I have django-python3-ldap
included in my Django project, and I have it pointed at an Active Directory server. It connects to the AD server and returns a the username, first name, and hashed password to the auth_user
table. How do I limit the search to only users in a specific AD group?
Here are the relevant settings:
LDAP_AUTH_SEARCH_BASE = "OU=******,DC=ad,DC=******,DC=org"
LDAP_AUTH_USER_FIELDS = {
"username": "samaccountname",
"first_name": "givenname",
"last_name": "surname",
"email": "EmailAddress",
}
LDAP_AUTH_OBJECT_CLASS = "User"
LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)
LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "AD"
LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"
I believe I need to use LDAP_AUTH_FORMAT_SEARCH_FILTERS
to "and" conditions to the original search base, but I'm not sure exactly how to do so. I assume I need to write a custom format_search_filter
, but I don't intuitively understand how it would cross-check with AD groups.
How to do the filtering with this particular package is documented here . Right in the example, it shows how you can filter using group membership. The following would limit the search to the AD group "foo"
# settings.py
LDAP_AUTH_FORMAT_SEARCH_FILTERS = "path.to.your.custom_format_search_filters"
# path/to/your/module.py
from django_python3_ldap.utils import format_search_filters
def custom_format_search_filters(ldap_fields):
# Add in simple filters.
ldap_fields["memberOf"] = "foo"
# Call the base format callable.
search_filters = format_search_filters(ldap_fields)
return search_filters
You could alternatively (or additionally) apply rules using usual LDAP filtering syntax...
search_filters.append("(|(memberOf=groupA)(memberOf=GroupB))")
You can read up more on filtering syntax here and many other places.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.