ldap搭建过程
一:安装django-ldap依赖包
pip3 install django-python3-ldap
二:在settings中进行添加
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django_python3_ldap'
]
LDAP_AUTH_URL = "ldap://localost:389"
LDAP_AUTH_USE_TLS = False
LDAP_AUTH_SEARCH_BASE = 'dc=ihopeit,dc=com'
LDAP_AUTH_OBJECT_CLASS = 'inetOrgPerson'
LDAP_AUTH_USER_FIELDS = {
"username": "cn",
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
LDAP_AUTH_USER_LOOKUP_FIELDS = ("username", )
LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = None
LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"
LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"
LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_openldap"
LDAP_AUTH_CONNECTION_USERNAME = "admin"
LDAP_AUTH_CONNECTION_PASSWORD = "password"
AUTHENTICATION_BACKENDS = (
"django_python3_ldap.auth.LDAPBackend",
'django.contrib.auth.backends.ModelBackend',
)
LOGGING = {
"version": 1,
"disable_existing_loggers": False,
"handlers": {
"console": {
"class": "logging.StreamHandler",
},
},
"loggers": {
"django_python3_ldap": {
"handlers": ["console"],
"level": "INFO",
},
},
}
三:用户同步
python3 manage.py migrate
python3 manage.py ldap_sync_users
四:遇到的坑
LDAP bind failed: LDAPInvalidCredentialsResult - 49 - invalidCredentials - N
五:解决办法
第一步:删除admin账户
第二步:重新创建admin
- 选择: Generic: Posix Group
- group: admin
- 添加属性:password,密码自定义
再次执行上述迁移用户即可