New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LDAP认证用法? #901

Closed
kingsxw opened this Issue Jan 9, 2018 · 9 comments

Comments

Projects
None yet
7 participants
@kingsxw

kingsxw commented Jan 9, 2018

使用版本

0.5.0

问题

在config.py配置好ldap认证信息以后
第一次登陆ldap账号,会有向导导入ldap信息创建一个本地账号,相当于还是使用本地账号和本地认证。
是设计本来就如此,还是我使用方法不对?不能使用ldap认证的话意义不大啊。

@ibuler

This comment has been minimized.

Show comment
Hide comment
@ibuler

ibuler Jan 9, 2018

Member

会把基本信息导入到db中,认证还是走的ldap,如果基本信息都没有页面会无法展示的

Member

ibuler commented Jan 9, 2018

会把基本信息导入到db中,认证还是走的ldap,如果基本信息都没有页面会无法展示的

@kingsxw

This comment has been minimized.

Show comment
Hide comment
@kingsxw

kingsxw Jan 11, 2018

应该是找到问题了,因为用的Windows ad,配置如下
"username": "sAMAccountName",
"name": "displayName",

然后第一次登陆还是得用cn,username": "sAMAccountName这个对初次登陆不生效,按向导提示走完以后
再用cn登陆提示1062, "Duplicate entry 'xxx(此处是sAMAccountName)' for key 'username'"
用sAMAccountName登陆可以,但实际上是本地账户

但是不想用cn做用户名,因为是中文姓名不方便

kingsxw commented Jan 11, 2018

应该是找到问题了,因为用的Windows ad,配置如下
"username": "sAMAccountName",
"name": "displayName",

然后第一次登陆还是得用cn,username": "sAMAccountName这个对初次登陆不生效,按向导提示走完以后
再用cn登陆提示1062, "Duplicate entry 'xxx(此处是sAMAccountName)' for key 'username'"
用sAMAccountName登陆可以,但实际上是本地账户

但是不想用cn做用户名,因为是中文姓名不方便

@kaka1992

This comment has been minimized.

Show comment
Hide comment
@kaka1992

kaka1992 Jan 14, 2018

AUTH_LDAP = True
AUTH_LDAP_SERVER_URI = 'ldap://ldap1.****.com:389'
AUTH_LDAP_BIND_DN = 'uid=jumpserver,ou=Machine,dc=****,dc=com'
AUTH_LDAP_BIND_PASSWORD = '****'
AUTH_LDAP_SEARCH_OU = 'ou=People,dc=****,dc=com'
AUTH_LDAP_SEARCH_FILTER = '(employeeType=devops)'
AUTH_LDAP_USER_ATTR_MAP = {
    "username": "uid",
    "name": "uid",
    "email": "mail"
}
AUTH_LDAP_START_TLS = False

我配置了这些,还是用ldap账号登录不了。现实账号密码不正确,其他的ldap接入系统都能用

kaka1992 commented Jan 14, 2018

AUTH_LDAP = True
AUTH_LDAP_SERVER_URI = 'ldap://ldap1.****.com:389'
AUTH_LDAP_BIND_DN = 'uid=jumpserver,ou=Machine,dc=****,dc=com'
AUTH_LDAP_BIND_PASSWORD = '****'
AUTH_LDAP_SEARCH_OU = 'ou=People,dc=****,dc=com'
AUTH_LDAP_SEARCH_FILTER = '(employeeType=devops)'
AUTH_LDAP_USER_ATTR_MAP = {
    "username": "uid",
    "name": "uid",
    "email": "mail"
}
AUTH_LDAP_START_TLS = False

我配置了这些,还是用ldap账号登录不了。现实账号密码不正确,其他的ldap接入系统都能用

@ibuler

This comment has been minimized.

Show comment
Hide comment
@ibuler

ibuler Jan 15, 2018

Member

AUTH_LDAP_SEARCH_FILTER 应该有问题,%(user)s 不能去掉,另外请 git pull,已支持web页面设置

Member

ibuler commented Jan 15, 2018

AUTH_LDAP_SEARCH_FILTER 应该有问题,%(user)s 不能去掉,另外请 git pull,已支持web页面设置

@ibuler ibuler closed this Jan 15, 2018

@kaka1992

This comment has been minimized.

Show comment
Hide comment
@kaka1992

kaka1992 Jan 15, 2018

我更新代码,配置了%(user)s。还是登录不上,test显示有6位用户存在。

kaka1992 commented Jan 15, 2018

我更新代码,配置了%(user)s。还是登录不上,test显示有6位用户存在。

@Err0rZero

This comment has been minimized.

Show comment
Hide comment
@Err0rZero

Err0rZero Jan 23, 2018

同上,我也遇到了现实有用户存在,但是就没无法做到ldap认证登录,看了日志也没报错

Err0rZero commented Jan 23, 2018

同上,我也遇到了现实有用户存在,但是就没无法做到ldap认证登录,看了日志也没报错

@colinlabs

This comment has been minimized.

Show comment
Hide comment
@colinlabs

colinlabs Feb 8, 2018

+1 有用户显示,无法使用ldap认证登陆 用户过滤器:(uid=%(user)s), @ibuler

colinlabs commented Feb 8, 2018

+1 有用户显示,无法使用ldap认证登陆 用户过滤器:(uid=%(user)s), @ibuler

@renchili

This comment has been minimized.

Show comment
Hide comment
@renchili

renchili Jul 18, 2018

同上 一样的问题 匹配出来一大堆用户然后 并不能登陆

renchili commented Jul 18, 2018

同上 一样的问题 匹配出来一大堆用户然后 并不能登陆

@BigbigY

This comment has been minimized.

Show comment
Hide comment
@BigbigY

BigbigY Oct 11, 2018

+1 AD测试正常,登陆失败,日志中没有报错

BigbigY commented Oct 11, 2018

+1 AD测试正常,登陆失败,日志中没有报错

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment