Re: how to setup LDAP authorisation in django/apache.
We rolled our own LDAP authorization. First I created a python module that imported ldap from the python-ldap-2.2.1 package and wrapped in functions that performed authentication and pulled selected data from our corporate LDAP server. Then one of my partners used that to create our own login_required decorator. We wrapped selected application pages with that and used the regular auth system to define a few non- LDAP users who needed to use the Admin. We have been using that for about 2 years. I have a task ahead of me to update this functionality to 1.0. I'll post some notes on that when I am done. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: how to setup LDAP authorisation in django/apache.
Here's my experience with ldapauth.py[1] with AD: Here is the basic settings[2]: LDAP_SERVER_URI = 'ldap://ldap.company.com:389' First of all it seems AD LDAP is pretty picky. I had to play with several different settings until I found something that worked. There are two ways to determine the DN of the AD user. -- The first is to search for it. You would need to set the following in settings.py[3]: LDAP_PREBINDDN = [EMAIL PROTECTED] LDAP_PREBINDPW = secret You would also need to change the following in LDAPBackend._pre_bind from: result = l.search_s(self.settings['LDAP_SEARCHDN'], self.settings['LDAP_SCOPE'], filter, attrsonly=1) to this: result_id = l.search(self.settings['LDAP_SEARCHDN'], self.settings['LDAP_SCOPE'], filter, attrsonly=1) result_type, result = l.result(result_id, 0) search_s is synchronous and for some reason my AD LDAP server didn't like it and complained like so: "In order to perform this operation a successful bind must be completed on the connection." After that change everything seemed to work just fine. I didn't test this, but I suspect that there you can bind to the AD LDAP server using the username and password that you are trying to authenticate with. The only problem with this method is that you may not be able to decipher between invalid credentials and a nonexistent account. Not a big deal if you don't auto-create accounts in Django with accounts from AD. --- The second method involves knowing the DN beforehand, which includes the full name of the user (not the username) as it appears in AD. It looks something like this: 'CN=,OU=our users,DC=example,DC=com' The only way to get the full name is to make sure it is the same in Django as it is in AD. Then you'd have to modify ldapauth.py to try and get the user model from Django first, get the full name and create the DN using that. You could to do this by modifying _pre_bind. [1] http://code.djangoproject.com/attachment/ticket/2507/ldapauth.py [2] as mentioned by Joseph using AD explorer and looking at the settings in http://code.google.com/p/s-o-l/source/browse/trunk/settings_prod_change.py helps alot [3] you need an account from your IT dept with a password that doesn't expire. Hope that helps --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: how to setup LDAP authorisation in django/apache.
btw, dont know if its important. But im using CentOS :-) On 15 Sep., 21:45, PeteDK <[EMAIL PROTECTED]> wrote: > Thanks. > > Well the problem with the network personnel is that the person who set > up the active directory server left recently and his documentation is > very incomplete, so i'm trying to understand how it is setup but have > yet to succeed. > > However I would be glad if someone here was able to devide the > parameters i copied from the old .htaccess file, according to the > variables the django backend requires. if you understand my meaning. > > old .htaccess: > AuthLDAPUrlldap://dc1..local:389/OU=xxx,DC=,DC=local?sAMAccountName > AuthLDAPBindDN CN=ldaplogin,CN=Users,DC=jura,DC=local > AuthLDAPBindPassword "" > AuthBasicProviderldap > AuthzLDAPAuthoritative off > > The backend I was thinking about using > is:http://code.djangoproject.com/attachment/ticket/2507/ldapauth.py > > this howevers requires some things in my settings.py file: but i dont > know what to write. I guessing that the parameters are still valid, i > just need to find some way to use thisLDAPauthorization in django > instead of apache. > > 11 Requires the following things to be in settings.py: > 12 