Thanks Roberto. I was able to get LDAP authentication to work! But when a new user logs in for the first time using LDAP, it creates a user account, but marks the user as not having a "usable password" Is there a way to prevent this so full user creation can be automated? At the moment, each user that logs in needs to wait for the admin to go in and reset the password.
On Friday, January 13, 2012 11:10:52 AM UTC-8, Roberto Rosario wrote: > > Just recently at work I had to get our Mayan EDMS instance to authenticate > users against the main HQ Microsoft AD. The process was not difficult, but > it wasn't a breeze in the park either. This is how I did it in case it's > of help for anyone else. > > I used these two libraries as they seemed the most maintained from the > quick search I did. > http://www.python-ldap.org/ > http://packages.python.org/django-auth-ldap/ > > After figuring out the corresponding OU, CN and such (which took quite a > while since I'm not well versed in LDAP). For configuration options, Mayan > EDMS imports settings_local.py after importing settings.py to allow users > to override the defaults without modifying any file tracked by Git, this > makes upgrading by using Git's pull command extremely easy. My > settings_local.py file is as follows: > > > import ldap > from django_auth_ldap.config import LDAPSearch > > # makes sure this works in Active Directory > ldap.set_option(ldap.OPT_REFERRALS, 0) > > AUTH_LDAP_SERVER_URI = "ldap://172.16.XX.XX:389"; > AUTH_LDAP_BIND_DN = 'cn=Roberto Rosario > Gonzalez,ou=Aguadilla,ou=XX,ou=XX,dc=XX,dc=XX,dc=XX' > AUTH_LDAP_BIND_PASSWORD = 'XXXXXXXXXXXXXX' > AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=XX,dc=XX,dc=XX', > ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)') > > # Populate the Django user from the LDAP directory. > AUTH_LDAP_USER_ATTR_MAP = { > "first_name": "givenName", > "last_name": "sn", > "email": "mail" > } > > # This is the default, but I like to be explicit. > AUTH_LDAP_ALWAYS_UPDATE_USER = True > > AUTHENTICATION_BACKENDS = ( > 'django_auth_ldap.backend.LDAPBackend', > 'django.contrib.auth.backends.ModelBackend', > ) > > The AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD are required because > anonymous queries are not allowed in out organization's tree, my user > account is being used to do the query, but a dummy account will be created > and used later on. The AUTH_LDAP_USER_SEARCH = > LDAPSearch('dc=XX,dc=XX,dc=X bit took some trial and error as it wasn't > very intuitive to figure out, this is not an issue of the library, but of > Active Directory and of our particular LDAP forrest. > > For a more advanced example check this StackOverflow question: > http://stackoverflow.com/questions/6493985/django-auth-ldap > -- --- You received this message because you are subscribed to the Google Groups "Mayan EDMS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
