我试图使用django-auth-ldap但没有成功,通过我的Active Directory对Django中的用户进行身份验证。
我的活动目录包含以下树:
我有(在settings.py中):
AUTH_LDAP_SERVER_URI = "ldap://something.test.local"
AUTH_LDAP_BIND_DN = "cn=Administrator,cn=Users,dc=test,dc=local"
AUTH_LDAP_BIND_PASSWORD = "password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("cn=Users,dc=test,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
我总是得到(在Django shell中调试):
>>> from django.contrib.auth import authenticate, login
>>> authenticate(username='test', password='password')
search_s('cn=Users,dc=test,dc=local', 2, '(uid=%(user)s)') returned 0 objects:
Authentication failed for test: failed to map the username to a DN.
答案 0 :(得分:3)
哪里有:
AUTH_LDAP_USER_SEARCH = LDAPSearch("cn=Users,dc=test,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
应该是:
AUTH_LDAP_USER_SEARCH = LDAPSearch("cn=Users,dc=test,dc=local",
ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")
因为在Active Directory中字段uid通常是空的,所以搜索不会让用户假装。
不,我明白了:
search_s('cn=Users,dc=test,dc=local', 2, '(uid=%(user)s)') returned 1 objects: cn=test,cn=users,dc=test,dc=local
Created Django user test
Populating Django user test
<User: test>