Geek Answers Handbook

Import LDAP users into django database

I want to import ActiveDirectory database users into Django. For this I am trying to use the django_auth_ldap module.

Here is what I tried already:

in my .py settings:

AUTH_LDAP_SERVER_URI = "ldap://example.fr" AUTH_LDAP_BIND_DN = 'cn=a_user,dc=example,dc=fr' AUTH_LDAP_BIND_PASSWORD='' AUTH_LDAP_USER_SEARCH = LDAPSearch('ou=users,dc=example,dc=fr', ldap.SCOPE_SUBTREE, '(uid=%(user)s)') AUTH_LDAP_GROUP_SEARCH = LDAPSearch('ou=groups,dc=example,dc=fr', ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)') AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType() #Populate the Django user from the LDAP directory AUTH_LDAP_USER_ATTR_MAP = { 'first_name': 'sAMAccountName', 'last_name': 'displayName', 'email': 'mail' } AUTHENTICATION_BACKENDS = ( 'django_auth_ldap.backend.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', )

Then I call python manage.py syncdb with no result. Warnings, no errors, nothing was updated in the auth_user table. Is there something obvious that I forgot to do?

+8
django active-directory ldap django-auth-ldap
source share
2 answers

Looking at the documentation for django_auth_ldap , it looks like the module does not actually browse LDAP users and does not load them into the database. Instead, it authenticates the user against LDAP, and then adds or updates them to auth_users with the information that it receives from LDAP when the user logs on.

If you want to pre-populate the database with all users in Active Directory, then it looks like you need to write a script that directly requests AD and inserts users.

Something like this should start:

 import ldap l = ldap.initialize('ldap://your_ldap_server') # or ldaps:// l.simple_bind_s("cn=a_user,dc=example,dc=fr") users = l.search_ext_s("memberOf=YourUserGroup",\ ldap.SCOPE_SUBTREE, \ "(sAMAccountName=a_user)", \ attrlist=["sAMAccountName", "displayName","mail"]) # users is now an array of members who match your search criteria. # *Each* user will look something like this: # [["Firstname"],["LastName"],["some@email.address"]] # Note that each field is in an array, even if there is only one value. # If you only want the first value from each, you can transform the results: # users = [[field[0] for field in user] for user in users] # That will transform each row into something like this: # ["Firstname", "Lastname", "some@email.address"] # TODO -- add to the database.

I left you a database update, since I have no information about your setup.

If you need more information on LDAP queries, check out LDAP questions here at Stackoverflow - and I also found this article for help .

+7
source share

I would say that you really do not want to use django_auth_ldap here, as it just creates users on demand at login (as others have noted). Instead, you can simply use the raw python_ldap module to execute the raw LDAP request:

 username = "..." password = "..." scope = ldap.SCOPE_SUBTREE base = "ou=...,dc=...,dc=..." filter="..." retrieve_attributes=['cn','uid','displayName'] l = ldap.open("your.ldap.server") l.protocol_version = ldap.VERSION3 l.simple_bind(username, password) results = l.search_s(base, scope, filter, retrieve_attributes)

And then iterate over the results to stuff them into your model.

+2
source share

More articles:


All Articles