Flask-LDAP3-Login筛选器问题-用户无法登录

时间:2018-10-30 16:11:35

标签: flask active-directory python-3.6 ldap3

使用flask-ldap3-login查询AD以获取我的Web应用程序登录信息。为每个人工作;但是,对于在AD中其名字中带有“()”的用户。这是调试日志。

未成功登录

DEBUG:root:Validating LDAPLoginForm against LDAP
DEBUG:flask_ldap3_login:Opening connection with bind user 'mybinduser@mydomain.com'
DEBUG:flask_ldap3_login:Successfully bound to LDAP as 'mybinduser@mydomain.com' for search_bind method
DEBUG:flask_ldap3_login:Performing an LDAP Search using filter '(&(objectclass=person)(sAMAccountName=ebadu))', base 'DC=mydomain,DC=com', and scope 'SUBTREE'
DEBUG:flask_ldap3_login:Opening connection with bind user 'CN=Badu\, Ericka (EB),OU=HELPDESK,DC=mydomain,DC=com'
DEBUG:flask_ldap3_login:Directly binding a connection to a server with user:'CN=Badu\, ericka (EB),OU=HELPDESK,DC=mydomain,DC=com'
DEBUG:flask_ldap3_login:Authentication was successful for user 'ebadu'
DEBUG:flask_ldap3_login:Searching for groups for specific user with filter '(&(objectclass=group)(uniqueMember=CN=Badu\, Ericka (EB),OU=HELPDESK,DC=mydomain,DC=com))' , base 'DC=mydomain,DC=com' and scope 'LEVEL'
ERROR:flask_ldap3_login:malformed filter
DEBUG:flask_ldap3_login:Destroying connection at <0x7f8629604c50>
DEBUG:flask_ldap3_login:Destroying connection at <0x7f8628eabf98>

成功登录

DEBUG:root:Validating LDAPLoginForm against LDAP
DEBUG:flask_ldap3_login:Opening connection with bind user 'mybinduser@mydomain.com'
DEBUG:flask_ldap3_login:Successfully bound to LDAP as 'mybinduser@mydomain.com' for search_bind method
DEBUG:flask_ldap3_login:Performing an LDAP Search using filter '(&(objectclass=person)(sAMAccountName=mpeters))', base 'DC=mydomain,DC=com', and scope 'SUBTREE'
DEBUG:flask_ldap3_login:Opening connection with bind user 'CN=Peters\, Mike,OU=HELPDESK,DC=mydomain,DC=com'
DEBUG:flask_ldap3_login:Directly binding a connection to a server with user:'CN=Peters\, Mike,OU=HELPDESK,DC=mydomain,DC=com'
DEBUG:flask_ldap3_login:Authentication was successful for user 'mpeters'
DEBUG:flask_ldap3_login:Searching for groups for specific user with filter '(&(objectclass=group)(uniqueMember=CN=Peters\, Mike,OU=HELPDESK,DC=mydomain,DC=com))' , base 'DC=mydomain,DC=com' and scope 'LEVEL'
DEBUG:flask_ldap3_login:Destroying connection at <0x7f8629683828>
DEBUG:flask_ldap3_login:Destroying connection at <0x7f8628e91048>

AD日志显示“帐户已成功登录”;但是,用户未登录该应用程序。用户在其他任何地方使用AD凭据登录都没有问题。

可能是什么问题?

这是flask-ldap3-login代码:

LDAP_USER_RDN_ATTR = 'cn'
LDAP_USER_LOGIN_ATTR = 'sAMAccountName'
LDAP_BASE_DN = 'DC=mydomain,DC=com'
LDAP_REQUIRED_GROUP = 'ou=helpdesk,dc=mydomain,dc=com'
LDAP_USER_SEARCH_SCOPE = 'SUBTREE'

2 个答案:

答案 0 :(得分:0)

但是“格式错误的过滤器”通常意味着发送到AD的LDAP查询在某种程度上无效。我询问帐户中的奇数字符,因为如果某些特殊字符没有正确编码,则它们可能会被误解为LDAP查询中使用的特殊字符。

可能是您代码中的错误,也可能是flask-ldap3-login中的错误。如果您显示代码,我可能可以给您一些提示。

此外,请查看是否可以启用调试日志记录。它可能会告诉您造成炸弹的实际过滤器是什么。我不熟悉flask-ldap3-login,但是,查看文档,这可能会这样做吗?:

app.config['DEBUG'] = True

答案 1 :(得分:0)

已解决!似乎需要在最新版本的flask-ldap3-login中解决。我没有升级,但修改了现有代码:

替换为:

    `search_filter = '(&{group_filter}({members_attr}={user_dn}))'.format('`    
    `group_filter=self.config.get('LDAP_GROUP_OBJECT_FILTER'),`    
    `members_attr=self.config.get('LDAP_GROUP_MEMBERS_ATTR'),`  
    `user_dn=dn`

与此:

    `safe_dn = ldap3.utils.conv.escape_filter_chars(dn)`  
    `search_filter = '(&{group_filter}({members_attr}={user_dn}))'.format(`  
    `group_filter=self.config.get('LDAP_GROUP_OBJECT_FILTER'),`  
    `members_attr=self.config.get('LDAP_GROUP_MEMBERS_ATTR'),`  
    `user_dn=safe_dn`
相关问题
最新问题