Thursday, September 25, 2014

Ldap authentication using django_auth_ldap

This is my settings.py file. I am trying to create an application where the user will be able to login using their windows credentials. 




import os
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
BASE_DIR = os.path.dirname(os.path.dirname(__file__))

SECRET_KEY = '_7)uzbsm4*u*ncc6@u(ej9wmy_5+#ol^wdhqh3kf$honrwslh='

DEBUG = True

TEMPLATE_DEBUG = True

ALLOWED_HOSTS = []



# Application definition

INSTALLED_APPS = (
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'sep24'
)

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
)

#########################################################
AUTH_LDAP_GLOBAL_OPTIONS ={
    ldap.OPT_X_TLS_REQUIRE_CERT:False,
    ldap.OPT_REFERRALS:False,
}
# Baseline configuration.
AUTH_LDAP_SERVER_URI = "ldap://com.example..../"
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=....,dc=.....,dc=.....,dc=......"
AUTH_LDAP_BIND_DN = "CN=rdn@com.example,DC=.....,DC=.....,DC=....."
AUTH_LDAP_BIND_PASSWORD = "password..."
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Groups,ou=......,dc=........,dc=.........,dc=.......",
    ldap.SCOPE_SUBTREE, "(uid=%(User)s)")
# or perhaps:
# AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=example,dc=com"

# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou= Groups,ou=...,dc=........,dc=...........,dc=...........",
    ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")

# Simple group restrictions
AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=Groups,ou=......,dc=.........,dc=..........,dc=........"
AUTH_LDAP_DENY_GROUP = "cn=disabled,ou=.Groups,ou=...........,dc=.......,dc=..........,dc=......."

# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenname",
    "last_name": "sn",
    "email": "mail"
}

AUTH_LDAP_PROFILE_ATTR_MAP = {
    "employee_number": "employeeNumber"
}

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "Domain Users": "cn=Users,ou=Groups,ou=.........,dc=.........,dc=.........,dc=...........",
    "SCS-Employees-Pune": "cn=Users,ou= Groups,ou=...........,dc=..........,dc=..........,dc=......",
    "SCSPuneEmployees": "cn=superuser,ou=Groups,ou=.......,dc=.........,dc=.........,dc=............."
}

#AUTH_LDAP_PROFILE_FLAGS_BY_GROUP = {
 #   "is_awesome": "cn=Users,ou=Groups,ou=........,dc=..........,dc=.............,dc=.........",
#}

# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True

# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True

# Cache group memberships for an hour to minimize LDAP traffic
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_AUTHORIZE_ALL_USERS = True

# Keep ModelBackend around for per-user permissions and maybe a local
# superuser.
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

ROOT_URLCONF = 'sep24.urls'

WSGI_APPLICATION = 'sep24.wsgi.application'


# Database
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
    }
}

# Internationalization
# https://docs.djangoproject.com/en/1.7/topics/i18n/

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True

USE_L10N = True

USE_TZ = True


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.7/howto/static-files/

STATIC_URL = '/static/'

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'mail_admins': {
            'level': 'ERROR',
            'class': 'django.utils.log.AdminEmailHandler'
        },
        'stream_to_console': {
            'level': 'DEBUG',
            'class': 'logging.StreamHandler'
        },
    },
    'loggers': {
        'django.request': {
            'handlers': ['mail_admins'],
            'level': 'ERROR',
            'propagate': True,
        },
        'django_auth_ldap': {
            'handlers': ['stream_to_console'],
            'level': 'DEBUG',
            'propagate': True,
        },
    }
}
import logging

logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel(logging.DEBUG)



Now the app is running properly without any error. But I am not able to login into the admin page using my windows credentials. What is wrong.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b8c7b703-ba24-4654-8515-6a0beee1282a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)