Hi M and L,
Attached please find the output in /edx/var/log/lms/edx.log
Django can't to get the %user value.
Config:
--------------------------------------------------------------------
AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=Users', ldap.SCOPE_SUBTREE, "(&(mail=%(user)s))(objectClass=User)(objectCategory=person))")
---------------------------------------------------------------------
Error MSG:
-------------------------------------------------------------------------------
Feb 26 17:18:33 ethiopia [service_variant=lms][django_auth_ldap][env:sandbox] ERROR [ethiopia 3016] [config.py:166] - search_s('OU=Users', 2, '(&(mail=))(objectClass=User)(objectCategory=person))') raised FILTER_ERROR({'desc': 'Bad search filter'},)
-------------------------------------------------------------------------------
Thanks and Regards,
Terence Yip
Yip Terence於 2015年2月26日星期四 UTC+8下午3時02分38秒寫道:
Hi M,Actually, I can connect with our AD server, but I need to hardcode the user in the connection string so that I would like to ask for the solution about how can I get the %user value and create the profile.Maybe I can paste my connection string here for more easy to understand. I have been pasted the following code in /edx/app/edxapp/edx-platform/lms/envs/common.py. I can successful login to edX when I hardcode the user in "AUTH_LDAP_USER_SEARCH....". Is that paste the code in the wrong location? ------------------------------------------------------------ ------------------------------ - import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, PosixGroupType#AUTH_LDAP_START_TLS = True
AUTH_LDAP_GLOBAL_OPTIONS = {
ldap.OPT_X_TLS_REQUIRE_CERT: False,
ldap.OPT_REFERRALS: False,
}# Baseline configuration.
AUTH_LDAP_SERVER_URI = "ldap://dc.abc.hk:389"
AUTH_LDAP_BIND_DN = "CN=connection_account,OU=SystemAcct,DC=abc,DC=hk"
AUTH_LDAP_BIND_PASSWORD = "password"
user = request.user
AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=Users,DC=abc,DC=hk', ldap.SCOPE_SUBTREE, "(&(mail=username@abc.hk)( objectClass=User)( ))")objectCategory=person AUTH_LDAP_ALWAYS_UPDATE_USER = True# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch('OU=Users,DC=vtc,DC=hk', ldap.SCOPE_SUBTREE, "(&(objectClass=User)( objectCategory=person))") # set group type
AUTH_LDAP_GROUP_TYPE = PosixGroupType()AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
}# Simple group restrictions
#~ AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=django,ou=groups,dc=example,dc=com"
#~ AUTH_LDAP_DENY_GROUP = "cn=disabled,ou=django,ou=groups,dc=example,dc=com"
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
"username": "cn",
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}AUTH_LDAP_PROFILE_ATTR_MAP = {
"name": "cn"
}
# important! to use the group's permission
AUTH_LDAP_MIRROR_GROUPS = True# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True# Cache group memberships for an hour to minimize LDAP traffic
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
------------------------------------------------------------ ------------------------------ ----------------------- Looking for your reply. Thanks!Thanks and Regards,Terence Yip
somecallitblues於 2015年2月24日星期二 UTC+8下午7時09分22秒寫道:To check the version go to shell and run this:>>> import django_auth_ldap
>>> django_auth_ldap.version
(1, 1, 2)
>>>
As for virtualenv, it's a good practice but it's not necessary.
By the way, have you tried performing a simple search on the LDAP server? I think that your best bet is to start with python-ldap (forget about django_auth_ldap), try to connect to the server, perform a bind and get a feel for it.
I normally open the shell and run something like this in it https://bpaste.net/show/
d4348eb1b3dd You have to know the following:
- protocol (secure or not)
- IP or domain name of the LDAP server
- port
- A full DN of one of the users would be useful but once you establish the connection you can figure this out.
I remember that I was using Django 1.5.x and django_auth_ldap was still using User model by default. Not sure if that's still the case but you may have to patch it.
Good luck!
M
On 24 February 2015 at 17:37, 'Yip Terence' via Django users <django...@googlegroups.com> wrote:--Hi L,
Thanks for your reply.
I'm through pip to install the django-auth-ldap already. But there are two question here.
1. How can I check the django-auth-ldap version?
2. What do you mean of install via virt env? I'm follow the edX Ubuntu 12.04 +64 bit installation guide to install the edX, is that virt env?
https://github.com/edx/
configuration/wiki/edX-Ubuntu- 12.04-64-bit-Installation
------------------------------
------------------------------ ----------------------------- root@ethiopia:/edx/app/edxapp/
edx-platform/lms/envs# pip install django-auth-ldap Requirement already satisfied (use --upgrade to upgrade): django-auth-ldap in /usr/local/lib/python2.7/dist-
packages Requirement already satisfied (use --upgrade to upgrade): django in /usr/local/lib/python2.7/dist-
packages (from django-auth-ldap) Requirement already satisfied (use --upgrade to upgrade): python-ldap>=2.0 in /usr/local/lib/python2.7/dist-
packages (from django-auth-ldap) Requirement already satisfied (use --upgrade to upgrade): setuptools in /usr/local/lib/python2.7/dist-
packages (from python-ldap>=2.0->django-auth- ldap) Cleaning up...
Thanks and Regards,
Terence Yip
Lachlan Musicman於 2015年2月24日星期二 UTC+8上午7時15分46秒寫道:Sorry, I've been organising a conference and have been awol. I'll be
able to take a look next week. But quickly:
I don't understand why you have two versions of Django, I would
suggest that is an issue.
You should be using django-auth-ldap, and that's got Django > 1.3 as a
requirement.
