Databases
StackOverflow2013
Postsdbo
POProblem with custom Authentication Backend for Django
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POProblem with custom Authentication Backend for Django
    text
    copied!<p>I'm having a problem with a custom Authentication Backend I've built for an Active Directory via LDAP authentication.</p> <p>The problem is that from the admin login page, after it properly authenticates and creates the new user in the database (or updates their info from the LDAP server), but then returns me to the admin login page indicating that I failed to enter a valid username and password.</p> <p>Considering it authenticates and creates/updates the user in the django database, what am I doing wrong?</p> <p>The code:</p> <pre><code>import ldap import re from django.conf import ad_settings grps = re.compile(r'CN=(\w+)').findall def anyof(short_group_list, adu): all_groups_of_user = set(g for gs in adu.get('memberOf',()) for g in grps(gs)) return any(g for g in short_group_list if g in all_groups_of_user) class ActiveDirectoryBackend(ModelBackend): """ This backend utilizes an ActiveDirectory server via LDAP to authenticate users, creating them in Django if they don't already exist. """ def authenticate(self, username=None, password=None): con = None ldap.set_option(ldap.OPT_REFERRALS, 0) try: con = ldap.initialize('ldap://%s:%s' % (ad_settings.AD_DNS_NAME, ad_settings.AD_LDAP_PORT)) con.simple_bind_s(username+"@"+ad_settings.AD_DNS_NAME, password) ADUser = con.search_ext_s(ad_settings.AD_SEARCH_DN, ldap.SCOPE_SUBTREE, "sAMAccountName=%s" % username, ad_settings.AD_SEARCH_FIELDS)[0][1] con.unbind() except ldap.LDAPError: return None # Does user belong to appropriate AD group? if not anyof(ad_settings.PROJECTCODE,ADUser): return None # Does user already exist in Django? try: user = User.objects.get(username=username) except User.DoesNotExist: #create Django user user = User(username=username, is_staff = True, is_superuser = False) #Update User info from AD if ADUser.has_key('givenName'): user.first_name = ADUser.get('givenName')[0] if ADUser.has_key('sn'): user.last_name = ADUser.get('sn')[0] if ADUser.has_key('mail'): user.email = ADUser.get('mail')[0] # Does not store password in Django. user.set_unusable_password() user.save() return user </code></pre> <p>EDIT: Figured out. Users cannot log in unless they are active (even though the documentation does not say that). Therefore, in the code given, the line that creates the new user should look like:</p> <pre><code> user = User(username=username, is_staff = True, is_Active = True, is_superuser = False) </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload