Page 1 of 1

LDAP settings not loading?

Posted: Thu Nov 07, 2019 11:23 pm
by rduz
Hi,

I set up my mayan by doing the direct install with the advanced option. It seems to be working fine so I'd like to use LDAP for logging in.

First, I set up an LDAP user on my active directory and I wrote some test scripts runnable from the command line to make sure I can connect to it and successfully query it from the server. All is ok on that front.

I followed this post to set up the integration on Mayan. Once I restart the services, I receive, and continue to receive, (no matter what I seem to do) the error message "Please enter a correct Username and password." At this point, I don't believe the ldap.py module is actually getting loaded, but I'm not certain how I can tell for sure. The reason I believe that is that one thing I did to test it was to put a syntax error in the /opt/mayan-edms/media/mayan_settings/ldap.py file, but I found that the gunicorns still load fine. Also, no interesting messages in /var/log/supervisor/*.log during the restart. Nothing shows up in the supervisor logs during a login attempt either.

How can I prove the ldap module is loaded?

Is there a django or mayan URL that lists the running config variables for example?

How can I cause the program to log the ldap requests and responses to rule out a mis-configuration of the ldap parameters?

Thank you.

Regards,
rduz

Re: LDAP settings not loading?

Posted: Tue Dec 10, 2019 6:50 pm
by mikeg
If you look at the logs it should say something if the LDAP module isn't loading.

For my LDAP config I have to pass it some parameters to install some additional packages/modules to work with LDAP.

Code: Select all

-e MAYAN_SETTINGS_MODULE=mayan_settings.ldap_connection_settings -e MAYAN_PIP_INSTALLS="pyldap django_auth_ldap" -e MAYAN_APT_INSTALLS="libsasl2-dev python3-dev libldap2-dev libssl-dev libgle3 build-essential autoconf libtool pkg-config gcc"
The actual "mayan_settings.ldap_connection_settings" file is as follows:

Code: Select all

from __future__ import absolute_import

import ldap
from django_auth_ldap.config import LDAPSearch

from mayan.settings.base import *  # NOQA
from django.contrib.auth import get_user_model


# makes sure this works in Active Directory
ldap.set_option(ldap.OPT_REFERRALS, 0)
ldap.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True

# Binding and connection options
AUTH_LDAP_SERVER_URI = "ldap://192.168.168.50:389"
AUTH_LDAP_BIND_DN = "MYLDAPUSER@DOMAIN"
AUTH_LDAP_BIND_PASSWORD = "MYPASSWORD"

# User and group search objects and types
AUTH_LDAP_USER_SEARCH = LDAPSearch("DC=domaincontrollername,DC=com",ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")

# Cache settings

# What to do once the user is authenticated
AUTH_LDAP_USER_ATTR_MAP = {
    "username": "sAMAccountName",
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail"
}

AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
#    'mayan_settings.ldap_connection_settings.EmailOrUsernameModelBackend',
)


class EmailOrUsernameModelBackend(object):
    """
    This is a ModelBacked that allows authentication with either a username or an email address.
    """
    def authenticate(self, username=None, password=None):
        if '@' in username:
            kwargs = {'email': username}
        else:
            kwargs = {'username': username}
        try:
            user = get_user_model().objects.get(**kwargs)
            if user.check_password(password):
                return user
        except get_user_model().DoesNotExist:
            return None

    def get_user(self, username):
        try:
            return get_user_model().objects.get(pk=username)
        except get_user_model().DoesNotExist:
            return None