1

I'm trying to check the user login in my django project against our AD via ldap. I found a lot of tutorials online that I've tried so far.

For some reason the authenticate(username, password)-function returns None.

Here is my Code so far:

views.py (login)

def login_view(request):
    if not request.user.is_authenticated:
        if request.method == 'POST':
            login_form = Login_form(request.POST)
            if login_form.is_valid():
                username = login_form.data.get('username')
                password = login_form.data.get('password')
                domain_name = "@my.domain.com"
                if domain_name not in username:
                    username += domain_name
                try:
                    user = authenticate(username=username, password=password)
                    print(user) # this gives me None
                    if user is not None:
                        if user.is_active:
                            login(request=request, user=user)
                            return redirect('index')
                    else:
                        form = AuthenticationForm()
                        messages.error(request, 'Try again!')
                        return render(request, 'myapp/login.html', {'form': form})
                except ldap.LDAPError as e:
                    print(e) # no error is displayed here
                    form = AuthenticationForm()
                    messages.error(request, 'Try again!')
                    return render(request, 'myapp/login.html', {'form': form})
          ### Some more funcs to  
          ### redirect to login.html
          ### if the login fails

settings.py:

AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
)

AUTH_LDAP_SERVER_URI = "ldap://my.domain.com:389"
AUTH_LDAP_BIND_DN = "CN=Users,DC=my,DC=domain,DC=com"
AUTH_LDAP_BIND_PASSWORD = ""    # I tried with blank password for anonymous bind or
                                # with "%(password)s" as template but I don't know if that's possible
                                # and also without the AUTH_LDAP_BIND_PASSWORD setting
AUTH_LDAP_CONNECTION_OPTIONS = {ldap.OPT_REFERRALS: 0}
AUTH_LDAP_USER_ATTR_MAP = {'group': "memberof", "first_name": "givenName", "last_name": "sn"}
AUTH_LDAP_USER_SEARCH = LDAPSearch("DC=my,DC=domain,DC=com,CN=Users",
                                   ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)") 
# since we need to login via username i need to search for [email protected] 
# so I try to search for sAMAccountName

A while ago i wrote a LDAP-login-script in PHP with works like a charm and all the DN, bindings and search are the same.

So my question is:

Where is it going wrong or what did I miss?

Improve this question

1 Answer 1

Reset to default
1

I would highly recommend using django-python3-ldap. We have used this package in production for years after trying the others, it works, and is written entirely in Python 3: https://github.com/etianen/django-python3-ldap

We use it on port 636 and ldaps and it works as well.

It keeps us from having to write our own custom backend or login method; all we had to do were change some settings and write the format_username function. The README has good information about hooking into Active Directory: I'd start with that configuration, and see how it works. Good luck!

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I will give it a try. Thanks
Thank you for the link. After some testing with the settings.py it now works perfectly.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.