LDAP conf example 1

DIT (Directory Information Tree)

../../../../../../../../_images/dit_jm4.png

Initialize from base.py

 1 from . import ldap_conf
 2 from .ldap_conf import (
 3     AUTH_LDAP_SERVER_URI,
 4     AUTH_LDAP_BIND_DN,
 5     AUTH_LDAP_BIND_PASSWORD,
 6     AUTH_LDAP_USER_SEARCH,
 7     AUTH_LDAP_GROUP_SEARCH,
 8     AUTH_LDAP_USER_ATTR_MAP,
 9     AUTHENTICATION_BACKENDS,
10     LDAP3_USER,
11     AUTH_LDAP_REQUIRE_GROUP,
12     AUTH_LDAP_GROUP_TYPE,
13     AUTH_LDAP_ALWAYS_UPDATE_USER,
14     AUTH_LDAP_MIRROR_GROUPS,
15     AUTH_LDAP_FIND_GROUP_PERMS,
16 )

ldap_conf.py

  1"""ldap_conf.py
  2
  3- https://django-auth-ldap.readthedocs.io/en/latest/
  4
  5
  6
  7Searching sAMAccountName="msmith" and displaying all attributes
  8===================================================================
  9
 10::
 11
 12    ldapsearch -x -v -h pdc.int.jm4.eu \
 13    -D "<username>" -w "<password>"  \
 14    -b ou=users,ou="mycompany",dc=int,dc=jm4,dc=eu  \
 15    -s sub "(sAMAccountName=msmith)"
 16
 17
 18::
 19
 20    ldap_initialize( ldap://pdc.int.jm4.eu )
 21    filter: (sAMAccountName=msmith)
 22    requesting: All userApplication attributes
 23
 24::
 25
 26
 27    # extended LDIF
 28    #
 29    # LDAPv3
 30    # base <ou=users,ou=mycompany,dc=int,dc=jm4,dc=eu> with scope subtree
 31    # filter: (sAMAccountName=msmith)
 32    # requesting: ALL
 33    #
 34
 35    # Martha SMITH, berlin, Users, mycompany, int.jm4.eu
 36    dn: CN=Martha SMITH,OU=berlin,OU=Users,OU=mycompany,DC=int,DC=i
 37     d3,DC=eu
 38    objectClass: top
 39    objectClass: person
 40    objectClass: organizationalPerson
 41    objectClass: user
 42    cn: Martha SMITH
 43    sn: SMITH
 44    c: DE
 45    l: berlin
 46    st:: SXPDqHJl
 47    description: Compte Utilisateur
 48    postalCode: 38120
 49    telephoneNumber: +33 4 76 75 75 85
 50    facsimileTelephoneNumber: +33 4 76 75 52 30
 51    givenName: Jules
 52    initials: PVE
 53    distinguishedName: CN=Martha SMITH,OU=berlin,OU=Users,OU=jm4 Technolog
 54     ies,DC=int,DC=jm4,DC=eu
 55    instanceType: 4
 56    whenCreated: 20170112125817.0Z
 57    whenChanged: 20190415144530.0Z
 58    displayName: Martha SMITH
 59    uSNCreated: 196753
 60    memberOf: CN=update_admin,OU=Groups,OU=mycompany,DC=int,DC=jm4,DC=eu
 61    memberOf: CN=ops,OU=Groups,OU=mycompany,DC=int,DC=jm4,DC=eu
 62    memberOf: CN=log_admin,OU=Groups,OU=mycompany,DC=int,DC=jm4,DC=eu
 63    memberOf: CN=jm4_all,OU=Groups,OU=mycompany,DC=int,DC=jm4,DC=eu
 64    memberOf: CN=jm4_etage,OU=Groups,OU=mycompany,DC=int,DC=jm4,DC=eu
 65    memberOf: CN=ESX Admins,CN=Users,DC=int,DC=jm4,DC=eu
 66    uSNChanged: 5969820
 67    department:: U2VydmljZXMgR8OpbsOpcmF1eA==
 68    company: mycompany
 69    streetAddress: 85, kropotkine avenue
 70    wWWHomePage: http://www.jm4.eu
 71    name: Martha SMITH
 72    objectGUID:: s+ejvcXxK0GaaC9WHKsmjg==
 73    userAccountControl: 512
