django活动目录后端没有属性__getitem__ [英] django active directory backend no attribute __getitem__
问题描述
一直在尝试使用此处找到的代码片段 https://djangosnippets.org/snippets/2899/有一个ldap后端,但是当我现在登录到我的管理页面时,我收到错误
ive been trying to use the snippet found here https://djangosnippets.org/snippets/2899/ to have an ldap back end, however when i now login to my admin page i get the error
TypeError at /admin/login/
'NoneType' object has no attribute '__getitem__'
Request Method: POST
Request URL: http://it.intranet.com/admin/login/?next=/admin/
Django Version: 1.9.6
Exception Type: TypeError
Exception Value:
'NoneType' object has no attribute '__getitem__'
Exception Location: /var/www/infternal/infternal/backend.py in get_or_create_user, line 69
Python Executable: /usr/bin/python
Python Version: 2.7.5
Python Path:
['/var/www/infternal',
'/usr/lib64/python27.zip',
'/usr/lib64/python2.7',
'/usr/lib64/python2.7/plat-linux2',
'/usr/lib64/python2.7/lib-tk',
'/usr/lib64/python2.7/lib-old',
'/usr/lib64/python2.7/lib-dynload',
'/usr/lib64/python2.7/site-packages',
'/usr/lib64/python2.7/site-packages/gtk-2.0',
'/usr/lib/python2.7/site-packages']
Server time: Wed, 18 May 2016 11:54:09 +0000
我认为这是因为我没有成功连接到ldap服务器?
I presume this is happening because i haven't successfully connected to the ldap server?
我如何测试?
后端代码完全从代码片段复制。
我的settings.py如下
The backend code is copied exactly from the snippet. my settings.py is as below
我不知道的唯一的事情是AD_CERT_FILE字段,我不知道这是什么,或为什么,但是因为我没有使用ssl我推测它不需要?
The only thing i wasnt sure of was the AD_CERT_FILE field, i dont know where this is or what to put for that, but as i wasnt using ssl i presumed it wasnt needed?
# active directory authentication module
AD_DNS_NAME = 'example.domain.com' # FQDN of your DC (using just the Domain Name to utilize all DC's)
# If using non-SSL use these
AD_LDAP_PORT=389
AD_LDAP_URL='ldap://%s:%s' % (AD_DNS_NAME,AD_LDAP_PORT)
# If using SSL use these:
#AD_LDAP_PORT=636
#AD_LDAP_URL='ldaps://%s:%s' % (AD_DNS_NAME,AD_LDAP_PORT)
AD_SEARCH_DN = 'DC=example,DC=domain,DC=com'
AD_NT4_DOMAIN = 'example.domain.COM'
AD_SEARCH_FIELDS = ['mail','givenName','sn','sAMAccountName','memberOf']
AD_MEMBERSHIP_ADMIN = ['ITService_App_Admin'] # this ad group gets superuser status in django
# only members of this group can access
AD_MEMBERSHIP_REQ = AD_MEMBERSHIP_ADMIN + ['GS_ITsupport',
'GS_ITDevelopment',]
AD_CERT_FILE = '/certs/certfile' # this is the certificate of the Certificate Authority issuing your DCs certificate
AD_DEBUG=True #Set to false for prod, Slows things down ALOT
AD_DEBUG_FILE='/tmp/ldap.debug'
AUTHENTICATION_BACKENDS = (
'infternal.backend.ActiveDirectoryAuthenticationBackend',
'django.contrib.auth.backends.ModelBackend', #Comment out to prevent authentication from DB
)
推荐答案
这不是你的错,你得到的TypeError消息不是很丰富。
It is not your fault, the TypeError message you got is not very informative.
这个特定的片段需要您镜像Django中的相关AD组(您必须使用管理员在Django中创建相同的组)。组不应该有相同的名称,而是使用以下约定(来自源中的注释):
This particular snippet requires you to mirror your relevant AD groups in Django (you must create the same groups in Django using the admin). The groups should not have the same name, instead, the following convention is used (from a comment in the source):
我们的AD组与Django组进行了镜像,但以ID(注意空格)开头。
Our AD groups were mirrored with the Django groups but prefaced with "ID " (notice the space)
如果您的Django组名为ITsupport您的AD组必须称为ID ITsupport等。
If your Django group is named "ITsupport" then your AD group must be called "ID ITsupport" and so on.
如果要修改此行为,则必须更改第142行的正则表达式:
If you want to modify this behavior, you must change the regular expression at line 142:
re.compile(r'^CN=ID (?P<groupName>[\w|\d|\s]+),')
例如:
re.compile(r'^CN=(?P<groupName>MyADGroup|MyOtherAdGroup|AndSoOn),')
只需将原始表达式替换为由管道分隔的AD组列表( | )。您仍然必须使用Django管理员或shell创建组。
Just replace the original expression with a list of your AD groups separated by a pipe (|). You still have to create the groups using the Django admin or the shell.
这篇关于django活动目录后端没有属性__getitem__的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
