我的settings.py中有以下内容,可以正常运行并针对Active Directory进行身份验证。除了我需要在当前项目中使用的“域用户”组之外,此配置将所有组都拉入Django Admin应用程序。有谁知道为什么这是唯一没有出现在Admin应用程序中的组?
settings.py
# LDAP Settings
# Baseline configuration
AUTH_LDAP_SERVER_URI = "ldaps://DC1@example.com:636"
AUTH_LDAP_BIND_DN = "user@example.com"
AUTH_LDAP_BIND_PASSWORD = "password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("DC=example,DC=com", ldap.SCOPE_SUBTREE, "(&(objectClass=user)(samAccountName=%(user)s))")
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_DEBUG_LEVEL: 0,
ldap.OPT_REFERRALS: 0,
}
# Populate Django user from LDAP directory
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("dc=example,dc=com",
ldap.SCOPE_SUBTREE, "(objectClass=group)")
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType(name_attr='cn')
# Pull AD groups into Django
AUTH_LDAP_MIRROR_GROUPS = True
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# Configure both backend systems
AUTHENTICATION_BACKENDS = {
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
}
答案 0 :(得分:0)
“域用户”组位于用户容器内
"cn=Users,dc=example,dc=com"
请参阅此链接与解决方案。
https://github.com/ednaldodias/django-adldap-sync-primarygroup