Wednesday, April 29, 2009

Using python ldap to authenticate a django app to a windows domain controller

I used a HOWTO and the auth backend from django ticket 2507 to get django working with a linux openldap. The next task was to get it working with windows. This will probably depend on your AD structure more than anything else. I used the following in settings.py:

import ldap
AUTHENTICATION_BACKENDS = (
'myapp.ldapauth.LDAPBackend',
)
LDAP_DEBUG=True
LDAP_SERVER_URI='ldap://mydomain.com'
LDAP_SEARCHDN='ou=Staff,dc=mydomain,dc=com'
LDAP_SEARCH_FILTER = 'sAMAccountName=%s'
LDAP_PREBINDDN = 'bindacct@mydomain.com'
LDAP_PREBINDPW = 'pass'
LDAP_BIND_ATTRIBUTE = 'cn'
LDAP_FIRST_NAME = 'givenName'
LDAP_LAST_NAME = 'sn'

I used ipython to debug my ldap setup:

ipython
import ldap
ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
l = ldap.initialize('ldap://server:port')
l.simple_bind_s('domainuser@mydomain.com','pass')
l.search_s('ou=people,dc=mydomain,dc=com',ldap.SCOPE_SUBTREE,'sAMAccountName=domainuser')

The next step is to follow the Microsoft instructions for enabling SSL so the creds don't travel in cleartext.

No comments: