You're correct. The settings.py file should contain the AD/LDAP group (not OU) for AD_USER_GROUP or AD_ADMIN_GROUP. The AD_SEARCH_DN might reference an OU (or the entire domain). Please post your settings.py (passwords redacted).
A few more questions for diagnosis: Can you tell me if the group you've configured is the primary group configured for the AD user (e.g. Domain Users, Domain Admins)? Did you get the latest version of Baruwa v1 via Github? Or are you using packages (deb)? >JR From: [email protected] [mailto:[email protected]] On Behalf Of Frederik Vande Rieviere Sent: Friday, April 05, 2013 2:31 AM To: Baruwa users list Subject: Re: [Baruwa] question concerning AD authentication I'm on Debian 6. I installed the missing dependencies. When I try to log in with a domain user; it takes a while to respond, then I get : "Your username and password didn't match. Please try again". Baruwa-ldap.log gives the following output : User missing [email protected]<mailto:[email protected]>. creating a) Auth failed for (mydomainuser) a) AD auth backend error by fetching ldap data: {'info': '00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece', 'desc': 'Operations error'} (<class 'ldap.OPERATIONS_ERROR'>/[('/usr/lib/pymodules/python2.6/baruwa/auth/ad.py', 150, 'get_data', 'self.AD_SEARCH_FIELDS)'), ('/usr/local/lib/python2.6/dist-packages/ldap/ldapobject.py', 546, 'search_ext_s', 'return self.result(msgid,all=1,timeout=timeout)[1]'), ('/usr/local/lib/python2.6/dist-packages/ldap/ldapobject.py', 458, 'result', 'resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)'), ('/usr/local/lib/python2.6/dist-packages/ldap/ldapobject.py', 462, 'result2', 'resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)'), ('/usr/local/lib/python2.6/dist-packages/ldap/ldapobject.py', 469, 'result3', 'resp_ctrl_classes=resp_ctrl_classes'), ('/usr/local/lib/python2.6/dist-packages/ldap/ldapobject.py', 476, 'result4', 'ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)'), ('/usr/local/lib/python2.6/dist-packages/ldap/ldapobject.py', 99, '_ldap_call', 'result = func(*args,**kwargs)')]/{'info': '00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece', 'desc': 'Operations error'}) AD auth backend failed when reading data for [email protected]<mailto:[email protected]>. No Group information available. The domain user I'm trying is in the AD group I defined in settings.py. (I'm assuming this is an AD group, not an OU) Van: [email protected]<mailto:[email protected]> [mailto:[email protected]] Namens Morgan, Jeffrey R. Verzonden: donderdag 4 april 2013 16:53 Aan: 'Baruwa users list' Onderwerp: Re: [Baruwa] question concerning AD authentication Have you installed python-ldap? sudo pip install python-ldap Also need the ldap dev package and some others. If on Ubuntu: sudo apt-get install python-dev libldap2-dev libsasl2-dev libssl-dev
_______________________________________________ Keep Baruwa FREE - http://pledgie.com/campaigns/12056
