回答此问题可获得 20 贡献值,回答如果被采纳可获得 50 分。
<p>我正在开发一个Django应用程序,它需要支持LDAP认证,直接进入默认管理页面。<br/>
我集成了django auth ldap并遵循<a href="https://pythonhosted.ord/django-auth-ldap/index.html" rel="nofollow noreferrer">documentation</a>直到我能理解它。<br/>
我已经使用OpenLDAP和php图形界面配置了一个本地LDAP服务器(我还可以使用ldif文件配置)。当我尝试登录到管理页面时,Django会找到本地服务器及其内部的用户对象,并识别出用户属于哪个组。尽管如此,我还是无法登录。我发现的错误:</p>
<blockquote>
<p>[21/Aug/2014 11:06:53] "GET /admin/ HTTP/1.1" 200 1870<br/>
search_s('ou=users,dc=whiteqube', 2, '(cn=%(user)s)') returned 1 objects: cn=sonia,ou=users,dc=whiteqube
<br/>DEBUG:django_auth_ldap:search_s('ou=users,dc=whiteqube', 2, '(cn=%(user)s)') returned 1 objects: cn=sonia,ou=users,dc=whiteqube
<br/>Authentication failed for sonia
<br/>DEBUG:django_auth_ldap:Authentication failed for sonia
<br/>[21/Aug/2014 11:06:56] "POST /admin/ HTTP/1.1" 200 2046</p>
</blockquote>
<p>在管理界面,登录失败。<br/>
我的设置.py公司名称:</p>
<pre><code># - - - - LDAP CONFIGURATION - - - - #
#
# Importing ldap libraries and applications
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, PosixGroupType
# ...connecting to ldap server (local environment uses IP)
AUTH_LDAP_SERVER_URI = "ldap://10.0.2.15"
# ...account to enter into ldap server (anonymous is not always allowed)
#AUTH_LDAP_BIND_DN = "cn=admin,dc=whiteqube"
#AUTH_LDAP_BIND_PASSWORD = "root"
# ...path where to start to search groups
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,dc=whiteqube",
ldap.SCOPE_SUBTREE, # allow searching from current node to all nodes below
"(objectClass=posixGroup)" # type of object
)
AUTH_LDAP_GROUP_TYPE = PosixGroupType() # a posixGroup is identified by the keyword "cn" into ldap server
# ...associations between ldap and django groups
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "cn=active,ou=groups,dc=whiteqube",
"is_staff": "cn=staff,ou=groups,dc=whiteqube",
"is_superuser": "cn=superuser,ou=groups,dc=whiteqube"
}
AUTH_LDAP_PROFILE_FLAGS_BY_GROUPS = {
"is_awesome": ["cn=awesome,ou=groups,dc=whiteqube"]
}
# ...node where to start to search users
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=whiteqube",
ldap.SCOPE_SUBTREE, # allow searching from current node to all nodes below
"(cn=%(user)s)"
#"(objectClass=posixAccount)"
#"(objectClass=inetOrgPerson)"
)
# Keep ModelBackend around for per-user permissions and maybe a local
# superuser.
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
# Enable debug for ldap server connection
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel(logging.DEBUG)
# - - - - END LDAP CONFIGURATION - - - - #
</code></pre>
<p>我的LDAP包含以下对象:</p>
<ul>
<li>ou=组,dc=whitecube</li>
<li><ul>
<li>cn=超级用户,ou=组,dc=whiteqube</li>
</ul></li>
<li><ul>
<li>cn=员工,ou=团队,dc=怀特库贝</li>
</ul></li>
<li>ou=用户,dc=白色Qube</li>
<li><ul>
<li>cn=sonia,ou=用户,dc=whiteqube</li>
</ul></li>
</ul>
<p>其中“groups”和“users”是OrganizationalUnit,“staff”和“superuser”是posixGroup,“sonia”是posixAccount。<br/>
查看的图片</p>
<p><img src="https://i.stack.imgur.com/xusUr.png" alt="LDAP Tree"/><br/>
我确信ldap对象的配置是必须的,因为Django debug可以识别用户的组依赖性。<br/></p>
<p>注:当我使用django本地帐户时,我可以登录admin。<br/></p>
<p>我错在哪里了?我还错过了其他属性配置吗?在</p>