Here's my experience with ldapauth.py[1] with AD: Here is the basic settings[2]:
LDAP_SERVER_URI = 'ldap://ldap.company.com:389' First of all it seems AD LDAP is pretty picky. I had to play with several different settings until I found something that worked. There are two ways to determine the DN of the AD user. -- The first is to search for it. You would need to set the following in settings.py[3]: LDAP_PREBINDDN = [EMAIL PROTECTED] LDAP_PREBINDPW = secret You would also need to change the following in LDAPBackend._pre_bind from: result = l.search_s(self.settings['LDAP_SEARCHDN'], self.settings['LDAP_SCOPE'], filter, attrsonly=1) to this: result_id = l.search(self.settings['LDAP_SEARCHDN'], self.settings['LDAP_SCOPE'], filter, attrsonly=1) result_type, result = l.result(result_id, 0) search_s is synchronous and for some reason my AD LDAP server didn't like it and complained like so: "In order to perform this operation a successful bind must be completed on the connection." After that change everything seemed to work just fine. I didn't test this, but I suspect that there you can bind to the AD LDAP server using the username and password that you are trying to authenticate with. The only problem with this method is that you may not be able to decipher between invalid credentials and a nonexistent account. Not a big deal if you don't auto-create accounts in Django with accounts from AD. --- The second method involves knowing the DN beforehand, which includes the full name of the user (not the username) as it appears in AD. It looks something like this: 'CN=<full name>,OU=our users,DC=example,DC=com' The only way to get the full name is to make sure it is the same in Django as it is in AD. Then you'd have to modify ldapauth.py to try and get the user model from Django first, get the full name and create the DN using that. You could to do this by modifying _pre_bind. [1] http://code.djangoproject.com/attachment/ticket/2507/ldapauth.py [2] as mentioned by Joseph using AD explorer and looking at the settings in http://code.google.com/p/s-o-l/source/browse/trunk/settings_prod_change.py helps alot [3] you need an account from your IT dept with a password that doesn't expire. Hope that helps --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