LDAP_DEBUG -- boolean > 13 Uses logging module for debugging messages. > 14 LDAP_SERVER_URI -- string,ldapuri. > 15 default: 'ldap://localhost' > 16 LDAP_SEARCHDN -- string of theLDAPdn to use for searching > 17 default: 'dc=localhost' > 18 LDAP_SCOPE -- one of:ldap.SCOPE_*, used for searching > 19 see python-ldapdocs for the search function > 20 default =ldap.SCOPE_SUBTREE > 21 LDAP_SEARCH_FILTER -- formated string, the filter to use for > searching for a > 22 user. Used as: filterstr = LDAP_SEARCH_FILTER % username > 23 default = 'cn=%s' > 24 LDAP_UPDATE_FIELDS -- boolean, do we sync the db withldapon > each auth > 25 default = True" > > On 15 Sep., 19:19, Joseph <[EMAIL PROTECTED]> wrote: > > > > > Try to have a look > > at:http://code.google.com/p/s-o-l/source/browse/trunk/settings_prod_chan... > > > I have a login page but authenticate against AD server and if > > authenticated I store in a database; you may have to customize > > according to your needs. > > > If you are on windows, I recommend to use AD explorer (http:// > > technet.microsoft.com/en-us/sysinternals/bb963907.aspx). That will > > help you browse through your AD server (to understand all the various > > parameters that you talked about). > > > You would need the support of the network support personnel (if you > > are not one already, which was the case with me) as you would need a > > email id in the AD server which has access to the root of the tree > > (depending on your requirement it might be the top most node; or it > > could be any other node as well). > > > Good luck, > > Josephhttp://www.jjude.com|http://twitter.com/jjude > > > On Sep 15, 9:28 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > Hi > > > > if i can get it to work i will be sure to post it right here :-) > > > > On 15 Sep., 13:32, madyogi <[EMAIL PROTECTED]> wrote: > > > > > Please, > > > > when you have figured out how to do that, share it with us. > > > > Though very new to django, I am also really curious about know how to > > > > set upLDAPon the existing django Application. > > > > I really need it for my project in the future. > > > > > Thanks you very much in Advance. > > > > > On Sep 15, 1:15 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > > thanks. > > > > > > But i have already read the documentation, however i can't figure out > > > > > how to use theLDAPbackend which is why im seeing help here :-) > > > > > > My biggest problem(i think) is that i don't know what all the DC, OU, > > > > > CN, BIND etc. stand for, so i could use some help towards what i > > > > > should put in my settings.py file :-) > > > > > > On 15 Sep., 13:08, Graham Dumpleton <[EMAIL PROTECTED]> > > > > > wrote: > > > > > > > I can't help you in that case, but do start by reading the Django > > > > > > documentation. A search forLDAPyields: > > > > > > > http://docs.djangoproject.com/en/dev/topics/auth/ > > > > > > > Graham > > > > > > > On Sep 15, 8:39 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > > > > Thanks for the reply. > > > > > > > > I would like to do it in HTMl. I actually already have a login > > > > > > > page > > > > > > > that i would like to use. > > > > > > > :-) > > > > > > > > On Sep 15, 12:20 pm, Graham Dumpleton <[EMAIL PROTECTED]> > > > > > > > wrote: > > > > > > > > > On Sep 15, 7:11 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > > > > > > I have done some searching on other forums and it seems that > > > > > > > > > django > > > > > > > > > already has aLDAPmodule that can be imported? > > > > > > > > > > If this is the easiest way then i would just like to know how > > > > > > > > > to > > > >
Re: how to setup LDAP authorisation in django/apache.
