Hi guys,
I'm having some problems to add LDAP auth to my edx app. I've follow your
steps but I'm not getting any exit in edx log... I can connect and make
querys against my ldap server using shell. Could you help me? I'm using
fullstack dogwood environment
El jueves, 26 de febrero de 2015, 10:24:22 (UTC+1), Yip Terence escribió:
>
> Hi M and L,
>
> Attached please find the output in /edx/var/log/lms/edx.log
> Django can't to get the %user value.
>
>
> Config:
> --------------------------------------------------------------------
> AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=Users', ldap.SCOPE_SUBTREE,
> "(&(mail=%(user)s))(objectClass=User)(objectCategory=person))")
> ---------------------------------------------------------------------
>
> Error MSG:
>
> -------------------------------------------------------------------------------
> Feb 26 17:18:33 ethiopia
> [service_variant=lms][django_auth_ldap][env:sandbox] ERROR [ethiopia 3016]
> [config.py:166] - search_s('OU=Users', 2,
> '(&(mail=))(objectClass=User)(objectCategory=person))') raised
> FILTER_ERROR({'desc': 'Bad search filter'},)
>
> -------------------------------------------------------------------------------
>
> Thanks and Regards,
> Terence Yip
>
> Yip Terence於 2015年2月26日星期四 UTC+8下午3時02分38秒寫道:
>
>> Hi M,
>>
>> Actually, I can connect with our AD server, but I need to hardcode the
>> user in the connection string so that I would like to ask for the solution
>> about how can I get the %user value and create the profile.
>>
>> Maybe I can paste my connection string here for more easy to understand.
>> I have been pasted the following code in
>> /edx/app/edxapp/edx-platform/lms/envs/common.py. I can successful login to
>> edX when I hardcode the user in "AUTH_LDAP_USER_SEARCH....". Is that paste
>> the code in the wrong location?
>>
>>
>>
>> -------------------------------------------------------------------------------------------
>> import ldap
>> from django_auth_ldap.config import LDAPSearch, GroupOfNamesType,
>> PosixGroupType
>> #AUTH_LDAP_START_TLS = True
>> AUTH_LDAP_GLOBAL_OPTIONS = {
>> ldap.OPT_X_TLS_REQUIRE_CERT: False,
>> ldap.OPT_REFERRALS: False,
>> }
>> # Baseline configuration.
>> AUTH_LDAP_SERVER_URI = "ldap://dc.abc.hk:389";
>> AUTH_LDAP_BIND_DN = "CN=connection_account,OU=SystemAcct,DC=abc,DC=hk"
>> AUTH_LDAP_BIND_PASSWORD = "password"
>> user = request.user
>> AUTH_LDAP_USER_SEARCH = LDAPSearch('OU=Users,DC=abc,DC=hk',
>> ldap.SCOPE_SUBTREE, "(&(
>> mail=u...@abc.hk)(objectClass=User)(objectCategory=person <javascript:>
>> ))")
>>
>> AUTH_LDAP_ALWAYS_UPDATE_USER = True
>> # Set up the basic group parameters.
>> AUTH_LDAP_GROUP_SEARCH = LDAPSearch('OU=Users,DC=vtc,DC=hk',
>> ldap.SCOPE_SUBTREE, "(&(objectClass=User)(objectCategory=person))")
>>
>> # set group type
>> AUTH_LDAP_GROUP_TYPE = PosixGroupType()
>> AUTH_LDAP_CONNECTION_OPTIONS = {
>> ldap.OPT_REFERRALS: 0,
>> }
>>
>> # Simple group restrictions
>> #~ AUTH_LDAP_REQUIRE_GROUP =
>> "cn=enabled,ou=django,ou=groups,dc=example,dc=com"
>> #~ AUTH_LDAP_DENY_GROUP =
>> "cn=disabled,ou=django,ou=groups,dc=example,dc=com"
>> # Populate the Django user from the LDAP directory.
>> AUTH_LDAP_USER_ATTR_MAP = {
>> "username": "cn",
>> "first_name": "givenName",
>> "last_name": "sn",
>> "email": "mail"
>> }
>>
>> AUTH_LDAP_PROFILE_ATTR_MAP = {
>> "name": "cn"
>> }
>>
>> # important! to use the group's permission
>> AUTH_LDAP_MIRROR_GROUPS = True
>> # Use LDAP group membership to calculate group permissions.
