Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem with LDAP #537

Open
Kottare-Seth opened this issue Feb 26, 2025 · 2 comments
Open

Problem with LDAP #537

Kottare-Seth opened this issue Feb 26, 2025 · 2 comments

Comments

@Kottare-Seth
Copy link

Kottare-Seth commented Feb 26, 2025
edited
Loading

Hi,
I have followed tutorial about LDAP integration step by step:
https://www.horilla.com/blogs/how-to-integrate-ldap-with-django/

Below my configuration:

import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType

AUTH_LDAP_SERVER_URI = "ldap://xxxxxx:389"

AUTH_LDAP_BIND_DN = "CN=horillasync,CN=xxxxxxx,DC=xxx,DC=xxx,DC=xxxx"
AUTH_LDAP_BIND_PASSWORD = "xxxxxxxxx"

AUTH_LDAP_USER_SEARCH = LDAPSearch(
    "dc=xxxxxxx,dc=xxxxx,dc=xxxx",
    ldap.SCOPE_SUBTREE,
    "(sAMAccountName=%(user)s)"
)


AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}


AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',  # Keep Django's default user model
)


AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_CREATE_USERS = True

When I do ldapsearch from CLI I get response:

ldapsearch -x -H ldap://xxx.xxx.xxx:389 -D "CN=horillasync,CN=xxx,DC=xxx,DC=xxx,DC=xxxx" -w "xxxxx" -b "dc=xxx,dc=xxxx,dc=xxxx" "(sAMAccountName=USER_LOGIN)"

But while trying to login to Horilla via WEB I got this in logs:

Binding as CN=horillasync,CN=xxxx,DC=xxxx,DC=xxx,DC=xxxx
Invoking search_s('dc=xxx,dc=xxx,dc=xx', 2, '(sAMAccountName=xxxx)')
Caught LDAPError looking up user: OPERATIONS_ERROR({'msgtype': 100, 'msgid': 2, 'result': 1, 'desc': 'Operations error', 'ctrls': [], 'info': '000004DC: LdapErr: DSID-0C090C78, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4f7c'})

I've double checked everything, password is ok and userbind, since it works from CLI.
Tried few setups, trying ldap URL with/without port, using DN or UPN - same effect.
@horilla-opensource
Copy link
Owner

Hi @Kottare-Seth ,

Please try running the following command to verify the bind DN:

ldapsearch -x -H ldap://xxxxxx:389 -D "CN=horillasync,CN=xxxxxxx,DC=xxx,DC=xxx,DC=xxxx" -w "xxxxxxxxx" -b "DC=xxx,DC=xxx,DC=xxxx" "(sAMAccountName=horillasync)"

If the result returns:

dn: CN=horillasync,OU=Admins,DC=xxx,DC=xxx,DC=xxxx

Then update your code with:

AUTH_LDAP_BIND_DN = "CN=horillasync,OU=Admins,DC=xxx,DC=xxx,DC=xxxx"

Additionally, LDAP configuration management from the web interface is currently under development and will be available in the source code soon.

Best Regards,
Team Horilla

@Kottare-Seth
Copy link
Author

Hi,
Command above returned same DN as I have currently in "AUTH_LDAP_BIND_DN" - took it from attributes from AD.
It work with ldapsearch, but not on Horilla UI.
Rest of config seems to be correct in your opinion?

Great to hear about LDAP configuration in Web interface - maybe you might add test connectivity option, with trying search some user to validate is it working correctly?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@horilla-opensource @Kottare-Seth