2

我的以下settings.py内容工作正常并针对 Active Directory 进行身份验证。除了我需要在当前项目中使用的“域用户”组之外,此配置将所有组都拉入 Django Admin 应用程序。有谁知道为什么这是唯一没有出现在管理应用程序中的组?

settings.py

# LDAP Settings

# Baseline configuration
AUTH_LDAP_SERVER_URI = "ldaps://DC1@example.com:636"
AUTH_LDAP_BIND_DN = "user@example.com"
AUTH_LDAP_BIND_PASSWORD = "password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("DC=example,DC=com", ldap.SCOPE_SUBTREE, "(&(objectClass=user)(samAccountName=%(user)s))")
AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_DEBUG_LEVEL: 0,
    ldap.OPT_REFERRALS: 0,
}

# Populate Django user from LDAP directory
AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail"
}

# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("dc=example,dc=com",
                                    ldap.SCOPE_SUBTREE, "(objectClass=group)")

AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType(name_attr='cn')

# Pull AD groups into Django
AUTH_LDAP_MIRROR_GROUPS = True

# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True

# Configure both backend systems
AUTHENTICATION_BACKENDS = {
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
}
4

1 回答 1

0

“域用户”组位于用户容器内

“cn=用户,dc=example,dc=com”

请参阅此链接与解决方案。

https://github.com/ednaldodias/django-adldap-sync-primarygroup

于 2021-04-18T05:27:25.480 回答