>> AUTH_LDAP_FIND_GROUP_PERMS = True
>> # Cache group memberships for an hour to minimize LDAP traffic
>> AUTH_LDAP_CACHE_GROUPS = True
>> AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
>>
>> -----------------------------------------------------------------------------------------------------------------
>>
>> Looking for your reply. Thanks!
>>
>> Thanks and Regards,
>> Terence Yip
>>
>> somecallitblues於 2015年2月24日星期二 UTC+8下午7時09分22秒寫道:
>>
>>> To check the version go to shell and run this:
>>>
>>> >>> import django_auth_ldap
>>>
>>> >>> django_auth_ldap.version
>>>
>>> (1, 1, 2)
>>>
>>> >>>
>>>
>>> As for virtualenv, it's a good practice but it's not necessary.
>>>
>>> By the way, have you tried performing a simple search on the LDAP
>>> server? I think that your best bet is to start with python-ldap (forget
>>> about django_auth_ldap), try to connect to the server, perform a bind and
>>> get a feel for it.
>>>
>>> I normally open the shell and run something like this in it
>>> https://bpaste.net/show/d4348eb1b3dd
>>>
>>> You have to know the following:
>>>
>>> - protocol (secure or not)
>>>
>>> - IP or domain name of the LDAP server
>>>
>>> - port
>>>
>>> - A full DN of one of the users would be useful but once you establish
>>> the connection you can figure this out.
>>>
>>> I remember that I was using Django 1.5.x and django_auth_ldap was still
>>> using User model by default. Not sure if that's still the case but you may
>>> have to patch it.
>>>
>>> Good luck!
>>>
>>> M
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 24 February 2015 at 17:37, 'Yip Terence' via Django users <
>>> django...@googlegroups.com> wrote:
>>>
>>>> Hi L,
>>>>
>>>>
>>>>
>>>> Thanks for your reply.
>>>>
>>>>
>>>>
>>>> I’m through pip to install the django-auth-ldap already. But there
>>>> are two question here.
>>>>
>>>> 1. How can I check the django-auth-ldap version?
>>>>
>>>> 2. What do you mean of install via virt env? I’m follow the edX
>>>> Ubuntu 12.04 +64 bit installation guide to install the edX, is that virt
>>>> env?
>>>>
>>>>
>>>> *https://github.com/edx/configuration/wiki/edX-Ubuntu-12.04-64-bit-Installation*
>>>>
>>>> <https://github.com/edx/configuration/wiki/edX-Ubuntu-12.04-64-bit-Installation>
>>>>
>>>>
>>>>
>>>>
>>>> -----------------------------------------------------------------------------------------
>>>>
>>>> root@ethiopia:/edx/app/edxapp/edx-platform/lms/envs# pip install
>>>> django-auth-ldap
>>>>
>>>> Requirement already satisfied (use --upgrade to upgrade):
>>>> django-auth-ldap in /usr/local/lib/python2.7/dist-packages
>>>>
>>>> Requirement already satisfied (use --upgrade to upgrade): django in
>>>> /usr/local/lib/python2.7/dist-packages (from django-auth-ldap)
>>>>
>>>> Requirement already satisfied (use --upgrade to upgrade):
>>>> python-ldap>=2.0 in /usr/local/lib/python2.7/dist-packages (from
>>>> django-auth-ldap)
>>>>
>>>> Requirement already satisfied (use --upgrade to upgrade): setuptools in
>>>> /usr/local/lib/python2.7/dist-packages (from
>>>> python-ldap>=2.0->django-auth-ldap)
>>>>
>>>> Cleaning up...
>>>>
>>>>
>>>>
>>>> Thanks and Regards,
>>>>
>>>> Terence Yip
>>>>
>>>> Lachlan Musicman於 2015年2月24日星期二 UTC+8上午7時15分46秒寫道:
>>>>
>>>>> Sorry, I've been organising a conference and have been awol. I'll be
>>>>> able to take a look next week. But quickly:
>>>>>
>>>>> I don't understand why you have two versions of Django, I would
>>>>> suggest that is an issue.
>>>>>
>>>>> You should be using django-auth-ldap, and that's got Django > 1.3 as a
>>>>> requirement.
