Code Monkey home page Code Monkey logo

sal-ldap's People

Contributors

arubdesu avatar grahamgilbert avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

michaelholttech sheagcraig

sal-ldap's Issues

Integrating SAL with AD and UPN

Hi

As said previously I try to integrate SAL login to AD and use UPN instead of SAM to login.

We've a PCI DSS compatible setup with two accounts per IT people (standard one for regular service and personal admin one for IT specific task on server, network devices, etc.).

This mean login with following format:

We use the ext tag to specify that the user in not an employee but a contractor.

Due to the length of all username we can't use SAM account name. It will end up to username impossible to memorize. So we must use UPN for all services.

SAL use Django LDAP backend and get related limitations related to username length. I've managed to find a solution who should work, looking for login with UPN and mapping username to SAM.

AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=Members,DC=corp,DC=example,DC=com", ldap.SCOPE_SUBTREE, "(userPrincipalName=%(user)s)")

AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
    "username": sAMAccountName
}

The first time I log on, it work. I get authenticated and my username in the DB is the SAM one. So perfect.

But at the second login I get an error saying that the username already exist. Here the sal.log content:

[30/May/2016 08:26:01] ERROR [django.request:256] Internal Server Error: /login
Traceback (most recent call last):
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper
    return view(request, *args, **kwargs)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/utils/decorators.py", line 110, in _wrapped_view
    response = view_func(request, *args, **kwargs)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/views/decorators/cache.py", line 57, in _wrapped_view_func
    response = view_func(request, *args, **kwargs)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/contrib/auth/views.py", line 44, in login
    if form.is_valid():
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/forms/forms.py", line 184, in is_valid
    return self.is_bound and not self.errors
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/forms/forms.py", line 176, in errors
    self.full_clean()
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/forms/forms.py", line 393, in full_clean
    self._clean_form()
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/forms/forms.py", line 417, in _clean_form
    cleaned_data = self.clean()
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/contrib/auth/forms.py", line 157, in clean
    password=password)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/contrib/auth/__init__.py", line 74, in authenticate
    user = backend.authenticate(**credentials)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django_auth_ldap/backend.py", line 167, in authenticate
    user = ldap_user.authenticate(password)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django_auth_ldap/backend.py", line 339, in authenticate
    self._get_or_create_user()
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django_auth_ldap/backend.py", line 575, in _get_or_create_user
    self._user.save()
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/db/models/base.py", line 734, in save
    force_update=force_update, update_fields=update_fields)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/db/models/base.py", line 762, in save_base
    updated = self._save_table(raw, cls, force_insert, force_update, using, update_fields)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/db/models/base.py", line 827, in _save_table
    forced_update)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/db/models/base.py", line 877, in _do_update
    return filtered._update(values) > 0
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/db/models/query.py", line 580, in _update
    return query.get_compiler(self.db).execute_sql(CURSOR)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/db/models/sql/compiler.py", line 1062, in execute_sql
    cursor = super(SQLUpdateCompiler, self).execute_sql(result_type)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/db/models/sql/compiler.py", line 840, in execute_sql
    cursor.execute(sql, params)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/db/backends/utils.py", line 64, in execute
    return self.cursor.execute(sql, params)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/db/utils.py", line 97, in __exit__
    six.reraise(dj_exc_type, dj_exc_value, traceback)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/db/backends/utils.py", line 64, in execute
    return self.cursor.execute(sql, params)
  File "/mnt/data/www/sal_env/lib/python2.7/site-packages/django/db/backends/mysql/base.py", line 124, in execute
    return self.cursor.execute(query, args)
  File "/usr/lib64/python2.7/site-packages/MySQLdb/cursors.py", line 174, in execute
    self.errorhandler(self, exc, value)
  File "/usr/lib64/python2.7/site-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
    raise errorclass, errorvalue
IntegrityError: (1062, "Duplicate entry 'yoann.gini-ext-adm' for key 'username'")

Automatically give user permission

I got LDAP working but in order to actually give the account permission I have to log in with the account then log out and back in with the admin user in order to grant the user access to sal? is there any way to automatically do this based on group membership?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.