Monday, October 9, 2017

Re: LDAPSearch Troubleshooting



On Oct 8, 2017 9:44 PM, "Ken Jenney" <kjenney@gmail.com> wrote:
1) I'm using a service account. I verified the DN's by connecting using Apache Directory Studio. 

I'm assuming this means that you only verified that your intended DN strings are valid and that the passwords for both the service account and your user account are correct?

2) I just promoted the service account user but I'm still facing the same error.
3) Logging is not helping: it's only reiterating what the original error is telling me: Caught LDAPError while authenticating ken: INVALID_CREDENTIALS({'desc': 'Invalid credentials'},) I added logging by adding this to the config:

I'd be interested to see what the Synology says. You may need to increase the logging verbosity.




Couple other questions:

a) What do you have listed in AUTHENTICATION_BACKENDS? I'm assuming you have both the LDAP module and the built-in back-end listed in that order since you are requesting groups?

a.1) Is it possible that your initial authentication is failing against LDAP but succeeding against the local authentication back-end, potentially leading you to believe that LDAP is partially working when it isn't?

a.2) Do you see the service account successfully authenticating on the Synology upon login at least once?

b) Is this the correct DN for your service account?

AUTH_LDAP_BIND_DN = "CN=netbox,CN=users,DC=kensnet,DC=priv"

Shouldn't that be uid=netbox?

-James

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2Be%2BciWvx3iAWi1P3isTe6CQin%2By8015GZ28kNDK6ynskx8v5w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment