I am using "django-python3-ldap". I have set up all and while syncing user by command "./manage.py ldap_sync_users"
This shows the following binding error
LDAP connect succeeded LDAP bind failed: LDAPOperationsErrorResult - 1 - operationsError - None - 000004DC: LdapErr: DSID-0C090A5C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4563 - searchResDone - None Traceback (most recent call last): File "/usr/local/lib/python3.5/dist-packages/django_python3_ldap/ldap.py", line 182, in connection yield Connection(c) File "/usr/local/lib/python3.5/dist-packages/django_python3_ldap/management/commands/ldap_sync_users.py", line 24, in handle for user in connection.iter_users(): File "/usr/local/lib/python3.5/dist-packages/django_python3_ldap/ldap.py", line 93, in <genexpr> self._get_or_create_user(entry) File "/usr/local/lib/python3.5/dist-packages/ldap3/extend/standard/PagedSearch.py", line 68, in paged_search_generator None if cookie is True else cookie) File "/usr/local/lib/python3.5/dist-packages/ldap3/core/connection.py", line 853, in search response = self.post_send_search(self.send('searchRequest', request, controls)) File "/usr/local/lib/python3.5/dist-packages/ldap3/strategy/sync.py", line 178, in post_send_search responses, result = self.get_response(message_id) File "/usr/local/lib/python3.5/dist-packages/ldap3/strategy/base.py", line 403, in get_response raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) ldap3.core.exceptions.LDAPOperationsErrorResult: LDAPOperationsErrorResult - 1 - operationsError - None - 000004DC: LdapErr: DSID-0C090A5C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4563 - searchResDone - None
here are my settings file
` # The URL of the LDAP server. LDAP_AUTH_URL = "ldaps://example.com:636"
# Initiate TLS on connection.
LDAP_AUTH_USE_TLS = True
# The LDAP search base for looking up users.
LDAP_AUTH_SEARCH_BASE = "---correct search base is provided---
# User model fields mapped to the LDAP
# attributes that represent them.
LDAP_AUTH_USER_FIELDS = {
# "username": "userPrincipalName",
"username": "sAMAccountName",
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
LDAP_AUTH_OBJECT_CLASS = "user"
# LDAP_AUTH_OBJECT_CLASS = "inetOrgPerson"
LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)
LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"
LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"
LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"
LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory_principal"
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "https://www.example.com/"
LDAP_AUTH_CONNECTION_USERNAME = None
LDAP_AUTH_CONNECTION_PASSWORD = None
LDAP_AUTH_CONNECT_TIMEOUT = None
LDAP_AUTH_RECEIVE_TIMEOUT = None
AUTHENTICATION_BACKENDS = (
'django_python3_ldap.auth.LDAPBackend',
'django.contrib.auth.backends.ModelBackend', # this is default
'guardian.backends.ObjectPermissionBackend', # guardian dependencies
)
`
Any idea what wrong i am doing?
CodePudding user response:
I don't know Django, but I see a couple things:
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "https://www.example.com/"
According to documentation I've seen, this should not be a URL. It should just be the domain name of your AD domain, like this:
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "example.com"
Also, this:
LDAP_AUTH_CONNECTION_USERNAME = None
LDAP_AUTH_CONNECTION_PASSWORD = None
This means you're attempting an anonymous bind, which most domains will not allow.