filters'
#LDAP_AUTH_FORMAT_SEARCH_FILTERS = 'itapp.ldap_filters.app_users'

# Path to a callable that takes a dict of {model_field_name: value}, and returns
# a string of the username to bind to the LDAP server.
# Use this to support different types of LDAP server.
LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"


# Sets the login domain for Active Directory users.
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = 'DOMAIN'

# The LDAP username and password of a user for querying the LDAP database for user
# details. If None, then the authenticated user will be used for querying, and
# the `ldap_sync_users` command will perform an anonymous query.
LDAP_AUTH_CONNECTION_USERNAME = None
LDAP_AUTH_CONNECTION_PASSWORD = None

LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,
    "handlers": {
        "console": {
            "class": "logging.StreamHandler",
        },
    },
    "loggers": {
        "django_python3_ldap": {
            "handlers": ["console"],
            "level": "INFO",
        },
    },
}

AUTHENTICATION_BACKENDS = (
    'django_python3_ldap.auth.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend', #Comment out to prevent authentication from DB
)