LDAP integration

Technical aspects, customization, code samples.
msvabik
Posts: 14
Joined: Tue Sep 24, 2019 12:38 pm

Re: LDAP integration

Post by msvabik »

Hi,
my ldap.py

Code: Select all

from __future__ import absolute_import

from mayan.settings.production import *

import ldap
from django_auth_ldap.config import LDAPSearch

from django.contrib.auth import get_user_model

SECRET_KEY = 'j1_j&28e_9s$%=tll(ili8=)!*@76o+*-zj78h(5hzi1-^ar1c'

# makes sure this works in Active Directory
ldap.set_option(ldap.OPT_REFERRALS, 0)

# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True

LDAP_USER_AUTO_CREATION = "False"

LDAP_URL = "ldap://10.0.1.199:389/"
LDAP_BASE_DN = "DC=adip,DC=cz"
LDAP_ADDITIONAL_USER_DN = "CN=Users"
LDAP_ADMIN_DN = "CN=Administrator,CN=Users,DC=adip,DC=cz"
LDAP_PASSWORD = "password"

AUTH_LDAP_SERVER_URI = LDAP_URL
AUTH_LDAP_BIND_DN = LDAP_ADMIN_DN
AUTH_LDAP_BIND_PASSWORD = LDAP_PASSWORD

AUTH_LDAP_USER_SEARCH = LDAPSearch(
    '%s,%s' % (LDAP_ADDITIONAL_USER_DN, LDAP_BASE_DN),
    ldap.SCOPE_SUBTREE, '(samaccountname=%(user)s)'
)
AUTH_LDAP_USER_ATTR_MAP = {
    'first_name': 'givenName',
    'last_name': 'sn',
    'email': 'mail'
}
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'mayan.media.mayan_settings.ldap.EmailOrUsernameModelBackend',
)


class EmailOrUsernameModelBackend(object):
    """
    This is a ModelBacked that allows authentication with either a username or $
    """
    def authenticate(self, username=None, password=None):
        if '@' in username:
            kwargs = {'email': username}
        else:
            kwargs = {'username': username}
        try:
            user = get_user_model().objects.get(**kwargs)
            if user.check_password(password):
                return user
        except get_user_model().DoesNotExist:
            return None

    def get_user(self, username):
        try:
            return get_user_model().objects.get(pk=username)
        except get_user_model().DoesNotExist:
            return None
error in /var/log/supervisor/

Code: Select all

[2020-01-06 14:28:10 +0000] [1625] [INFO] Starting gunicorn 19.9.0
[2020-01-06 14:28:10 +0000] [1625] [INFO] Listening at: http://0.0.0.0:8000 (1625)
[2020-01-06 14:28:10 +0000] [1625] [INFO] Using worker: sync
[2020-01-06 14:28:10 +0000] [1660] [INFO] Booting worker with pid: 1660
[2020-01-06 14:28:10 +0000] [1662] [INFO] Booting worker with pid: 1662
[2020-01-06 14:28:11 +0000] [1662] [ERROR] Exception in worker process
Traceback (most recent call last):
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/gunicorn/arbiter.py", line 583, in spawn_worker
    worker.init_process()
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/gunicorn/workers/base.py", line 129, in init_process
    self.load_wsgi()
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/gunicorn/workers/base.py", line 138, in load_wsgi
    self.wsgi = self.app.wsgi()
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/gunicorn/app/base.py", line 67, in wsgi
    self.callable = self.load()
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/gunicorn/app/wsgiapp.py", line 52, in load
    return self.load_wsgiapp()
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/gunicorn/app/wsgiapp.py", line 41, in load_wsgiapp
    return util.import_app(self.app_uri)
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/gunicorn/util.py", line 350, in import_app
    __import__(module)
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/mayan/wsgi.py", line 15, in <module>
    application = get_wsgi_application()
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/django/core/wsgi.py", line 13, in get_wsgi_application
    django.setup(set_prefix=False)
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/django/__init__.py", line 22, in setup
    configure_logging(settings.LOGGING_CONFIG, settings.LOGGING)
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/django/conf/__init__.py", line 56, in __getattr__
    self._setup(name)
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/django/conf/__init__.py", line 41, in _setup
    self._wrapped = Settings(settings_module)
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/django/conf/__init__.py", line 110, in __init__
    mod = importlib.import_module(self.SETTINGS_MODULE)
  File "/opt/mayan-edms/lib/python3.6/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/mayan/media/mayan_settings/ldap.py", line 5, in <module>
    import ldap
  File "/opt/mayan-edms/media/mayan_settings/ldap.py", line 6, in <module>
    from django_auth_ldap.config import LDAPSearch
  File "/opt/mayan-edms/local/lib/python3.6/site-packages/django_auth_ldap/config.py", line 36, in <module>
    import ldap.filter
ModuleNotFoundError: No module named 'ldap.filter'; 'ldap' is not a package
[2020-01-06 14:28:11 +0000] [1662] [INFO] Worker exiting (pid: 1662)
[2020-01-06 14:28:11 +0000] [1660] [ERROR] Exception in worker process
Mayan-Edms Not Start.