You shouldn't need to create the %user - that is done automatically by
the django-auth-ldap
Finally, please please please use a virtual environment. It makes all
of this significantly easier - like finding django-auth-ldap is as
easy as "pip install django-auth-ldap".
It's recommended you don't install via apt-get. While apt-get is easy
and centralised, in the case of web apps, I would install via virt env
and pip every time.
cheers
L.
------
"This is a profound psychological violence here. How can one even
begin to speak of dignity in labor when one secretly feels one's job
should not exist?"
On the Phenomenon of Bullshit Jobs, David Graeber
http://strikemag.org/bullshit-jobs/
On 23 February 2015 at 19:09, 'Yip Terence' via Django users> https://groups.google.com/d/ms<django...@googlegroups.com> wrote:
> Hi L,
>
> Actually, I has been input the LDAP string in
> /edx/app/edxapp/edx-platform/lms/envs/common.py. But there a two problems
> after the configuration. Firstly, the script can't get the %user value I
> need to hardcode the username / email in the connection string than I can
> login to edx. Secondly, can't to create an user profile when first login.
>
> Is it need to modify the views.py and urls.py file for collect the %user
> value and create the user profile?
>
>
> I have 2 version django in edx.
> ./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/ lib/Django-1.3/django/bin/djan go-admin.py
> ./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/ lib/Django-1.2.5/django/bin/dj ango-admin.py
>
>
> ldap_auth_ldap:
> How can I find the version? I using the apt-get to install the package.
>
> The search settings.py result.
> -----------Setttings.py-------------------
> ./edx/app/xqueue/xqueue/xqueue/settings.py
> ./edx/app/xqueue/venvs/xqueue/lib/python2.7/site-packages/dj ango/conf/project_template/pro ject_name/settings.py
> ./edx/app/xqueue/venvs/xqueue/lib/python2.7/site-packages/ne wrelic-2.18.1.15/newrelic/api/ settings.py
> ./edx/app/edxapp/edx-platform/common/test/acceptance/pages/s tudio/settings.py
> ./edx/app/edxapp/edx-platform/lms/djangoapps/django_comment_ client/settings.py
> ./edx/app/edxapp/edx-platform/lms/lib/comment_client/setting s.py
> ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/dj ango_countries/tests/settings. py
> ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/me thod_override/settings.py
> ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/ex ample/settings.py
> ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/dj ango/conf/project_template/pro ject_name/settings.py
> ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/de aler/contrib/django/settings. py
> ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/ne wrelic-2.18.1.15/newrelic/api/ settings.py
> ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/dj ango_extensions/settings.py
> ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/ap pconf/tests/settings.py
> ./edx/app/edxapp/venvs/edxapp/src/django-pipeline/pipeline/c onf/settings.py
> ./edx/app/edxapp/venvs/edxapp/src/django-pipeline/tests/sett ings.py
> ./edx/app/edxapp/venvs/edxapp/src/edx-val/edxval/settings.py
> ./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/ lib/Django-1.3/django/conf/pro ject_template/settings.py
> ./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/ lib/Django-1.2.5/django/conf/p roject_template/settings.py
> ./usr/local/lib/python2.7/dist-packages/django/conf/project_ template/project_name/settings .py
>
> Thank you very much for your assistance.
>
> Thanks and Regards,
> Terence Yip
>
> Lachlan Musicman於 2015年2月10日星期二 UTC+8下午12時22分50秒寫道:
>>
>> Yip, EDX looks complex - can you search for the settings file and report
>> back?
>>
>> AuthLDAP is annoying, but it does work - I've used it successfully
>> against an AD backend. The error messages are important to read.
>>
>> But first, find your settings file.
>>
>> You will need to provide us with more info too. What's not working?
>> What have you put into the settings file? What version of django is
>> EDX using, and does django_auth_ldap provide support for that django
>> version, what error messages are you getting? Can you attach to the
>> ldap server from just the django shell (ie, are the username and
>> password etc correct)?
>>
>> cheers
>> L.
>> ------
>> "This is a profound psychological violence here. How can one even
>> begin to speak of dignity in labor when one secretly feels one's job
>> should not exist?"
>>
>> On the Phenomenon of Bullshit Jobs, David Graeber
>> http://strikemag.org/bullshit-jobs/
>>
>>
>> On 10 February 2015 at 15:00, 'Yip Terence' via Django users
>> <django...@googlegroups.com> wrote:
>> > Dear All,
>> >
>> > I have been installed the open edx and django_auth_ldap package
>> > (http://code.edx.org/) in our environment. However, I'm not successful
>> > to
>> > config the Auth with LDAP. Could anyone could provide the guide to me?
>> > I
>> > don't know where is the settings.py file path in open edx.
>> >
>> > Please help.
>> >
>> > Thanks and Regards,
>> > Terence Yip
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Django users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to django-users...@googlegroups.com .
>> > To post to this group, send email to django...@googlegroups.com.
>> > Visit this group at http://groups.google.com/group/django-users .
>> > To view this discussion on the web visit
>> >
>> > https://groups.google.com/d/msgid/django-users/65f0df30-c315 .-401c-9711-9228779a65ed%40goog legroups.com
>> > For more options, visit https://groups.google.com/d/optout .
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users...@googlegroups.com .
> To post to this group, send email to django...@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users .
> To view this discussion on the web visitgid/django-users/7c969ba2-7c03 .-41a9-a25e-8836280517cb%40goog legroups.com
>
> For more options, visit https://groups.google.com/d/optout .
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com .
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users .
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ee41bfae- .4c40-43dc-83c0-d04ddbd6133f% 40googlegroups.com
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/0702bb3c-ee23-4d0c-a12e-93b926ebea72%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment