Closed TheOrangePuff closed 5 years ago
No idea, I'm afraid. Docker itself should not make a difference.
Try turning on logging, and see what messages you get: https://github.com/etianen/django-python3-ldap#cant-get-authentication-to-work
On Wed, 9 Jan 2019 at 01:24, Daniel van der Ploeg notifications@github.com wrote:
This is a weird issue and I can't work out exactly what's going on...
I'm trying to deploy my Django app to Docker and when testing on my local machine everything works as intended. However when I deployed the containers to Docker (running on Ubuntu LTS) the LDAP login no longer works (logging in as the default admin account works fine).
I can run ldap_sync_users and that works perfectly it's just logging in that doesn't seem to work.
Any ideas as to how I could fix/troubleshoot this? Thanks!
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/etianen/django-python3-ldap/issues/150, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJFCCQaj08QxKq_Ri16mEd4b_wquR7Oks5vBUTbgaJpZM4Z2lcO .
Unfortunately I'm not getting any output from enabling logging.
On my local machine I get: LDAP connect succeeded LDAP user lookup succeeded
So it's clearly working there.
And what do the logs say in the docker deployment?
On Wed, 9 Jan 2019 at 23:00, Daniel van der Ploeg notifications@github.com wrote:
Unfortunately I'm not getting any output from enabling logging.
On my local machine I get: LDAP connect succeeded LDAP user lookup succeeded
So it's clearly working there.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/etianen/django-python3-ldap/issues/150#issuecomment-452901890, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJFCPxyudSvyui0ohvyUFF52pIviSiIks5vBnSKgaJpZM4Z2lcO .
[10/Jan/2019 23:31:57] "POST /login/ HTTP/1.0" 200 2772
[10/Jan/2019 23:32:03] "POST /login/ HTTP/1.0" 200 2772
[10/Jan/2019 23:32:11] "POST /login/ HTTP/1.0" 200 2772
Just this. The logs don't mention anything about LDAP which is confusing...
Here's my config file
import os
import django_pyodbc
import django_python3_ldap
from CarnivalScoringSystem import secretKey, dbSettings, adSettings
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = secretKey.getSecretKey()
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
# Redirect to home URL after login (Default redirects to /accounts/profile/)
LOGIN_REDIRECT_URL = '/home/'
LOGIN_URL = ('login')
ALLOWED_HOSTS = ['*']
# Application definition
INSTALLED_APPS = [
'home.apps.HomeConfig',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django_python3_ldap',
'django_bootstrap_breadcrumbs',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'home.middleware.redirects',
]
ROOT_URLCONF = 'CarnivalScoringSystem.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': ['./templates',],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'CarnivalScoringSystem.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
DATABASES = {
'default': {
'NAME': dbSettings.getName(),
'ENGINE': 'sql_server.pyodbc',
'HOST': dbSettings.getHost(),
'USER': dbSettings.getUserName(),
'PORT': 1433,
'PASSWORD': dbSettings.getPassword(),
'OPTIONS': {
'driver': 'FreeTDS',
'host_is_server': True,
'extra_params': 'TDS_VERSION=7.0',
}
}
}
# Password validation
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
# Internationalization
# https://docs.djangoproject.com/en/1.11/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.11/howto/static-files/
STATIC_URL = '/static/'
STATICFILES_DIRS = [os.path.join(BASE_DIR, 'static/'),]
STATIC_ROOT = '/staticfiles'
AUTHENTICATION_BACKEND = ("django_python3_ldap.auth.LDAPBackend", "django.contrib.auth.backends.ModelBackend",)
# The URL of the LDAP server.
LDAP_AUTH_URL = adSettings.getAuthURL()
# Initiate TLS on connection.
LDAP_AUTH_USE_TLS = False
# The LDAP search base for looking up users.
LDAP_AUTH_SEARCH_BASE = adSettings.getLDAPSearchBase()
# The LDAP class that represents a user.
LDAP_AUTH_OBJECT_CLASS = "organizationalPerson"
AUTH_LDAP_FIND_GROUP_PERMS = True
# User model fields mapped to the LDAP
# attributes that represent them.
LDAP_AUTH_USER_FIELDS = {
"username": "sAMAccountName",
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
"password": "userPassword",
}
# A tuple of django model fields used to uniquely identify a user.
LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)
# Path to a callable that takes a dict of {model_field_name: value},
# returning a dict of clean model data.
# Use this to customize how data loaded from LDAP is saved to the User model.
LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"
# Path to a callable that takes a user model and a dict of {ldap_field_name: [value]},
# and saves any additional user relationships based on the LDAP data.
# Use this to customize how data loaded from LDAP is saved to User model relations.
# For customizing non-related User model fields, use LDAP_AUTH_CLEAN_USER_DATA.
LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"
# Path to a callable that takes a dict of {ldap_field_name: value},
# returning a list of [ldap_search_filter]. The search filters will then be AND'd
# together when creating the final search filter.
LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"
# Path to a callable that takes a dict of {model_field_name: value}, and returns
# a string of the username to bind to the LDAP server.
# Use this to support different types of LDAP server.
LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = adSettings.getADDomain()
# The LDAP username and password of a user for querying the LDAP database for user
# details. If None, then the authenticated user will be used for querying, and
# the `ldap_sync_users` command will perform an anonymous query.
LDAP_AUTH_CONNECTION_USERNAME = adSettings.getUserName()
LDAP_AUTH_CONNECTION_PASSWORD = adSettings.getPassword()
# Set connection/receive timeouts (in seconds) on the underlying `ldap3` library.
LDAP_AUTH_CONNECT_TIMEOUT = None
LDAP_AUTH_RECEIVE_TIMEOUT = None
LOGGING = {
"version": 1,
"disable_existing_loggers": False,
"handlers": {
"console": {
"class": "logging.StreamHandler",
},
'file': {
'level': 'INFO',
'class': 'logging.FileHandler',
'filename': '/app/debug.log',
},
},
"loggers": {
"django_python3_ldap": {
"handlers": ["console", "file"],
"level": "INFO",
},
},
}
Here's the output from when I run ldap_sync_users in the docker deployment
LDAP user lookup succeeded
Synced user01
LDAP user lookup succeeded
Synced user02
Weird, issue, but it feels like something to do with your deployment, rather than django-python3-ldap.
I'd suggest patching in a load of print() statements into bits of django-python3-ldap and django.contrib.auth, and try to figure out what is going on. If it's something that needs fixing in django-python3-ldap, I'll happily take a PR.
On Fri, 11 Jan 2019 at 00:01, Daniel van der Ploeg notifications@github.com wrote:
Here's the output from when I run ldap_sync_users in the docker deployment
LDAP user lookup succeeded Synced user01 LDAP user lookup succeeded Synced user02
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/etianen/django-python3-ldap/issues/150#issuecomment-453309597, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJFCJV5f0cdLqVDNLSrtRKFwglKqYB2ks5vB9Q_gaJpZM4Z2lcO .
Yeah I'll have a go with it next week. I think you're right though but I'll let you know if I find a solution.
Seems I'm also affected. Sync works, login doesn't. AWS Beanstalk + Daphhne
EDIT: nvm, seems that removing LDAP_AUTH_USE_TLS
helped.
So I had another crack at this. Started everything again from the ground up and it seems to be working? Unfortunately don't know how I fixed it so I won't be much use to anyone else who has this issue.
I'll close the issue as it's no longer a problem.
This is a weird issue and I can't work out exactly what's going on...
I'm trying to deploy my Django app to Docker and when testing on my local machine everything works as intended. However when I deployed the containers to Docker (running on Ubuntu LTS) the LDAP login no longer works (logging in as the default admin account works fine).
I can run ldap_sync_users and that works perfectly it's just logging in that doesn't seem to work.
Any ideas as to how I could fix/troubleshoot this? Thanks!