>>>>>
>>>>> You shouldn't need to create the %user - that is done automatically by
>>>>> the django-auth-ldap
>>>>>
>>>>> Finally, please please please use a virtual environment. It makes all
>>>>> of this significantly easier - like finding django-auth-ldap is as
>>>>> easy as "pip install django-auth-ldap".
>>>>>
>>>>> It's recommended you don't install via apt-get. While apt-get is easy
>>>>> and centralised, in the case of web apps, I would install via virt env
>>>>> and pip every time.
>>>>>
>>>>> cheers
>>>>> L.
>>>>> ------
>>>>> "This is a profound psychological violence here. How can one even
>>>>> begin to speak of dignity in labor when one secretly feels one's job
>>>>> should not exist?"
>>>>>
>>>>> On the Phenomenon of Bullshit Jobs, David Graeber
>>>>> http://strikemag.org/bullshit-jobs/
>>>>>
>>>>>
>>>>> On 23 February 2015 at 19:09, 'Yip Terence' via Django users
>>>>> <django...@googlegroups.com> wrote:
>>>>> > Hi L,
>>>>> >
>>>>> > Actually, I has been input the LDAP string in
>>>>> > /edx/app/edxapp/edx-platform/lms/envs/common.py. But there a two
>>>>> problems
>>>>> > after the configuration. Firstly, the script can't get the %user
>>>>> value I
>>>>> > need to hardcode the username / email in the connection string than
>>>>> I can
>>>>> > login to edx. Secondly, can't to create an user profile when first
>>>>> login.
>>>>> >
>>>>> > Is it need to modify the views.py and urls.py file for collect the
>>>>> %user
>>>>> > value and create the user profile?
>>>>> >
>>>>> >
>>>>> > I have 2 version django in edx.
>>>>> > ./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/
>>>>> lib/Django-1.3/django/bin/django-admin.py
>>>>> > ./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/
>>>>> lib/Django-1.2.5/django/bin/django-admin.py
>>>>> >
>>>>> >
>>>>> > ldap_auth_ldap:
>>>>> > How can I find the version? I using the apt-get to install the
>>>>> package.
>>>>> >
>>>>> > The search settings.py result.
>>>>> > -----------Setttings.py-------------------
>>>>> > ./edx/app/xqueue/xqueue/xqueue/settings.py
>>>>> > ./edx/app/xqueue/venvs/xqueue/lib/python2.7/site-packages/
>>>>> django/conf/project_template/project_name/settings.py
>>>>> > ./edx/app/xqueue/venvs/xqueue/lib/python2.7/site-packages/
>>>>> newrelic-2.18.1.15/newrelic/api/settings.py
>>>>> > ./edx/app/edxapp/edx-platform/common/test/acceptance/pages/studio/settings.py
>>>>> >
>>>>>
>>>>> > ./edx/app/edxapp/edx-platform/lms/djangoapps/django_comment_client/settings.py
>>>>> >
>>>>>
>>>>> > ./edx/app/edxapp/edx-platform/lms/lib/comment_client/settings.py
>>>>> > ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/
>>>>> django_countries/tests/settings.py
>>>>> > ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/method_override/settings.py
>>>>> >
>>>>>
>>>>> > ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/example/settings.py
>>>>> >
>>>>>
>>>>> > ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/
>>>>> django/conf/project_template/project_name/settings.py
>>>>> > ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/
>>>>> dealer/contrib/django/settings.py
>>>>> > ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/
>>>>> newrelic-2.18.1.15/newrelic/api/settings.py
>>>>> > ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/django_extensions/settings.py
>>>>> >
>>>>>
>>>>> > ./edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/appconf/tests/settings.py
>>>>> >
>>>>>
>>>>> > ./edx/app/edxapp/venvs/edxapp/src/django-pipeline/pipeline/conf/settings.py
>>>>> >
>>>>>
>>>>> > ./edx/app/edxapp/venvs/edxapp/src/django-pipeline/tests/settings.py
>>>>> > ./edx/app/edxapp/venvs/edxapp/src/edx-val/edxval/settings.py
>>>>> > ./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/
>>>>> lib/Django-1.3/django/conf/project_template/settings.py
>>>>> > ./edx/app/edxapp/venvs/edxapp/src/lettuce/tests/integration/
>>>>> lib/Django-1.2.5/django/conf/project_template/settings.py
>>>>> > ./usr/local/lib/python2.7/dist-packages/django/conf/
>>>>> project_template/project_name/settings.py
>>>>> >
>>>>> > Thank you very much for your assistance.
