django-auth-ldap未找到组

Question

我使用带有pyldap==2.4.25.1的django-auth-ldap (django-auth- ldap -ng==1.7.6)分支来连接到ldap。我可以成功登录，但遇到错误。即使我仍然可以使用DN_SYNTAX凭据和映射属性登录，也会收到ldap错误。以下是主要错误代码：

INFO "GET /login HTTP/1.1" 200 3141
DEBUG (0.000) SELECT "auth_user"."id", "auth_user"."password","auth_user"."last_login", "auth_user"."is_superuser", "auth_user"."username", "auth_user"."first_name", "auth_user"."last_name", "auth_user"."email", "auth_user"."is_staff", "auth_user"."is_active", "auth_user"."date_joined" FROM "auth_user" WHERE "auth_user"."username" LIKE 'zorpho' ESCAPE '\'; args=('zorpho',)
DEBUG Populating Django user zorpho
ERROR search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') raised INVALID_DN_SYNTAX({'desc': 'Invalid DN syntax', 'info': "0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:\n\t'zorpho@MyCompany.local'\n"},)
DEBUG search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') returned 0 objects: 
WARNING zorpho@MyCompany.local does not have a value for the attribute mail
ERROR search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') raised INVALID_DN_SYNTAX({'desc': 'Invalid DN syntax', 'info': "0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:\n\t'zorpho@MyCompany.local'\n"},)
DEBUG search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') returned 0 objects: 
WARNING zorpho@MyCompany.local does not have a value for the attribute sn
ERROR search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') raised INVALID_DN_SYNTAX({'desc': 'Invalid DN syntax', 'info': "0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:\n\t'zorpho@MyCompany.local'\n"},)
DEBUG search_s('zorpho@MyCompany.local', 0, '(objectClass=*)') returned 0 objects: 
WARNING zorpho@MyCompany.local does not have a value for the attribute givenName
DEBUG zorpho@MyCompany.local is not a member of cn=administrators,ou=security groups,ou=mybusiness,dc=mycompany,dc=local
DEBUG search_s('OU=MyBusiness,DC=MyCompany,DC=local', 2, '(&(objectClass=groupOfNames)(member=zorpho@MyCompany.local))') returned 0 objects:

下面是我的settings.py设置：

# Set up LDAP Authentication
import ldap
from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType, GroupOfNamesType

AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

# Connect to the LDAP server
AUTH_LDAP_SERVER_URI = "ldap://IP Address"
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
AUTH_LDAP_BIND_DN = "Administrator"
AUTH_LDAP_BIND_PASSWORD = "Password"

# How do we find users?
AUTH_LDAP_USER_DN_TEMPLATE = "%(user)s@MyCompany.local"
AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=MyBusiness,DC=MyCompany,DC=local",
    ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")

# new code 3/3
AUTH_LDAP_FIND_GROUP_PERMS = True

# User groups refresh after login/logout new code 3/3
AUTH_LDAP_ALWAYS_UPDATE_USER = True

# How do we find groups?
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=MyBusiness,DC=MyCompany,DC=local",
                                    ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)")
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
#AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()

# Map attributes to the user
AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_staff": "CN=Administrators,OU=Security Groups,OU=MyBusiness,DC=MyCompany,DC=local",
}


# Use LDAP groups as Django groups
AUTH_LDAP_MIRROR_GROUPS = True

# Misc options
AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_REFERRALS: 0
}

我试过使用"ActiveDirectoryGroupType“，但似乎没有什么不同。有什么建议吗？

Answer 1

我能够通过这里提供的解决方案来解决这个问题：

https://bitbucket.org/psagers/django-auth-ldap/issues/21/cant-bind-and-search-on-activedirectory

这是一种变通办法，因为它是一种active directory黑客。