ldapsearch, django-ldap-auth and "data 52e, v1db1"
I'm trying to get django-auth-ldap working, but I keep getting invalid
credentials (49) errors, despite having correct credentials:
additional info: 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1
Using python-ldap (2.4.13) and django-auth-ldap (1.1.4) on Ubuntu 12.04.3
against Windows Server 2008 R2. I followed the installation instructions
here: http://pythonhosted.org/django-auth-ldap/install.html and here:
http://www.djm.org.uk/using-django-auth-ldap-active-directory-ldaps
The second link recommends testing the connection using:
ldapsearch -H ldaps://ldap-x.companygroup.local:636 -D "CN=Something
LDAP,OU=Random Group,DC=companygroup,DC=local" -w "p4ssw0rd" -v -d 1
Locally, that would be:
ldapsearch -H ldap://192.168.0.3 -D "cn=testadmin,dc=fds,dc=local" -w
"password" -v -d 1
This didn't work for me, but the following did
ldapsearch -H ldap://192.168.0.3 -D "dc=fds,dc=local" -U "testadmin" -w
"password" -v -d 1
so I was happy. Before moving the user out into the -U flag I had also
tried the following without success:
ldapsearch -H ldap://192.168.0.3 -D
"cn=testadmin,ou=Users,dc=fds,dc=local" -w "password" -v -d 1
ldapsearch -H ldap://192.168.0.3 -D "uid=testadmin,dc=fds,dc=local" -w
"password" -v -d 1
ldapsearch -H ldap://192.168.0.3 -D
"uid=testadmin,ou=Users,dc=fds,dc=local" -w "password" -v -d 1
My django-auth-ldap settings are:
import ldap
from django_auth_ldap.config import LDAPSearch
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_SERVER_URI = 'ldap://192.168.0.3'
AUTH_LDAP_BIND_DN = 'uid=testadmin,ou=Users,dc=fds,dc=local'
AUTH_LDAP_BIND_PASSWORD = 'password'
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=fds,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user))")
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_DEBUG_LEVEL: 0,
ldap.OPT_REFERRALS: 0,
}
This doesn't work, with the same error as above. As you can see, I try
logging in using the three forms: testadmin, [domain]\testadmin and
testadmin@[domain].local, each with the same error.
Development server is running at http://0.0.0.0:8000/
Quit the server with CONTROL-C.
Caught LDAPError while authenticating testadmin:
INVALID_CREDENTIALS({'info': '80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1', 'desc': 'Invalid
credentials'},)
[06/Sep/2013 08:51:38] "POST /admin/ HTTP/1.1" 200 2027
Caught LDAPError while authenticating testadmin@fds.local:
INVALID_CREDENTIALS({'info': '80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1', 'desc': 'Invalid
credentials'},)
[06/Sep/2013 08:53:40] "POST /admin/ HTTP/1.1" 200 2037
Caught LDAPError while authenticating fds\testadmin:
INVALID_CREDENTIALS({'info': '80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1', 'desc': 'Invalid
credentials'},)
[06/Sep/2013 08:53:50] "POST /admin/ HTTP/1.1" 200 2031
I have tried a number of alterations to the settings in various
comibinations of/including:
AUTH_LDAP_BIND_DN = 'uid=testadmin,ou=Domain Users,ou=Users,dc=fds,dc=local'
AUTH_LDAP_BIND_DN = 'cn=testadmin,ou=Users,dc=fds,dc=local'
AUTH_LDAP_BIND_DN = 'cn=testadmin,ou=Users,dc=fds,dc=local'
AUTH_LDAP_BIND_DN = 'uid=testadmin,dc=fds,dc=local'
AUTH_LDAP_BIND_DN = 'cn=testadmin,dc=fds,dc=local'
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Domain
Users,ou=Users,dc=fds,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user))")
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=FDS Users,dc=fds,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user))")
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=IT Users,ou=FDS
Users,dc=fds,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user))")
I don't fully understand AD or LDAP, but am working from examples I've
found online - each of those ou's is an existing ou in my domain that
contains users or other ou's containing users.
It seems to me that the problem relates to either the settings
AUTH_LDAP_BIND_DN = 'uid=testadmin,ou=Users,dc=fds,dc=local'
AUTH_LDAP_BIND_PASSWORD = 'password'
or
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=fds,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user))")
but am unsure - and don't know what to do next to solve this problem. Any
ideas?
No comments:
Post a Comment