ldapsearch的,Django的LDAP的身份验证和"数据52E,v1db1" [英] ldapsearch, django-ldap-auth and "data 52e, v1db1"
问题描述
我试图让Django的身份验证,LDAP的工作,但我不断收到无效的凭证(49)的错误,尽管有正确的凭据:
I'm trying to get django-auth-ldap working, but I keep getting invalid credentials (49) errors, despite having correct credentials:
additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
使用Python-LDAP(2.4.13)和Django的AUTH-LDAP(1.1.4)在Ubuntu 12.04.3反对的Windows Server 2008 R2。我按照安装说明操作位置: http://pythonhosted.org/django-auth-ldap/的Install.html 这里: HTTP:/ /www.djm.org.uk/using-django-auth-ldap-active-directory-ldaps
第二个环节建议测试使用的连接:
The second link recommends testing the connection using:
ldapsearch -H ldaps://ldap-x.companygroup.local:636 -D "CN=Something LDAP,OU=Random Group,DC=companygroup,DC=local" -w "p4ssw0rd" -v -d 1
在当地,这将是:
Locally, that would be:
ldapsearch -H ldap://192.168.0.3 -D "cn=testadmin,dc=fds,dc=local" -w "password" -v -d 1
这对我来说没有工作,但下面确实
This didn't work for me, but the following did
ldapsearch -H ldap://192.168.0.3 -D "dc=fds,dc=local" -U "testadmin" -w "password" -v -d 1
让我很高兴。在移动用户伸到-U标志我也尝试了以下没有成功:
so I was happy. Before moving the user out into the -U flag I had also tried the following without success:
ldapsearch -H ldap://192.168.0.3 -D "cn=testadmin,ou=Users,dc=fds,dc=local" -w "password" -v -d 1
ldapsearch -H ldap://192.168.0.3 -D "uid=testadmin,dc=fds,dc=local" -w "password" -v -d 1
ldapsearch -H ldap://192.168.0.3 -D "uid=testadmin,ou=Users,dc=fds,dc=local" -w "password" -v -d 1
我的Django的身份验证,LDAP设置如下:
My django-auth-ldap settings are:
import ldap
from django_auth_ldap.config import LDAPSearch
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_SERVER_URI = 'ldap://192.168.0.3'
AUTH_LDAP_BIND_DN = 'uid=testadmin,ou=Users,dc=fds,dc=local'
AUTH_LDAP_BIND_PASSWORD = 'password'
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=fds,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user))")
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_DEBUG_LEVEL: 0,
ldap.OPT_REFERRALS: 0,
}
此不按上述方式工作,具有同样的错误。正如你所看到的,我尝试登录使用三种形式:testadmin的账户,[域] \ testadmin的账户和testadmin的账户@ [域]。本地,具有相同的误差
This doesn't work, with the same error as above. As you can see, I try logging in using the three forms: testadmin, [domain]\testadmin and testadmin@[domain].local, each with the same error.
Development server is running at http://0.0.0.0:8000/
Quit the server with CONTROL-C.
Caught LDAPError while authenticating testadmin: INVALID_CREDENTIALS({'info': '80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc': 'Invalid credentials'},)
[06/Sep/2013 08:51:38] "POST /admin/ HTTP/1.1" 200 2027
Caught LDAPError while authenticating testadmin@fds.local: INVALID_CREDENTIALS({'info': '80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc': 'Invalid credentials'},)
[06/Sep/2013 08:53:40] "POST /admin/ HTTP/1.1" 200 2037
Caught LDAPError while authenticating fds\testadmin: INVALID_CREDENTIALS({'info': '80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc': 'Invalid credentials'},)
[06/Sep/2013 08:53:50] "POST /admin/ HTTP/1.1" 200 2031
我已经尝试了一些改变,以中/各种comibinations包括设置:
I have tried a number of alterations to the settings in various comibinations of/including:
AUTH_LDAP_BIND_DN = 'uid=testadmin,ou=Domain Users,ou=Users,dc=fds,dc=local'
AUTH_LDAP_BIND_DN = 'cn=testadmin,ou=Users,dc=fds,dc=local'
AUTH_LDAP_BIND_DN = 'cn=testadmin,ou=Users,dc=fds,dc=local'
AUTH_LDAP_BIND_DN = 'uid=testadmin,dc=fds,dc=local'
AUTH_LDAP_BIND_DN = 'cn=testadmin,dc=fds,dc=local'
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Domain Users,ou=Users,dc=fds,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user))")
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=FDS Users,dc=fds,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user))")
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=IT Users,ou=FDS Users,dc=fds,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user))")
我不完全理解AD或LDAP,但我从我在网上找到的例子工作 - 其中每个OU的是在我的域包含用户或其他OU的包含用户现有OU
I don't fully understand AD or LDAP, but am working from examples I've found online - each of those ou's is an existing ou in my domain that contains users or other ou's containing users.
在我看来,这个问题涉及到任何的设置
It seems to me that the problem relates to either the settings
AUTH_LDAP_BIND_DN = 'uid=testadmin,ou=Users,dc=fds,dc=local'
AUTH_LDAP_BIND_PASSWORD = 'password'
或
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=fds,dc=local",
ldap.SCOPE_SUBTREE, "(uid=%(user))")
但我不确定 - 不知道下一步该怎么做来解决这个问题。任何想法?
but am unsure - and don't know what to do next to solve this problem. Any ideas?
推荐答案
原来我一直在寻找在错误的地方的错误。这是一个BIND错误,而不是用户认证错误。需要注意的是有之间的误差是否在AUTH_LDAP_BIND_DN或AUTH_LDAP_USER_SEARCH混淆。
Turns out I was looking for the error in the wrong place. It was a BIND error, not a user auth error. Note that there was confusion between whether the error was in AUTH_LDAP_BIND_DN or AUTH_LDAP_USER_SEARCH.
溶液
AUTH_LDAP_BIND_DN ='CN = testadmin的账户,OU = FDS用户,DC = FDS,DC =本地
AUTH_LDAP_BIND_DN = 'cn=testadmin,ou=FDS Users,dc=fds,dc=local'
AUTH_LDAP_BIND_DN需要参照的专有名称,即它需要为指向的完全的用户所在的位置 - 它不是搜索一组或OU这么多的情况下这是链接。
AUTH_LDAP_BIND_DN needs to refer to a Distinguished Name, ie, it needs to point to exactly where the user is located - it isn't a case of "search a group or OU" so much as "this is the link".
以上的工作。
这篇关于ldapsearch的,Django的LDAP的身份验证和"数据52E,v1db1"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