Thanks. Well the problem with the network personnel is that the person who set up the active directory server left recently and his documentation is very incomplete, so i'm trying to understand how it is setup but have yet to succeed. However I would be glad if someone here was able to devide the parameters i copied from the old .htaccess file, according to the variables the django backend requires. if you understand my meaning. old .htaccess: AuthLDAPUrl ldap://dc1..local:389/OU=xxx,DC=,DC=local?sAMAccountName AuthLDAPBindDN CN=ldaplogin,CN=Users,DC=jura,DC=local AuthLDAPBindPassword "" AuthBasicProvider ldap AuthzLDAPAuthoritative off The backend I was thinking about using is: http://code.djangoproject.com/attachment/ticket/2507/ldapauth.py this howevers requires some things in my settings.py file: but i dont know what to write. I guessing that the parameters are still valid, i just need to find some way to use this LDAP authorization in django instead of apache. 11 Requires the following things to be in settings.py: 12 LDAP_DEBUG -- boolean 13 Uses logging module for debugging messages. 14 LDAP_SERVER_URI -- string, ldap uri. 15 default: 'ldap://localhost' 16 LDAP_SEARCHDN -- string of the LDAP dn to use for searching 17 default: 'dc=localhost' 18 LDAP_SCOPE -- one of: ldap.SCOPE_*, used for searching 19 see python-ldap docs for the search function 20 default = ldap.SCOPE_SUBTREE 21 LDAP_SEARCH_FILTER -- formated string, the filter to use for searching for a 22 user. Used as: filterstr = LDAP_SEARCH_FILTER % username 23 default = 'cn=%s' 24 LDAP_UPDATE_FIELDS -- boolean, do we sync the db with ldap on each auth 25 default = True" On 15 Sep., 19:19, Joseph <[EMAIL PROTECTED]> wrote: > Try to have a look > at:http://code.google.com/p/s-o-l/source/browse/trunk/settings_prod_chan... > > I have a login page but authenticate against AD server and if > authenticated I store in a database; you may have to customize > according to your needs. > > If you are on windows, I recommend to use AD explorer (http:// > technet.microsoft.com/en-us/sysinternals/bb963907.aspx). That will > help you browse through your AD server (to understand all the various > parameters that you talked about). > > You would need the support of the network support personnel (if you > are not one already, which was the case with me) as you would need a > email id in the AD server which has access to the root of the tree > (depending on your requirement it might be the top most node; or it > could be any other node as well). > > Good luck, > Josephhttp://www.jjude.com|http://twitter.com/jjude > > On Sep 15, 9:28 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > Hi > > > if i can get it to work i will be sure to post it right here :-) > > > On 15 Sep., 13:32, madyogi <[EMAIL PROTECTED]> wrote: > > > > Please, > > > when you have figured out how to do that, share it with us. > > > Though very new to django, I am also really curious about know how to > > > set up LDAP on the existing django Application. > > > I really need it for my project in the future. > > > > Thanks you very much in Advance. > > > > On Sep 15, 1:15 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > thanks. > > > > > But i have already read the documentation, however i can't figure out > > > > how to use the LDAP backend which is why im seeing help here :-) > > > > > My biggest problem(i think) is that i don't know what all the DC, OU, > > > > CN, BIND etc. stand for, so i could use some help towards what i > > > > should put in my settings.py file :-) > > > > > On 15 Sep., 13:08, Graham Dumpleton <[EMAIL PROTECTED]> > > > > wrote: > > > > > > I can't help you in that case, but do start by reading the Django > > > > > documentation. A search for LDAP yields: > > > > > > http://docs.djangoproject.com/en/dev/topics/auth/ > > > > > > Graham > > > > > > On Sep 15, 8:39 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > > > Thanks for the reply. > > > > > > > I would like to do it in HTMl. I actually already have a login page > > > > > > that i would like to use. > > > > > > :-) > > > > > > > On Sep 15, 12:20 pm, Graham Dumpleton <[EMAIL PROTECTED]> > > > > > > wrote: > > > > > > > > On Sep 15, 7:11 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > > > > > I have done some searching on other forums and it seems that > > > > > > > > django > > > > > > > > already has a LDAP module that can be imported? > > > > > > > > > If this is the easiest way then i would just like to know how to > > > > > > > > import it and what credentials of my own i should use, and > > > > > > > > where in > > > > > > > > the "settings.py" file i should use them :-) > > > > > > > > >http://code.djangoproject.com/attachment/ticket/2507/ldapauth.py > > > > > > > > i have looked in this LDAP file but i can't figure out
Re: how to setup LDAP authorisation in django/apache.