>>>>> >
>>>>> > Thanks and Regards,
>>>>> > Terence Yip
>>>>> >
>>>>> > Lachlan Musicman於 2015年2月10日星期二 UTC+8下午12時22分50秒寫道:
>>>>> >>
>>>>> >> Yip, EDX looks complex - can you search for the settings file and
>>>>> report
>>>>> >> back?
>>>>> >>
>>>>> >> AuthLDAP is annoying, but it does work - I've used it successfully
>>>>> >> against an AD backend. The error messages are important to read.
>>>>> >>
>>>>> >> But first, find your settings file.
>>>>> >>
>>>>> >> You will need to provide us with more info too. What's not working?
>>>>> >> What have you put into the settings file? What version of django is
>>>>> >> EDX using, and does django_auth_ldap provide support for that
>>>>> django
>>>>> >> version, what error messages are you getting? Can you attach to the
>>>>> >> ldap server from just the django shell (ie, are the username and
>>>>> >> password etc correct)?
>>>>> >>
>>>>> >> cheers
>>>>> >> L.
>>>>> >> ------
>>>>> >> "This is a profound psychological violence here. How can one even
>>>>> >> begin to speak of dignity in labor when one secretly feels one's
>>>>> job
>>>>> >> should not exist?"
>>>>> >>
>>>>> >> On the Phenomenon of Bullshit Jobs, David Graeber
>>>>> >> http://strikemag.org/bullshit-jobs/
>>>>> >>
>>>>> >>
>>>>> >> On 10 February 2015 at 15:00, 'Yip Terence' via Django users
>>>>> >> <django...@googlegroups.com> wrote:
>>>>> >> > Dear All,
>>>>> >> >
>>>>> >> > I have been installed the open edx and django_auth_ldap package
>>>>> >> > (http://code.edx.org/) in our environment. However, I'm not
>>>>> successful
>>>>> >> > to
>>>>> >> > config the Auth with LDAP. Could anyone could provide the guide
>>>>> to me?
>>>>> >> > I
>>>>> >> > don't know where is the settings.py file path in open edx.
>>>>> >> >
>>>>> >> > Please help.
>>>>> >> >
>>>>> >> > Thanks and Regards,
>>>>> >> > Terence Yip
>>>>> >> >
>>>>> >> > --
>>>>> >> > You received this message because you are subscribed to the
>>>>> Google
>>>>> >> > Groups
>>>>> >> > "Django users" group.
>>>>> >> > To unsubscribe from this group and stop receiving emails from it,
>>>>> send
>>>>> >> > an
>>>>> >> > email to django-users...@googlegroups.com.
>>>>> >> > To post to this group, send email to django...@googlegroups.com.
>>>>> >> > Visit this group at http://groups.google.com/group/django-users.
>>>>> >> > To view this discussion on the web visit
>>>>> >> >
>>>>> >> > https://groups.google.com/d/msgid/django-users/65f0df30-
>>>>> c315-401c-9711-9228779a65ed%40googlegroups.com.
>>>>> >> > For more options, visit https://groups.google.com/d/optout.
>>>>> >
>>>>> > --
>>>>> > You received this message because you are subscribed to the Google
>>>>> Groups
>>>>> > "Django users" group.
>>>>> > To unsubscribe from this group and stop receiving emails from it,
>>>>> send an
>>>>> > email to django-users...@googlegroups.com.
>>>>> > To post to this group, send email to django...@googlegroups.com.
>>>>> > Visit this group at http://groups.google.com/group/django-users.
>>>>> > To view this discussion on the web visit
>>>>> > https://groups.google.com/d/msgid/django-users/7c969ba2-
>>>>> 7c03-41a9-a25e-8836280517cb%40googlegroups.com.
>>>>> >
>>>>> > For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Django users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to django-users...@googlegroups.com.
>>>> To post to this group, send email to django...@googlegroups.com.
>>>> Visit this group at http://groups.google.com/group/django-users.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/django-users/ee41bfae-4c40-43dc-83c0-d04ddbd6133f%40googlegroups.com
>>>>
>>>> <https://groups.google.com/d/msgid/django-users/ee41bfae-4c40-43dc-83c0-d04ddbd6133f%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/4a5c9c8d-f69a-419b-a676-85b96426e79b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