Best regards, Michal

User avatar
rssfed23
Moderator
Moderator
Posts: 213
Joined: Mon Oct 14, 2019 1:18 pm
Location: United Kingdom
Contact:

Re: LDAP integration

Post by rssfed23 »

That error is happening because the python-ldap package isn't installed anymore after your upgrade.

As I mentioned above, you will need to run the "/opt/mayan-edms/bin/pip install python-ldap django-auth-ldap" steps again after upgrading to 3.3.x
Please bear with us during the current global situation. The team all have families and local communities to look after as well as the community here. Responses may be delayed during this time, but rest assured we will get to your query eventually.

msvabik
Posts: 14
Joined: Tue Sep 24, 2019 12:38 pm

Re: LDAP integration

Post by msvabik »

Hello,
I have done this several times and without success ...

Code: Select all

Requirement already satisfied: python-ldap in /opt/mayan-edms/lib/python3.6/site-packages (3.2.0)
Requirement already satisfied: django-auth-ldap in /opt/mayan-edms/lib/python3.6/site-packages (2.1.0)
Requirement already satisfied: pyasn1-modules>=0.1.5 in /opt/mayan-edms/lib/python3.6/site-packages (from python-ldap) (0.2.7)
Requirement already satisfied: pyasn1>=0.3.7 in /opt/mayan-edms/lib/python3.6/site-packages (from python-ldap) (0.4.8)
Requirement already satisfied: Django>=1.11 in /opt/mayan-edms/lib/python3.6/site-packages (from django-auth-ldap) (1.11.27)
Requirement already satisfied: pytz in /opt/mayan-edms/lib/python3.6/site-packages (from Django>=1.11->django-auth-ldap) (2019.1)
root@thor:~#

User avatar
rssfed23
Moderator
Moderator
Posts: 213
Joined: Mon Oct 14, 2019 1:18 pm
Location: United Kingdom
Contact:

Re: LDAP integration

Post by rssfed23 »

Can you try:

Code: Select all

sudo apt-get install -y libsasl2-dev python-dev libldap2-dev libssl-dev
/opt/mayan-edms/bin/pip install pyldap ldap3
See if that helps. Someone else reported similar on stackoverflow and needed pyldap (rather than python-ldap) to get it working.
Please bear with us during the current global situation. The team all have families and local communities to look after as well as the community here. Responses may be delayed during this time, but rest assured we will get to your query eventually.

msvabik
Posts: 14
Joined: Tue Sep 24, 2019 12:38 pm

Re: LDAP integration

Post by msvabik »

Thank you for your response and advice.
I performed a clean install and restored the data from the backup.
Mayan-edms works OK without ldap.
I installed python-ldap and django-auth-ldap, set the configuration to ldap.py (as above) and got into the same state as before the reinstallation.
I tried:
Can you try:

Code: Select all

sudo apt-get install -y libsasl2-dev python-dev libldap2-dev libssl-dev
/opt/mayan-edms/bin/pip install pyldap ldap3

See if that helps. Someone else reported similar on stackoverflow and needed pyldap (rather than python-ldap) to get it working.
Without success.

User avatar
rssfed23
Moderator
Moderator
Posts: 213
Joined: Mon Oct 14, 2019 1:18 pm
Location: United Kingdom
Contact:

Re: LDAP integration

Post by rssfed23 »

Thanks for trying that.

