Django-python3-ldap - 只有某些活動目錄用戶組可以登錄？

Question

我使用的是坐落於此 https://github.com/etianen/django-python3-ldap#available-settings

我只是想誰是某些羣體的成員可以登錄用戶Django的python3-LDAP模塊，所以我創建了一個功能的建議

def app_users(ldap_fields): 
    # Add in simple filters. 
    ldap_fields["memberOf"] = "App_Admin" 
    # Call the base format callable. 
    search_filters = format_search_filters(ldap_fields) 
    # Advanced: apply custom LDAP filter logic. 
    search_filters.append("(|(memberOf=App_Admin)(memberOf=App_ITUser)(memberOf=App_NetworkUser))") 
    # All done! 
    return search_filters 

然而，這將返回下面再調試

LDAP connect succeeded 
LDAP user attributes empty 

，我認爲它的東西與foo的樣品做，但我不知道如何解決它

感謝

Answer 1

我不記得我做過什麼了這麼久以前的事了，但是這是我的LDAP的配置，我使用LDAP模塊爲Python 3

我沒有寫這個代碼我會從某處獲得它，但我不確定它在哪裏。

import ldap 
# The URL of the LDAP server. 
LDAP_AUTH_URL = 'ldap://domain.com:389' 

# Initiate TLS on connection. 
LDAP_AUTH_USE_TLS = False 

# The LDAP search base for looking up users. 
LDAP_AUTH_SEARCH_BASE = 'DC=domain,DC=com' 

# The LDAP class that represents a user. 
LDAP_AUTH_OBJECT_CLASS = 'organizationalPerson' 

# User model fields mapped to the LDAP 
# attributes that represent them. 
LDAP_AUTH_USER_FIELDS = { 
    'username': 'sAMAccountName', 
    'first_name': 'givenName', 
    'last_name': 'sn', 
    'email': 'mail', 
} 

# A tuple of django model fields used to uniquely identify a user. 
LDAP_AUTH_USER_LOOKUP_FIELDS = ('username',) 

# Path to a callable that takes a dict of {model_field_name: value}, 
# returning a dict of clean model data. 
# Use this to customize how data loaded from LDAP is saved to the User model. 
LDAP_AUTH_CLEAN_USER_DATA = 'django_python3_ldap.utils.clean_user_data' 

# Path to a callable that takes a user model and a dict of {ldap_field_name: [value]}, 
# and saves any additional user relationships based on the LDAP data. 
# Use this to customize how data loaded from LDAP is saved to User model relations. 
# For customizing non-related User model fields, use LDAP_AUTH_CLEAN_USER_DATA. 
LDAP_AUTH_SYNC_USER_RELATIONS = 'django_python3_ldap.utils.sync_user_relations' 

# Path to a callable that takes a dict of {ldap_field_name: value}, 
# returning a list of [ldap_search_filter]. The search filters will then be AND'd 
# together when creating the final search filter. 
LDAP_AUTH_FORMAT_SEARCH_FILTERS = 'django_python3_ldap.utils.format_search_filters' 
#LDAP_AUTH_FORMAT_SEARCH_FILTERS = 'itapp.ldap_filters.app_users' 

# Path to a callable that takes a dict of {model_field_name: value}, and returns 
# a string of the username to bind to the LDAP server. 
# Use this to support different types of LDAP server. 
LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory" 


# Sets the login domain for Active Directory users. 
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = 'DOMAIN' 

# The LDAP username and password of a user for querying the LDAP database for user 
# details. If None, then the authenticated user will be used for querying, and 
# the `ldap_sync_users` command will perform an anonymous query. 
LDAP_AUTH_CONNECTION_USERNAME = None 
LDAP_AUTH_CONNECTION_PASSWORD = None 

LOGGING = { 
    "version": 1, 
    "disable_existing_loggers": False, 
    "handlers": { 
     "console": { 
      "class": "logging.StreamHandler", 
     }, 
    }, 
    "loggers": { 
     "django_python3_ldap": { 
      "handlers": ["console"], 
      "level": "INFO", 
     }, 
    }, 
} 

AUTHENTICATION_BACKENDS = (
    'django_python3_ldap.auth.LDAPBackend', 
    'django.contrib.auth.backends.ModelBackend', #Comment out to prevent authentication from DB 
)