Using AD as authentication for Django


Question

I'm working on a Django-based application in a corporate environment and would like to use the existing Active Directory system for authentication of users (so they don't get yet another login/password combo). I would also like to continue to use Django's user authorization / permission system to manage user capabilities.

Does anyone have a good example of this?

1
27
1/4/2009 3:37:29 AM

Accepted Answer

Here's another more recent snippet (July 2008, updated Dec 2015):

Authentication Against Active Directory (LDAP) over SSL

10
3/21/2018 2:44:45 PM

The link provided by Jeff indeed works though it assumes you have a you have a default group where users are added to. I simply replaced:

group=Group.objects.get(pk=1)

by

group,created=Group.objects.get_or_create(name="everyone")

If you want tighter integration & more features there is also django-auth-ldap which gives you you more control over how ldap users/group are mapped onto django users/groups.

For debugging the ldap connection I found this blog post useful, in particular the command for testing the ldap connection with ldap-utils:

ldapsearch -H ldaps://ldap-x.companygroup.local:636 -D "CN=Something LDAP,OU=Random Group,DC=companygroup,DC=local" -w "p4ssw0rd" -v -d 1

If you are using ssl there is also the issue of getting hold of a certificate will play nice with. Either you extract it from the server, or you can follow these instructions to generate your own.


Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow
Icon