LDAPSearch Troubleshooting

Sun, 08 Oct 2017 19:34:18 -0700 

I've got LDAPSearch configured to work with my Synology Directory Server. 
Users can authenticate fine but when I try to map a user to a group I get 
INVALID_CREDENTIALS:

import ldap


# Server URI
AUTH_LDAP_SERVER_URI = "ldaps://synology.kensnet.priv"


# Set the DN and password for the NetBox service account.
AUTH_LDAP_BIND_DN = "CN=netbox,CN=users,DC=kensnet,DC=priv"
AUTH_LDAP_BIND_PASSWORD = bindpassword


LDAP_IGNORE_CERT_ERRORS = True


from django_auth_ldap.config import LDAPSearch, PosixGroupType, 
GroupOfNamesType


AUTH_LDAP_USER_SEARCH = LDAPSearch("cn=users,dc=kensnet,dc=priv",
                                    ldap.SCOPE_SUBTREE,
                                    "(sAMAccountName=%(user)s)")


# If a user's DN is producible from their username, we don't need to search.
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,cn=users,dc=kensnet,dc=priv"


### EVERYTHING WORKS UP UNTIL HERE


#### Groups


# # This search ought to return all groups to which the user belongs. 
django_auth_ldap uses this to determine group
# # heirarchy.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("dc=kensnet,dc=priv", ldap.SCOPE_SUBTREE
,
                                    "(objectClass=organizationalRole")
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()


# # Define a group required to login.
AUTH_LDAP_REQUIRE_GROUP = "cn=users,cn=groups,dc=kensnet,dc=priv"


# Define special user types using groups. Exercise great caution when 
assigning superuser status.
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_staff": "cn=staff,cn=groups,dc=kensnet,dc=priv",
    "is_superuser": "cn=administrators,cn=groups,dc=kensnet,dc=priv"
}


How can I troubleshoot the group search/mapping to figure out what the 
issue is? 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/e4de4251-dfbc-464e-a356-2297ac6c670d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to