Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

LDAP user lookup failed

See original GitHub issue

Hi, thanks for all the work in creating this package, really appreciated.

I’m in the process of implementing LDAP for my project and I am coming unstuck trying to return a user profile from the LDAP server. The server logs are saying that the connection is being made successfully, but it is failing to bind during the get_user function of ldap.py.

This is my settings.py ldap options:

AUTHENTICATION_BACKENDS = (
    "django_python3_ldap.auth.LDAPBackend",
    'django.contrib.auth.backends.ModelBackend',
)

LDAP_AUTH_URL = "ldap://server.org.thing.uk:389"

LDAP_AUTH_USE_TLS = False

LDAP_AUTH_SEARCH_BASE = "OU=User Objects - Employee Accounts,OU=Administrated Objects,DC=org,DC=thing,DC=uk"

LDAP_AUTH_OBJECT_CLASS = "inetOrgPerson"

LDAP_AUTH_USER_FIELDS = {
    "username": "uid",
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}

LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)

LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"

LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"

LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"

LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "ORG"

LDAP_AUTH_CONNECTION_USERNAME = "Perc.Auth.SRV"
LDAP_AUTH_CONNECTION_PASSWORD = "************"

LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,
    "handlers": {
        "console": {
            "class": "logging.StreamHandler",
        },
    },
    "loggers": {
        "django_python3_ldap": {
            "handlers": ["console"],
            "level": "INFO",
        },
    },
}

If I print out the self._connection.search from get_user in ldap.py, I get the following:

<bound method Connection.search of Connection(server=Server(host='server.org.thing.uk', port=389, use_ssl=False, allowed_referral_hosts=[('*', True)], get_info='NO_INFO', mode='IP_V6_PREFERRED'), user='ORG\\Perc.Auth.SRV', p assword='**********', auto_bind='NO_TLS', version=3, authentication='SIMPLE', client_strategy='SYNC', auto_referrals=True, check_names=True, read_only=False, lazy=False, raise_exceptions=True, fast_decoder=True, auto_range=True, return_empty_attributes=T rue)> However, this does not trigger the if statement in get_user and therefore does not complete the lookup. Any help would be appreciated!

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:8 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
akkerdcommented, Jan 13, 2019

After trying many different settings, I tried changing the LDAP_AUTH_OBJECT_CLASS and theLDAP_AUTH_USER_FIELDS and it worked!

Try with the following:

LDAP_AUTH_USER_FIELDS = {
    "username": "sAMAccountName",
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}
LDAP_AUTH_OBJECT_CLASS = "user"

Apparently some AD LDAP servers work with that configuration of object class. Good luck!

0reactions
freezedcommented, Apr 18, 2019

Same error for me here trying to connect a local Microsoft Active Directory ©®. Solved with the help of my domain administrator with :

LDAP_AUTH_OBJECT_CLASS = "person"

Thx for this brilliant package !

Read more comments on GitHub >

github_iconTop Results From Across the Web

Error when trying to do LDAP lookup in active directory
As the error message states you have to perform bind operation, i.e. login into the AD. Here is the LDAP Authentication tutorial from...
Read more >
LDAP: User Authorization can fail when using Active Directory ...
Introduction: the issue. MarkLogic performs Nested lookups on the LDAP Groups assigned to a user to determine which roles the user will be ......
Read more >
LDAP lookup operation fails if any field of user account info ...
LDAP lookup operation fails if any field of user account info contains ':' (colon) character.
Read more >
LDAP password lookup fails if a user has "User must change ...
Answer: When the ON system is doing a password lookup for validating LDAP credentials, it only calls for a built in . Net...
Read more >
Troubleshooting LDAP server connections - Pexip Infinity Docs
Check the Pexip Infinity LDAP configuration settings (Users & Devices > Administrator authentication) to ensure that all objectClass and LDAP field names have ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How to add relationship to self on User Model

Next page

Problem with ldap_sync_users command (need ldap3 v2.2.3 module)