使用django-python3-ldap查找安全组的用户 [英] Find users of security group with django-python3-ldap

问题描述

非常是LDAP和AD的新功能.我正在使用django-python3-ldap对django应用程序的用户进行身份验证. 我们希望做到这一点，以便只有部分用户可以访问我们的django应用程序，因此昨天他们添加了安全组"MyAppGroup".唯一的问题是，我似乎无法将其添加到搜索库中.用户查找总是失败.

Very new to LDAP and AD. I'm using django-python3-ldap to authenticate users of my django app. We want to make it so that only a subset of our users can access our django app, so yesterday they added the security group 'MyAppGroup.' Only problem is, I don't seem able to add this to the search base. User lookup always fails.

有效的搜索基础(返回所有用户):

Working search base (returns ALL users):

"ou=Basic Users, ou=BIGAPP Users,dc=subd,dc=domain,dc=com"

当我问时，他们说MyAppGroup是一个安全组，基本用户"和"BIGAPP用户"是"AD成员".

When I asked, they said that MyAppGroup was a security group, and that "Basic Users" and "BIGAPP Users" were "AD Members."

dsquery group -name "MyAppGroup"

返回:

CN=MyAppGroup,OU=BIGAPP Groups,dc=subd,dc=domain,dc=com

此结果不能作为搜索基础. 我是否需要添加自定义搜索过滤器才能正常工作?感谢您的帮助.

This result does not work as the search base. Do I need to add a custom search filter for this to work? Any help is appreciated.

现在将(&(memberOf = BIGAPPS组)(memberOf = cn = MyAppGroup))添加到搜索过滤器中会返回"LDAP用户属性为空"

Adding (&(memberOf=BIGAPPS Group)(memberOf=cn=MyAppGroup)) to search filters now returns "LDAP user attributes empty"

运行命令dsget group "CN=MyAppGroup,OU=BIGAPP Groups,dc=subd,dc=domain,dc=com" -members -expand返回组成员列表:

EDIT 2: Running the command dsget group "CN=MyAppGroup,OU=BIGAPP Groups,dc=subd,dc=domain,dc=com" -members -expand returns a list of group members:

"CN =用户McLastname，OU =基本用户，OU = BIGAPP组，dc = subd，dc =域，dc = com" "CN = User2姓氏，OU =基本用户，OU = BIGAPP组，dc = subd，dc =域，dc = com"，.etc

"CN=User McLastname,OU=Basic Users,OU=BIGAPP Groups,dc=subd,dc=domain,dc=com" "CN=User2 o'Lastname,OU=Basic Users,OU=BIGAPP Groups,dc=subd,dc=domain,dc=com",..etc

所以我知道这个小组存在.我觉得我缺少一些小东西来完成这项工作.

So I know the group exists. I feel like I'm missing some small piece to make this work.

LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"

LDAP_AUTH_USE_TLS = True

LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "SUBD"
LDAP_AUTH_SEARCH_BASE="DC=subd,DC=domain,DC=com"
LDAP_AUTH_OBJECT_CLASS="user"
LDAP_AUTH_USER_FIELDS = {
    "username": "sAMAccountName,
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}

LDAP_AUTH_FORMAT_SEARCH_FILTERS="myapp.searchfilter.myapp_search_filters"

---

搜索过滤器

---

Search filters

def myapp_search_filters(ldap_fields):
    search_filters = format_search_filters(ldap_fields)
    search_filters.append("(&(memberOf=cn=MyAppGroup,OU=BIGAPP_Group,DC=subd,DC=domain,dc=com))")

推荐答案

在memberOf过滤器中使用组的标准DN:(&(memberOf=CN=MyAppGroup,OU=BIGAPP Groups,dc=subd,dc=domain,dc=com))

Use the fully qualified DN of the group in the memberOf filter: (&(memberOf=CN=MyAppGroup,OU=BIGAPP Groups,dc=subd,dc=domain,dc=com))

这篇关于使用django-python3-ldap查找安全组的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！