[Django]-Django-Ldap-Authentication

3👍

Make sure AUTH_LDAP_SERVER_URI should be hostname or IP address of AD.
In django settings.py :

AUTH_LDAP_SERVER_URI = "ldap://hostname or Ip address of active directory"
AUTH_LDAP_BIND_DN = "CN=sAMAccountName,CN=Users,DC=yourdomain,DC=com"
AUTH_LDAP_BIND_PASSWORD = *******
AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_REFERRALS: 0,
}
AUTH_LDAP_USER_SEARCH = LDAPSearch('CN=Users,DC=yourdomain,DC=com', 
ldap.SCOPE_SUBTREE, "userPrincipalName=%(user)s")

AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend')

And views.py should be like this,

from django.contrib.auth import views as auth_views
from forms import ProjectRequestForm, ExAuthenticationForm

def login(request):
    return auth_views.login(request, template_name='login.html', authentication_form=ExAuthenticationForm)

2👍

My experience with LDAP didn’t call for any view changes. I used the django-auth-ldap library which only required additional settings to use:

#-----------------------------------------------------------------------------#
#
#   LDAP Settings
#
#-----------------------------------------------------------------------------#

AUTHENTICATION_BACKENDS += ('django_auth_ldap.backend.LDAPBackend',) 

AUTH_LDAP_SERVER_URI = "ldaps://your.ldap.server"

AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=example,dc=com"

Using a bind login works as well with these additional settings:

import ldap
from django_auth_ldap.config import LDAPSearch

AUTH_LDAP_BIND_DN = "<user>"
AUTH_LDAP_BIND_PASSWORD = "<password>"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=example,dc=com",ldap.SCOPE_SUBTREE, "(uid=%(user)s)")

Normal Django login views work fine with this setup.

EDIT: I should add that one should confirm that LDAP is working via the command line on the server before trying with Django. This is what held me up at first.

0👍

I would recommend to use the class based view. Also, you should assign username and password with the input of the user.

Also you should only use the authenticate() function.

from django.contrib.auth import authenticate

class LoginView(FormView):
    form_class = LoginForm
    success_url = reverse_lazy('main')
    template_name = 'module_name/login.html'

    def form_valid(self, form):
        username = form.cleaned_data['username']
        password = form.cleaned_data['password']
        user = authenticate(username=username, password=password)

        if user is not None and user.is_active:
            login(self.request, user)
                return super(LoginView, self).form_valid(form)
        else:
            return self.form_invalid(form)
👤ikreb

0👍

Use the default Django LoginView to start with. It should work…

def login(request):
    return LoginView.as_view(template_name='login.html')(request)

Leave a comment