Try to have a look at: http://code.google.com/p/s-o-l/source/browse/trunk/settings_prod_change.py I have a login page but authenticate against AD server and if authenticated I store in a database; you may have to customize according to your needs. If you are on windows, I recommend to use AD explorer (http:// technet.microsoft.com/en-us/sysinternals/bb963907.aspx). That will help you browse through your AD server (to understand all the various parameters that you talked about). You would need the support of the network support personnel (if you are not one already, which was the case with me) as you would need a email id in the AD server which has access to the root of the tree (depending on your requirement it might be the top most node; or it could be any other node as well). Good luck, Joseph http://www.jjude.com | http://twitter.com/jjude On Sep 15, 9:28 pm, PeteDK <[EMAIL PROTECTED]> wrote: > Hi > > if i can get it to work i will be sure to post it right here :-) > > On 15 Sep., 13:32, madyogi <[EMAIL PROTECTED]> wrote: > > > Please, > > when you have figured out how to do that, share it with us. > > Though very new to django, I am also really curious about know how to > > set up LDAP on the existing django Application. > > I really need it for my project in the future. > > > Thanks you very much in Advance. > > > On Sep 15, 1:15 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > thanks. > > > > But i have already read the documentation, however i can't figure out > > > how to use the LDAP backend which is why im seeing help here :-) > > > > My biggest problem(i think) is that i don't know what all the DC, OU, > > > CN, BIND etc. stand for, so i could use some help towards what i > > > should put in my settings.py file :-) > > > > On 15 Sep., 13:08, Graham Dumpleton <[EMAIL PROTECTED]> > > > wrote: > > > > > I can't help you in that case, but do start by reading the Django > > > > documentation. A search for LDAP yields: > > > > > http://docs.djangoproject.com/en/dev/topics/auth/ > > > > > Graham > > > > > On Sep 15, 8:39 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > > Thanks for the reply. > > > > > > I would like to do it in HTMl. I actually already have a login page > > > > > that i would like to use. > > > > > :-) > > > > > > On Sep 15, 12:20 pm, Graham Dumpleton <[EMAIL PROTECTED]> > > > > > wrote: > > > > > > > On Sep 15, 7:11 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > > > > I have done some searching on other forums and it seems that > > > > > > > django > > > > > > > already has a LDAP module that can be imported? > > > > > > > > If this is the easiest way then i would just like to know how to > > > > > > > import it and what credentials of my own i should use, and where > > > > > > > in > > > > > > > the "settings.py" file i should use them :-) > > > > > > > >http://code.djangoproject.com/attachment/ticket/2507/ldapauth.py > > > > > > > i have looked in this LDAP file but i can't figure out what of the > > > > > > > settings to use? :) > > > > > > > The question is, do you want HTTP Basic authentication which is > > > > > > handled by Apache used whereby the browser pops up a login window, > > > > > > or > > > > > > do you want a HTML form based login page where the later is handled > > > > > > by > > > > > > Django rather than Apache. Which you use determines which way you > > > > > > would want to do it. If you don't want the HTML form based login > > > > > > page > > > > > > approach in conjunction with Django session management and only one > > > > > > HTTP Basic authentication, easier to do it in Apache. > > > > > > > Graham --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: how to setup LDAP authorisation in django/apache.
Hi if i can get it to work i will be sure to post it right here :-) On 15 Sep., 13:32, madyogi <[EMAIL PROTECTED]> wrote: > Please, > when you have figured out how to do that, share it with us. > Though very new to django, I am also really curious about know how to > set up LDAP on the existing django Application. > I really need it for my project in the future. > > Thanks you very much in Advance. > > On Sep 15, 1:15 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > thanks. > > > But i have already read the documentation, however i can't figure out > > how to use the LDAP backend which is why im seeing help here :-) > > > My biggest problem(i think) is that i don't know what all the DC, OU, > > CN, BIND etc. stand for, so i could use some help towards what i > > should put in my settings.py file :-) > > > On 15 Sep., 13:08, Graham Dumpleton <[EMAIL PROTECTED]> > > wrote: > > > > I can't help you in that case, but do start by reading the Django > > > documentation. A search for LDAP yields: > > > > http://docs.djangoproject.com/en/dev/topics/auth/ > > > > Graham > > > > On Sep 15, 8:39 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > Thanks for the reply. > > > > > I would like to do it in HTMl. I actually already have a login page > > > > that i would like to use. > > > > :-) > > > > > On Sep 15, 12:20 pm, Graham Dumpleton <[EMAIL PROTECTED]> > > > > wrote: > > > > > > On Sep 15, 7:11 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > > > I have done some searching on other forums and it seems that django > > > > > > already has a LDAP module that can be imported? > > > > > > > If this is the easiest way then i would just like to know how to > > > > > > import it and what credentials of my own i should use, and where in > > > > > > the "settings.py" file i should use them :-) > > > > > > >http://code.djangoproject.com/attachment/ticket/2507/ldapauth.py > > > > > > i have looked in this LDAP file but i can't figure out what of the > > > > > > settings to use? :) > > > > > > The question is, do you want HTTP Basic authentication which is > > > > > handled by Apache used whereby the browser pops up a login window, or > > > > > do you want a HTML form based login page where the later is handled by > > > > > Django rather than Apache. Which you use determines which way you > > > > > would want to do it. If you don't want the HTML form based login page > > > > > approach in conjunction with Django session management and only one > > > > > HTTP Basic authentication, easier to do it in Apache. > > > > > > Graham --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: how to setup LDAP authorisation in django/apache.