As that didn’t work, I’ve logged an issue on Gitlab for the team to investigate to see if this is a local environment issue or bug in Mayan itself: https://gitlab.com/mayan-edms/mayan-edms/issues/743
I recommend you subscribe to that issue (notifications on the right hand side) so you can be notified of updates but I will report back here when an update is known.

Thanks,
Rob
Please bear with us during the current global situation. The team all have families and local communities to look after as well as the community here. Responses may be delayed during this time, but rest assured we will get to your query eventually.

User avatar
rssfed23
Moderator
Moderator
Posts: 213
Joined: Mon Oct 14, 2019 1:18 pm
Location: United Kingdom
Contact:

Re: LDAP integration

Post by rssfed23 »

Msvabik, there is an update on the Gitlab issue. If you're able to sign up and comment on that it would be appreciated, but it does look like this isn't an issue with Mayan itself but a missing package on the system still.

Rob
Please bear with us during the current global situation. The team all have families and local communities to look after as well as the community here. Responses may be delayed during this time, but rest assured we will get to your query eventually.

msvabik
Posts: 14
Joined: Tue Sep 24, 2019 12:38 pm

Re: LDAP integration

Post by msvabik »

Fixed, ldap authentication is working.
Follow this link: https://stackoverflow.com/questions/386 ... nding-ldap
I renamed the ldap.py file in / opt / mayan-edms / media / mayan_settings / to ldaplogin.py. I edited the code in ldaplogin.py on line 41 and now everything is working.

Code: Select all

from __future__ import absolute_import

from mayan.settings.production import *

import ldap
from django_auth_ldap.config import LDAPSearch

from django.contrib.auth import get_user_model

SECRET_KEY = 'ln!&jmryilq!r_$ux=7py%b54(_z(xq@%0#@743t8u%$wt7%m!'

# makes sure this works in Active Directory
ldap.set_option(ldap.OPT_REFERRALS, 0)

# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True

LDAP_USER_AUTO_CREATION = "False"

LDAP_URL = "ldap://10.0.1.199:389/"
LDAP_BASE_DN = "DC=adip,DC=cz"
LDAP_ADDITIONAL_USER_DN = "CN=Users"
LDAP_ADMIN_DN = "CN=Administrator,CN=Users,DC=adip,DC=cz"
LDAP_PASSWORD = "password"

AUTH_LDAP_SERVER_URI = LDAP_URL
AUTH_LDAP_BIND_DN = LDAP_ADMIN_DN
AUTH_LDAP_BIND_PASSWORD = LDAP_PASSWORD

AUTH_LDAP_USER_SEARCH = LDAPSearch(
    '%s,%s' % (LDAP_ADDITIONAL_USER_DN, LDAP_BASE_DN),
    ldap.SCOPE_SUBTREE, '(samaccountname=%(user)s)'
)
AUTH_LDAP_USER_ATTR_MAP = {
    'first_name': 'givenName',
    'last_name': 'sn',
    'email': 'mail'
}
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'mayan.media.mayan_settings.ldaplogin.EmailOrUsernameModelBackend',
)


class EmailOrUsernameModelBackend(object):
    """
    This is a ModelBacked that allows authentication with either a username or $
    """
    def authenticate(self, username=None, password=None):
        if '@' in username:
            kwargs = {'email': username}
        else:
            kwargs = {'username': username}
        try:
            user = get_user_model().objects.get(**kwargs)
            if user.check_password(password):
                return user
        except get_user_model().DoesNotExist:
            return None

    def get_user(self, username):
        try:
            return get_user_model().objects.get(pk=username)
        except get_user_model().DoesNotExist:
            return None

User avatar
rssfed23
Moderator
Moderator
Posts: 213
Joined: Mon Oct 14, 2019 1:18 pm
Location: United Kingdom
Contact:

Re: LDAP integration

Post by rssfed23 »

Glad to hear you got it resolved. I've submitted a MR to the FAQ so that it can be updated and point to the GitLab issue incase others experience the same: https://gitlab.com/mayan-edms/mayan-edm ... equests/71
Please bear with us during the current global situation. The team all have families and local communities to look after as well as the community here. Responses may be delayed during this time, but rest assured we will get to your query eventually.

Post Reply