djangoauthenticationldapdjango-authenticationdjango-auth-ldap

LDAP authentication using user credentials in django


LDAP server which I need to use doesn't support anonymoys authentication, so I need to use user credentials but I don't want to put username and password in config. Is it a way to authenticate user by his credentials?

I can authenticate with config looks like this:

AUTH_LDAP_SERVER_URI = 'ldap://ldap.host.name'
AUTH_LDAP_BIND_DN = 'username'
AUTH_LDAP_BIND_PASSWORD = 'password'
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
    LDAPSearch('OU=MyOU,DC=MyDC,DC=MySiteName,DC=com',ldap.SCOPE_SUBTREE,'(&(memberOf=CN=MyGroup,OU=MyRole,DC=MyDC,DC=MySiteName,DC=com)(sAMAccountName=%(user)s))'),
    LDAPSearch('OU=MyOtherOU,DC=MyDC,DC=MySiteName,DC=com',ldap.SCOPE_SUBTREE,'(&(memberOf=CN=MyOtherGroup,OU=MyRole,DC=MyDC,DC=MySiteName,DC=com)(sAMAccountName=%(user)s))'),
)

or this (without any additional data):

AUTH_LDAP_SERVER_URI = 'ldap://ldap.host.name'
AUTH_LDAP_USER_DN_TEMPLATE = '%(user)s'

In the second way I can't use union search so I can't use it, but it can authenticate without password. I don't know how and I can't find any information about it.

Is it a way to use first way and don't put password in config?


Solution

  • Can you log in to an LDAP server as a user in order to locate the user to log in with? I'm going to go with no. If I'm understanding the question, you want something logically impossible.

    If you're worried about checking credentials into source control or something, you should put them in a file on the server and read them into settings.py at runtime.