我正在尝试在 Django 中实现 LDAP。我可以在 Django 中使用 LDAP 登录。但是当我试图限制某些特定组的访问时,我无法再登录。
这是我的代码:
设置.py
import ldap
from django_auth_ldap.config import ldapsearch, GroupOfUniqueNamesType, GroupOfNamesType ,LDAPGroupQuery, PosixGroupType
#(I imported many, as I was trying differently)
AUTH_LDAP_SERVER_URI = 'ldap://ldap.mydomain.de'
AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,ou=user,dc=mydomain,dc=de'
#AUTH_LDAP_START_TLS = True
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
#AUTH_LDAP_FIND_GROUP_PERMS = True #added for group
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
#ldap
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("cn=My_group_Name, dc=mydomain,dc=de",
ldap.SCOPE_SUBTREE, "(objectClass=posixAccount)"
)
#AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_GROUP_TYPE = PosixGroupType (name_attr="cn")
AUTH_LDAP_REQUIRE_GROUP = "cn=My_group_Name, dc=mydomain,dc=de"
AUTHENTICATION_BACKENDS = [
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
]
如果我关闭Require_Group,我可以成功登录。但如果我打开,就会出现错误。(我在群里)日志就像
search_s('uid=shaondebnath,ou=user,dc=mydomain,dc=de', 0, '(objectClass=*)') returned 1 objects: uid=shaondebnath,ou=user,dc=mydomain,dc=de
Caught LDAPError while authenticating shaondebnath: NO_SUCH_OBJECT({'matched': u'dc=mydomain,dc=de', 'desc': u'No such object'},)
我从我的组织获得的信息是
$ conf ['authtype'] = 'authldap';
$ conf ['plugin'] ['authldap'] ['server'] = 'ldap.mydomain.de';
$ conf ['plugin'] ['authldap'] ['usertree'] = 'ou = user, dc = mydomain, dc = de';
$ conf ['plugin'] ['authldap'] ['userfilter'] = '(& (objectClass = posixAccount) (uid =% {user}))';
$ conf ['plugin'] ['authldap'] ['version'] = 3;
$ conf ['plugin'] ['authldap'] ['mapping'] ['grps'] = array ('memberof' => '/CN=(.+?),/i');
我在哪里做错了?