1

I am using flask_ldap3_login to login via authentication from Active Directory. Code is provided below for reference.

from flask import Flask, url_for
from flask_ldap3_login import LDAP3LoginManager, AuthenticationResponseStatus
from flask_login import LoginManager, login_user, UserMixin, current_user
from flask import render_template_string, redirect
from flask_ldap3_login.forms import LDAPLoginForm

app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret'
app.config['DEBUG'] = True

# Setup LDAP Configuration Variables. Change these to your own settings.
# All configuration directives can be found in the documentation.

# Hostname of your LDAP Server
app.config['LDAP_HOST'] = 'ldap://x.x.x.x'

# Base DN of your directory 
app.config['LDAP_BASE_DN'] = 'OU=City Name,OU=Team Name,OU=Users,OU=Country,OU=Sites,DC=domain,DC=com'
# app.config['LDAP_BASE_DN'] = 'DC=domain,DC=com'

# Users DN to be prepended to the Base DN
# app.config['LDAP_USER_DN'] = 'OU=Users,OU=Country'

# Groups DN to be prepended to the Base DN
# app.config['LDAP_GROUP_DN'] = 'OU=City,OU=Team Name'

# The RDN attribute for your user schema on LDAP
# app.config['LDAP_USER_RDN_ATTR'] = 'cn'

# The Attribute you want users to authenticate to LDAP with.
app.config['LDAP_USER_LOGIN_ATTR'] = 'sAMAccountName'

# The Username to bind to LDAP with
app.config['LDAP_BIND_USER_DN'] = 'CN=Name,OU=city,OU=Team,OU=Users,OU=country,OU=Sites,DC=domain,DC=com'

# The Password to bind to LDAP with
app.config['LDAP_BIND_USER_PASSWORD'] = 'password'

login_manager = LoginManager(app)              # Setup a Flask-Login Manager
ldap_manager = LDAP3LoginManager(app)          # Setup a LDAP3 Login Manager.

@app.route('/manual_login', methods=['POST'])
def manual_login():
      result = app.ldap3_login_manager.authenticate('user`enter code here`', 'password')
    print(result.status)
    return 'fail' if result.status == AuthenticationResponseStatus.fail else 'success'

if __name__ == "__main__":
    app.run(debug=True, host="0.0.0.0")

Then issue is, when I am using the complete app.config['LDAP_BASE_DN'] as mentioned above then it's working fine but in case when I am using only DC=domain,DC=com as Base_DN to authenticate users from the whole organization then returning me fail rather than Success

Improve this question

1 Answer 1

Reset to default
4

You need to set scope to SUBTREE :

app.config['LDAP_USER_SEARCH_SCOPE'] = 'SUBTREE'

The default is LEVEL in ldap3 (cf. documentation - seems flask-ldap3 implementation does not mention it though) :

  • BASE: retrieves attributes of the entry specified in the search_base.
  • LEVEL: retrieves attributes of the entries contained in the search_base. The base must reference a container object.
  • SUBTREE: retrieves attributes of the entries specified in the search_base and all subordinate containers downward.

For those still having the issue even after having properly set LDAP_USER_SEARCH_SCOPE, you need to set LDAP_ALWAYS_SEARCH_BIND to a non empty value (#undocumented) :

app.config['LDAP_ALWAYS_SEARCH_BIND'] = 1

otherwise ldap3 will make the assumption that "Since the user's RDN is the same as the login field, it can do a direct bind." which will only work if user's RDN are one LEVEL down the <user-base-dn>,<base-dn>, but not further in the SUBTREE.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

For me only the 'SUBTREE' attribute worked, then I achieved the AuthenticationResponseStatus.success status

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.