 74    badPwdCount: 5
 75    codePage: 0
 76    countryCode: 0
 77    homeDirectory: \\files.srv.int.jm4.eu\msmith
 78    homeDrive: Z:
 79    badPasswordTime: 131998995971195966
 80    lastLogoff: 0
 81    lastLogon: 131995312168156184
 82    scriptPath: logon.bat
 83    pwdLastSet: 131484602237872238
 84    primaryGroupID: 2567
 85    objectSid:: AQUAAAAAAAUVAAAAWB0ASJ7NFHJC/jn0FwoAAA==
 86    accountExpires: 9223372036854775807
 87    logonCount: 3269
 88    sAMAccountName: msmith
 89    sAMAccountType: 805306368
 90    userPrincipalName: msmith@jm4.eu
 91    objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=int,DC=jm4,DC=eu
 92    dSCorePropagationData: 20181109132941.0Z
 93    dSCorePropagationData: 20171017095326.0Z
 94    dSCorePropagationData: 16010101000000.0Z
 95    lastLogonTimestamp: 131998131154488876
 96    mail: martha.smith@jm4.eu@jm4.eu
 97
 98
 99Searching sAMAccountName=msmith  and displaying  sAMAccountName, sn and mail attributes
100===========================================================================================
101
102::
103
104    ldapsearch -x -v -h pdc.int.jm4.eu \
105    -D "<username>" -w "<password>"  \
106    -b ou=users,ou="mycompany",dc=int,dc=jm4,dc=eu  \
107    -s sub "(sAMAccountName=msmith)" \
108    -s sub sAMAccountName sn mail
109
110::
111
112    ldap_initialize( ldap://pdc.int.jm4.eu )
113    filter: (sAMAccountName=msmith)
114    requesting: sAMAccountName sn mail
115    # extended LDIF
116    #
117    # LDAPv3
118    # base <ou=users,ou=mycompany,dc=int,dc=jm4,dc=eu> with scope subtree
119    # filter: (sAMAccountName=msmith)
120    # requesting: sAMAccountName sn mail
121    #
122
123    # Martha SMITH, berlin, Users, mycompany, int.jm4.eu
124    dn: CN=Martha SMITH,OU=berlin,OU=Users,OU=mycompany,DC=int,DC=jm4,DC=eu
125    sn: SMITH
126    sAMAccountName: msmith
127    mail: martha.smith@jm4.eu@jm4.eu
128
129    # search result
130    search: 2
131    result: 0 Success
132
133    # numResponses: 2
134    # numEntries: 1
135
136
137Searching **update_admin** group
138===========================================
139
140::
141
142    ldapsearch -x -v -h pdc.int.jm4.eu \
143    -D "<username>" -w "<password>"  \
144    -b cn="update_admin",ou=groups,ou="mycompany",dc=int,dc=jm4,dc=eu \
145    -s sub "(objectclass=group)"
146
147::
148
149    ldap_initialize( ldap://pdc.int.jm4.eu )
150    filter: (objectclass=group)
151    requesting: All userApplication attributes
152    # extended LDIF
153    #
154    # LDAPv3
155    # base <cn=update_admin,ou=groups,ou=mycompany,dc=int,dc=jm4,dc=eu> with scope subtree
156    # filter: (objectclass=group)
157    # requesting: ALL
158    #
159
160    # update_admin, Groups, mycompany, int.jm4.eu
161    dn: CN=update_admin,OU=Groups,OU=mycompany,DC=int,DC=jm4,DC=eu
162    objectClass: top
163    objectClass: group
164    cn: update_admin
