LDAPException：无效的凭证flask_simpleldap

Question

我使用flask_simpleldap连接ldap。我使用了你在link中看到的一个github示例。但我得到了错误的凭证，实际上用户名和密码是正确的，我可以使用您在下面的屏幕截图中看到的开源客户端与它们连接。但是使用这段代码我得到错误：

import ldap as l
from flask import Flask, g, request, session, redirect, url_for
from flask_simpleldap import LDAP

app = Flask(__name__)
app.secret_key = 'dev key'
app.debug = True


app.config['LDAP_HOST'] = '10.132.57.208'
app.config['LDAP_BASE_DN'] = 'DC=mydomain,DC=com'
app.config['LDAP_USERNAME'] = 'CN=jack,CN=jo,DC=mydomain,DC=com'
app.config['LDAP_PASSWORD'] = '12345678'
app.config['LDAP_CUSTOM_OPTIONS'] = {l.OPT_REFERRALS: 0}
app.config['LDAP_USE_SSL'] = True


ldap = LDAP(app)


@app.before_request
def before_request():
    g.user = None
    if 'user_id' in session:
        # This is where you'd query your database to get the user info.
        g.user = {}
        # Create a global with the LDAP groups the user is a member of.
        g.ldap_groups = ldap.get_user_groups(user=session['user_id'])


@app.route('/')
@ldap.login_required
def index():
    return 'Successfully logged in!'


@app.route('/login', methods=['GET', 'POST'])
def login():
    if g.user:
        return redirect(url_for('index'))
    if request.method == 'POST':
        user = 'jack.jo'
        passwd = '12345678'
        test = ldap.bind_user(user, passwd)
        if test is None or passwd == '':
            return 'Invalid credentials'
        else:
            session['user_id'] = request.form['user']
            return redirect('/')
    return """<form action="" method="post">
                user: <input name="user"><br>
                password:<input type="password" name="passwd"><br>
                <input type="submit" value="Submit"></form>"""

以下是跟踪：

Traceback (most recent call last):
  File "/media/storage/portals/GRC_portal/venv/lib/python2.7/site-packages/flask/app.py", line 1997, in __call__
    return self.wsgi_app(environ, start_response)
  File "/media/storage/portals/GRC_portal/venv/lib/python2.7/site-packages/flask/app.py", line 1985, in wsgi_app
    response = self.handle_exception(e)
  File "/media/storage/portals/GRC_portal/venv/lib/python2.7/site-packages/flask/app.py", line 1540, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/media/storage/portals/GRC_portal/venv/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/media/storage/portals/GRC_portal/venv/lib/python2.7/site-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/media/storage/portals/GRC_portal/venv/lib/python2.7/site-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/media/storage/portals/GRC_portal/venv/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/media/storage/portals/GRC_portal/venv/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/media/storage/portals/GRC_portal/test/app.py", line 55, in login
    test = ldap.bind_user(user, passwd)
  File "/media/storage/portals/GRC_portal/venv/lib/python2.7/site-packages/flask_simpleldap/__init__.py", line 147, in bind_user
    user_dn = self.get_object_details(user=username, dn_only=True)
  File "/media/storage/portals/GRC_portal/venv/lib/python2.7/site-packages/flask_simpleldap/__init__.py", line 179, in get_object_details
    conn = self.bind
  File "/media/storage/portals/GRC_portal/venv/lib/python2.7/site-packages/flask_simpleldap/__init__.py", line 125, in bind
    raise LDAPException(self.error(e.args))
LDAPException: Invalid credentials

Answer 1

回答评论，他们有同样的问题。我通过更改LDAP_BASE_DN和LDAP_USERNAME来解决。 这两个参数应该仔细设置，并且要尽可能具体，当我使用免费客户端时，我可以使用以前的参数连接到LDAP，但是对于使用python的连接，我可以像下面这样设置参数：

LDAP_BASE_DN = 'OU=Users,OU=Company Accounts,DC=mydomain,DC=com'
LDAP_USERNAME = 'CN=BRM WebLogin Service Account,OU=BRM,OU=Service Accounts,OU=_Special,OU=Users,OU=Company Accounts,DC=mydomain,DC=com'

对于上述参数，您应该将其设置为与活动目录路径完全相同