Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

can't map ldap3 search to django-python3-ldap config

See original GitHub issue

1st things 1st: thank you for sharing this codebase with the community!

I can’t seem to find the right configuration for the django plugin though, I have a working ldap3 example and trying to match it in my settings but always getting

LDAP connect failed: LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1 - bindResponse - None

the following is a working example of search I’m doing with ldap3

from ldap3 import Server, Connection, ALL

print('### SERVER')
server = Server('host.group.domain.com', get_info=ALL)

print('### CONNECT')
conn = Connection(
    server,
    'CN=ldap_user,OU=SERVICE,OU=100 Common Services Objects,OU=Common Services and Applications,DC=group,DC=domain,DC=com',
    'ldap_password',
    auto_bind=True)

print('### SEARCH')
conn.search('DC=group,DC=domain,DC=com', '(&(sAMAccountName=username_search)(objectclass=user))')

print('### ENTRIES')
print([e for e in conn.entries])

I tried, among other combinations, the following

LDAP_AUTH_URL = 'ldap://host.group.domain.com:389'

LDAP_AUTH_SEARCH_BASE = 'DC=group,DC=domain,DC=com'

LDAP_AUTH_USER_FIELDS = {
    'username': 'sAMAccountName',
    'first_name': 'givenName',
    'last_name': 'sn',
    'email': 'mail'
}

LDAP_AUTH_CONNECTION_USERNAME = 'CN=ldap_user,OU=SERVICE,OU=100 Common Services Objects,OU=Common Services and Applications,DC=group,DC=domain,DC=com'
LDAP_AUTH_CONNECTION_PASSWORD = 'ldap_password'

LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"

but always getting the invalid credential error. could you give a quick hint please? I’d be happy to help writing a bit of documentation if this use case is relevant for you

many thanks!

Issue Analytics

State:
Created 6 years ago
Comments:8 (2 by maintainers)

Top GitHub Comments

1reaction

sonicblindcommented, Jun 19, 2019

@binteezyy

conn.search(
    search_base=settings.LDAP_AUTH_SEARCH_BASE,
    search_filter=format_search_filter(kwargs),
    search_scope=ldap3.SUBTREE,
    attributes=ldap3.ALL_ATTRIBUTES,
    get_operational_attributes=True,
    size_limit=1,
)

For more info have a look at LDAP Search signature.

0reactions

binteezyycommented, Jun 20, 2019

@sonicblind

Your answer has helped me a lot. I haven’t seen that link before or maybe I’m just too dumb. Thank you so much @grudelsud @sonicblind @etianen

Here is my final snippet for querying a specific user and a specific attribute from LDAP with a directory name connected to the User

```

from ldap3 import Server, Connection, SUBTREE, from django.conf import settings

    server_url = settings.LDAP_AUTH_URL
    connection_account = str(settings.LDAP_CN) + ',' + str(settings.LDAP_AUTH_SEARCH_BASE)
    connection_password = str(settings.LDAP_AUTH_CONNECTION_PASSWORD)

    server = Server(server_url, get_info=ALL)
    
    conn = Connection(
    server,
    connection_account,
    connection_password,
    auto_bind=True)

    conn.search(
        search_base = current_user.**directoryName**,
        search_filter = '(objectClass=user)',
        search_scope = SUBTREE,
        types_only=False,
        attributes=['mail'],
        get_operational_attributes=True,
        size_limit=1,
        )

   print(conn.response[0]['attributes']['mail'])