On Dec 22, 2009, at 10:40 AM, Wayne wrote:
> Thanks for the prompt reply. Yes, unique=True was the problem. Now I
> passed the "run syncdb" and new tables were created. However, I still
> could not "contact LDAP". Could somebody help me with this?
That would be me.
>
> Thanks!
>
> My settings:
>
> LDAP_SERVER = 'directory.XXXXX'
>
> # If using SSL use these:
> LDAP_PORT = 636
> LDAP_URL = 'ldaps://XXXXXXXX:636'
> SEARCH_DN = 'XXXXXXXX'
> SEARCH_FIELDS = ['sn','cn','uid']
Future note: The point of ldap-groups is to allow a mapping between LDAP OU
group memberships and Django groups, in order to have LDAP users acquire the
permissions that have been assigned to the Django group. So at some point you
will need to add to SEARCH_FIELDS the field on your LDAP user that contains the
list of groups to which the user belongs. If that field is not called
'groupMembership', you will need to edit the ldap_groups.accounts.backends
module, and change lines 205 and 206 to match the name of that field.
This change isn't your initial problem, though, so it can be deferred for a
bit. Eventually I should refactor that field out to its own setting.
> BIND_USER = 'XXXXXXXXXX'
> BIND_PASSWORD = 'XXXXXXXXX'
> CERT_FILE = 'XXXXXXXXXX'
>
> AUTHENTICATION_BACKENDS = (
> 'ldap_groups.accounts.backends.eDirectoryGroupMembershipSSLBackend',
> 'django.contrib.auth.backends.ModelBackend',
> )
[snip]
> Traceback:
>
[snip]
> 154. l.simple_bind_s(username, password)
> File "C:\Python26\lib\site-packages\ldap\ldapobject.py" in
> simple_bind_s
> 206. msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
> File "C:\Python26\lib\site-packages\ldap\ldapobject.py" in simple_bind
> 200. return self._ldap_call
> (self._l.simple_bind,who,cred,EncodeControlTuples
> (serverctrls),EncodeControlTuples(clientctrls))
> File "C:\Python26\lib\site-packages\ldap\ldapobject.py" in _ldap_call
> 96. result = func(*args,**kwargs)
>
> Exception Type: SERVER_DOWN at /admin/
> Exception Value: {'desc': "Can't contact LDAP server"}
The error messages are typically accurate. In this case, "Can't contact LDAP
server" should be taken literally. You should first confirm that the LDAP
server is listening on whatever port at the appropriate DNS name, and that you
have network connectivity to the LDAP server. Once you've confirmed the DNS
name and port, make sure those are in your settings.py file. A quick way to
test is to try to telnet from the system running Django to the LDAP server. An
example:
Ralf: $ telnet ldap.example.com 636
Trying 1.2.3.4...
Connected to ldap.example.com.
Escape character is '^]'.
If you get the above response ("Connected to XXX"), then you have confirmed you
can contact the server, and your next step is to diagnose why python is not
able to establish a client connection. If you do not get that response, your
port or DNS name is incorrect, or you do not have connectivity to the server.
The next step in this case is to figure out why your network connection is not
working as expected.
One starting note: while the standard port for LDAPS is 636, and the standard
port for unencrypted LDAP is 389, vendors may not follow the standard. In
addition, your LDAP administrator can also decide to listen on different ports.
This would be the first thing I'd check.
Let me know your results, and we can move on to the next step.
Regards,
---Peter
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