Please, when you have figured out how to do that, share it with us. Though very new to django, I am also really curious about know how to set up LDAP on the existing django Application. I really need it for my project in the future. Thanks you very much in Advance. On Sep 15, 1:15 pm, PeteDK <[EMAIL PROTECTED]> wrote: > thanks. > > But i have already read the documentation, however i can't figure out > how to use the LDAP backend which is why im seeing help here :-) > > My biggest problem(i think) is that i don't know what all the DC, OU, > CN, BIND etc. stand for, so i could use some help towards what i > should put in my settings.py file :-) > > On 15 Sep., 13:08, Graham Dumpleton <[EMAIL PROTECTED]> > wrote: > > > I can't help you in that case, but do start by reading the Django > > documentation. A search for LDAP yields: > > > http://docs.djangoproject.com/en/dev/topics/auth/ > > > Graham > > > On Sep 15, 8:39 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > Thanks for the reply. > > > > I would like to do it in HTMl. I actually already have a login page > > > that i would like to use. > > > :-) > > > > On Sep 15, 12:20 pm, Graham Dumpleton <[EMAIL PROTECTED]> > > > wrote: > > > > > On Sep 15, 7:11 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > > I have done some searching on other forums and it seems that django > > > > > already has a LDAP module that can be imported? > > > > > > If this is the easiest way then i would just like to know how to > > > > > import it and what credentials of my own i should use, and where in > > > > > the "settings.py" file i should use them :-) > > > > > >http://code.djangoproject.com/attachment/ticket/2507/ldapauth.py > > > > > i have looked in this LDAP file but i can't figure out what of the > > > > > settings to use? :) > > > > > The question is, do you want HTTP Basic authentication which is > > > > handled by Apache used whereby the browser pops up a login window, or > > > > do you want a HTML form based login page where the later is handled by > > > > Django rather than Apache. Which you use determines which way you > > > > would want to do it. If you don't want the HTML form based login page > > > > approach in conjunction with Django session management and only one > > > > HTTP Basic authentication, easier to do it in Apache. > > > > > Graham --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: how to setup LDAP authorisation in django/apache.
thanks. But i have already read the documentation, however i can't figure out how to use the LDAP backend which is why im seeing help here :-) My biggest problem(i think) is that i don't know what all the DC, OU, CN, BIND etc. stand for, so i could use some help towards what i should put in my settings.py file :-) On 15 Sep., 13:08, Graham Dumpleton <[EMAIL PROTECTED]> wrote: > I can't help you in that case, but do start by reading the Django > documentation. A search for LDAP yields: > > http://docs.djangoproject.com/en/dev/topics/auth/ > > Graham > > On Sep 15, 8:39 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > Thanks for the reply. > > > I would like to do it in HTMl. I actually already have a login page > > that i would like to use. > > :-) > > > On Sep 15, 12:20 pm, Graham Dumpleton <[EMAIL PROTECTED]> > > wrote: > > > > On Sep 15, 7:11 pm, PeteDK <[EMAIL PROTECTED]> wrote: > > > > > I have done some searching on other forums and it seems that django > > > > already has a LDAP module that can be imported? > > > > > If this is the easiest way then i would just like to know how to > > > > import it and what credentials of my own i should use, and where in > > > > the "settings.py" file i should use them :-) > > > > >http://code.djangoproject.com/attachment/ticket/2507/ldapauth.py > > > > i have looked in this LDAP file but i can't figure out what of the > > > > settings to use? :) > > > > The question is, do you want HTTP Basic authentication which is > > > handled by Apache used whereby the browser pops up a login window, or > > > do you want a HTML form based login page where the later is handled by > > > Django rather than Apache. Which you use determines which way you > > > would want to do it. If you don't want the HTML form based login page > > > approach in conjunction with Django session management and only one > > > HTTP Basic authentication, easier to do it in Apache. > > > > Graham --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: how to setup LDAP authorisation in django/apache.
I wont say I am smart, because no smart person will tell this. But I wont say that I am naive, because I am good at the rules of life. I like MAN should be strong, resolute and self-confident, someone who can take care of such a tender kitten as I am :) http://www.searchfreedate.com/profile028.html --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "crrowdflasherandsexclub" group. To post to this group, send email to crrowdflasherandsexclub@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/crrowdflasherandsexclub?hl=en -~--~~~~--~~--~--~---