165    member: CN=Martha SMITH,OU=berlin,OU=Users,OU=mycompany,DC=int,DC=jm4,DC=eu
166    distinguishedName: CN=update_admin,OU=Groups,OU=mycompany,DC=int,DC=jm4,DC=eu
167    instanceType: 4
168    whenCreated: 20190412121023.0Z
169    whenChanged: 20190412121054.0Z
170    uSNCreated: 5934034
171    uSNChanged: 5934046
172    name: update_admin
173    objectGUID:: SkBm/DnhFka+Ea78OF0dRw==
174    objectSid:: AQUAAAAAAAUVAAAAWB0ASJ7NFHJC/jn0uwwAAA==
175    sAMAccountName: update_admin
176    sAMAccountType: 268435456
177    groupType: -2147483646
178    objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=int,DC=jm4,DC=eu
179    dSCorePropagationData: 16010101000000.0Z
180
181    # search result
182    search: 2
183    result: 0 Success
184
185    # numResponses: 2
186    # numEntries: 1
187"""
188# https://github.com/python-ldap/python-ldap
189import ldap
190from django_auth_ldap.config import GroupOfNamesType
191from django_auth_ldap.config import LDAPSearch
192from django_auth_ldap.config import LDAPSearchUnion
193
194# DIT = Directory Information Tree
195JM4_BASE_ANNUAIRE_DIT = "DC=int,DC=jm4,DC=eu"
196# JM4 LDAP server
197JM4_LDAP_SERVER = "ldap://pdc.int.jm4.eu"
198AUTH_LDAP_SERVER_URI = JM4_LDAP_SERVER
199AUTH_LDAP_BIND_DN = f"CN=apache,CN=users,{JM4_BASE_ANNUAIRE_DIT}"
200AUTH_LDAP_BIND_PASSWORD = "<password>"
201
202# LDAP research
203JM4_LDAP_SEARCH_BASE = f"OU=mycompany,{JM4_BASE_ANNUAIRE_DIT}"
204JM4_LDAP_SEARCH_USER_BASE = f"OU=users,{JM4_LDAP_SEARCH_BASE}"
205JM4_LDAP_SEARCH_GROUP_BASE = f"OU=groups,{JM4_LDAP_SEARCH_BASE}"
206
207AUTH_LDAP_USER_SEARCH = LDAPSearch(
208    JM4_LDAP_SEARCH_USER_BASE, ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"
209)
210AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
211    JM4_LDAP_SEARCH_GROUP_BASE, ldap.SCOPE_SUBTREE, "(objectClass=group)"
212)
213AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
214
215JM4_AUTHORIZED_GROUP = "update_admin"
216AUTH_LDAP_REQUIRE_GROUP = f"CN={JM4_AUTHORIZED_GROUP},{JM4_LDAP_SEARCH_GROUP_BASE}"
217print(
218    f"AUTH_LDAP_REQUIRE_GROUP={AUTH_LDAP_REQUIRE_GROUP} JM4_AUTHORIZED_GROUP={JM4_AUTHORIZED_GROUP}"
219)
220# What to do once the user is authenticated
221AUTH_LDAP_USER_ATTR_MAP = {
222    "first_name": "givenName",
223    "last_name": "sn",
224    "email": "mail",
225}
226
227# This is the default, but I like to be explicit.
228AUTH_LDAP_ALWAYS_UPDATE_USER = True
229
230# https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-mirror-groups
231AUTH_LDAP_MIRROR_GROUPS = [JM4_AUTHORIZED_GROUP]
232
233# Use LDAP group membership to calculate group permissions.
234AUTH_LDAP_FIND_GROUP_PERMS = True
235
236
237########### Paramètrage Django pour l'utilisation de LDAP ##############
238AUTHENTICATION_BACKENDS = (
239    "accounts.backends.Id3LDAPBackend",
240    "accounts.backends.Id3AuthBackend",
241)
242# For ldap3 package https://ldap3.readthedocs.io/tutorial.html
243LDAP3_USER = "<username>"