django_auth_ldap raises OPERATIONS_ERROR

Question

I'm trying to build user authentication against our LDAP:

settings.py:

AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
    )

AUTH_LDAP_SERVER_URI = "ldap://********-dc01.*******.ru"

import ldap
from django_auth_ldap.config import LDAPSearch

AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_USER_SEARCH = LDAPSearch("cn=users,dc=*********,dc=ru",ldap.SCOPE_SUBTREE,"(uid=%(user)s)")

AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail"
}

import logging

logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel(logging.DEBUG)

views.py:

@login_required
def project_list(request):
...

urls.py:

(r'^accounts/login/$', 'django.contrib.auth.views.login',{'template_name':'login.html'}),

and the template is from this example.

It will take me to auth form and I get the following debug output:

search_s('cn=users,dc=********,dc=ru', 2, '(uid=bolotnov)') raised OPERATIONS_ERROR({'info': '000004DC: LdapErr: DSID-0C0906DC, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db0', 'desc': 'Operations error'},)
search_s('cn=users,dc=**********,dc=ru', 2, '(uid=bolotnov)') raised OPERATIONS_ERROR({'info': '000004DC: LdapErr: DSID-0C0906DC, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db0', 'desc': 'Operations error'},)
Authentication failed for bolotnov
Authentication failed for bolotnov

I tried googling but haven't found anything that could help me moth further, perhaps a hint from community - maybe there is something simple I'm missing or a check to do? I seem able to anonym bind to our ldap via Softerra LDAP browser maybe ldap_auth_user_search should be somewhat different?

Answer 1

Yeah, I've got it already in settings.py:

AUTH_LDAP_SERVER_URI = "ldap://myldapadress"

AUTH_LDAP_BIND_DN = "" AUTH_LDAP_BIND_PASSWORD = "" AUTH_LDAP_USER_SEARCH = LDAPSearch("my search configs", ldap.SCOPE_SUBTREE, "uid=uid")

AUTHENTICATION_BACKENDS = ( 'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', )

logger = logging.getLogger('django_auth_ldap')

logger.addHandler(logging.StreamHandler()) logger.setLevel(logging.DEBUG)

But my question was where and how I should implement ldap loggins so this funcktion in views.py would use it. Sorry for any english mistakes and too generall questions

Answer 2

I don't know if I can in this post ask another question. In views.py I have something like this:

def login(request):

c = {}
c.update(csrf(request))
return render_to_response('login.html', c)

def auth_view(request):

username = request.POST.get('username', '') password = request.POST.get('password', '') user = auth.authenticate(username=username, password=password)

if user is not None: auth.login(request, user) return HttpResponseRedirect('/loggedin') else: return HttpResponseRedirect('/invalid')

My question is how can I bind it with ldap server? In the django docs there is template for logging:

import logging

logger = logging.getLogger('django_auth_ldap') logger.addHandler(logging.StreamHandler()) logger.setLevel(logging.DEBUG)

But I don't know how to implement it in rhis code exactly

Answer 3

although ldap_simple_bind_s() would return a successful bind, it's about referrals option that I had to disable to get that to work:

ldap.set_option(ldap.OPT_REFERRALS, 0)

Answer 4

You need to bind to the server, even if it is an anonymous bind.

therefore you must have real values of

AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""