Change LDAP password encryption using django-python3-ldap

Question

EDIT 2:

It seems that the migrate command is importing the data BUT the password is set to "unusable" as it is calling this method in the library:

# If the user was created, set them an unusable password.
if created:
   user.set_unusable_password() # Will call: self.password = make_password(None)
   user.save()

If anyone has a solution? Did you manage to use django-python3-ldap with a different version?

---

EDIT1:

Does someone manage to use django-python3-ldap successfully and can show me his settings. It is possible that I forgot a config in my settings...

Thank you!

---

I am using django-python3-ldap v0.11.2 for LDAP authentication in Django.

I successfully managed to connect to my ldap test server which I created with some dummy users. The migration using this command: python manage.py ldap_sync_users works fine and is refreshing my db.

However, when I try to connect with one of the user, I am getting this error message: LDAP connect failed: LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - INVALID_CREDENTIALS: Bind failed: Invalid authentication - bindResponse - None .

I suspect this is because the stored password is incorrectly encrypted... This is because the following test works fine:

• Connect with a pre existing admin account
• Change the password for newly imported user jdoe to abc
• Log out
• The connection using user: jdoe and password abc now works perfectly fine!

Have anyone faced this issue before? Or knows how to change the password encryption used by the migrate command? Or maybe I missed an important LDAP configuration...

Python LDAP settings:

# LDAP Connection Settings
LDAP_AUTH_URL = "ldap://localhost:10389"
LDAP_AUTH_USE_TLS = None
LDAP_AUTH_SEARCH_BASE = "DC=example,DC=com"

LDAP_AUTH_USER_FIELDS = {
    "username": "uid",
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
    "password": "userPassword"
}

LDAP_AUTH_OBJECT_CLASS = "organizationalPerson"

LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)

LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"

LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"

LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"

LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"
LDAP_AUTH_CONNECTION_USERNAME = 'uid=admin,ou=system'
LDAP_AUTH_CONNECTION_PASSWORD = 'secret'

LDAP test user config:

dn: cn=Jane Doe,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Jane Doe
sn: Doe
ou: site_admin
description: 19650324000000Z
employeeNumber: 12
givenName: Jane
mail: jane@example.com
telephoneNumber: 169-637-3314
telephoneNumber: 907-547-9114
uid: jdoe
userPassword:: abc

Extract of my test db:

Username | Password

jdoe...........|.ipxhdylGKTwILF...

OkUser......| pbkdf2_sha256 $150000$PHBKev...

Thank you for your help

Answer 1

I finally decided to implement my own authenticate & get user method which is:

• Checking if the user already exists (basic django authentication)
• If not, check if the user with the provided username is part of specific ad group. If he is part of it, create a user using the basic django:

User.objects.create_superuser(username=username,
                              email=mail,
                              password='mypassword',
                              first_name=first_name,
                              last_name=last_name)