LDAP 绑定失败:LDAPOperationsErrorResult - 1 - operationsError - None - 000004DC: LdapErr: DSID-0C090A5C,
LDAP bind failed: LDAPOperationsErrorResult - 1 - operationsError - None - 000004DC: LdapErr: DSID-0C090A5C,
我正在使用“django-python3-ldap”。我已经通过命令“./manage.py ldap_sync_users”
设置了所有同步用户
这显示了以下绑定错误
LDAP connect succeeded LDAP bind failed: LDAPOperationsErrorResult - 1 - operationsError - None - 000004DC: LdapErr: DSID-0C090A5C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4563 - searchResDone - None Traceback (most recent call last): File "/usr/local/lib/python3.5/dist-packages/django_python3_ldap/ldap.py", line 182, in connection yield Connection(c) File "/usr/local/lib/python3.5/dist-packages/django_python3_ldap/management/commands/ldap_sync_users.py", line 24, in handle for user in connection.iter_users(): File "/usr/local/lib/python3.5/dist-packages/django_python3_ldap/ldap.py", line 93, in <genexpr> self._get_or_create_user(entry) File "/usr/local/lib/python3.5/dist-packages/ldap3/extend/standard/PagedSearch.py", line 68, in paged_search_generator None if cookie is True else cookie) File "/usr/local/lib/python3.5/dist-packages/ldap3/core/connection.py", line 853, in search response = self.post_send_search(self.send('searchRequest', request, controls)) File "/usr/local/lib/python3.5/dist-packages/ldap3/strategy/sync.py", line 178, in post_send_search responses, result = self.get_response(message_id) File "/usr/local/lib/python3.5/dist-packages/ldap3/strategy/base.py", line 403, in get_response raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) ldap3.core.exceptions.LDAPOperationsErrorResult: LDAPOperationsErrorResult - 1 - operationsError - None - 000004DC: LdapErr: DSID-0C090A5C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4563 - searchResDone - None
这是我的设置文件
` # LDAP 服务器的 URL。
LDAP_AUTH_URL = "ldaps://example.com:636"
# Initiate TLS on connection.
LDAP_AUTH_USE_TLS = True
# The LDAP search base for looking up users.
LDAP_AUTH_SEARCH_BASE = "---correct search base is provided---
# User model fields mapped to the LDAP
# attributes that represent them.
LDAP_AUTH_USER_FIELDS = {
# "username": "userPrincipalName",
"username": "sAMAccountName",
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
LDAP_AUTH_OBJECT_CLASS = "user"
# LDAP_AUTH_OBJECT_CLASS = "inetOrgPerson"
LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)
LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"
LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"
LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"
LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory_principal"
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "https://www.example.com/"
LDAP_AUTH_CONNECTION_USERNAME = None
LDAP_AUTH_CONNECTION_PASSWORD = None
LDAP_AUTH_CONNECT_TIMEOUT = None
LDAP_AUTH_RECEIVE_TIMEOUT = None
AUTHENTICATION_BACKENDS = (
'django_python3_ldap.auth.LDAPBackend',
'django.contrib.auth.backends.ModelBackend', # this is default
'guardian.backends.ObjectPermissionBackend', # guardian dependencies
)
`
知道我做错了什么吗?
我不了解 Django,但我看到了一些东西:
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "https://www.example.com/"
根据我看到的文档,这不应该是 URL。它应该只是您的 AD 域的域名,如下所示:
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "example.com"
另外,这个:
LDAP_AUTH_CONNECTION_USERNAME = None
LDAP_AUTH_CONNECTION_PASSWORD = None
这意味着您正在尝试匿名绑定,大多数域都不允许这样做。
我正在使用“django-python3-ldap”。我已经通过命令“./manage.py ldap_sync_users”
设置了所有同步用户这显示了以下绑定错误
LDAP connect succeeded LDAP bind failed: LDAPOperationsErrorResult - 1 - operationsError - None - 000004DC: LdapErr: DSID-0C090A5C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4563 - searchResDone - None Traceback (most recent call last): File "/usr/local/lib/python3.5/dist-packages/django_python3_ldap/ldap.py", line 182, in connection yield Connection(c) File "/usr/local/lib/python3.5/dist-packages/django_python3_ldap/management/commands/ldap_sync_users.py", line 24, in handle for user in connection.iter_users(): File "/usr/local/lib/python3.5/dist-packages/django_python3_ldap/ldap.py", line 93, in <genexpr> self._get_or_create_user(entry) File "/usr/local/lib/python3.5/dist-packages/ldap3/extend/standard/PagedSearch.py", line 68, in paged_search_generator None if cookie is True else cookie) File "/usr/local/lib/python3.5/dist-packages/ldap3/core/connection.py", line 853, in search response = self.post_send_search(self.send('searchRequest', request, controls)) File "/usr/local/lib/python3.5/dist-packages/ldap3/strategy/sync.py", line 178, in post_send_search responses, result = self.get_response(message_id) File "/usr/local/lib/python3.5/dist-packages/ldap3/strategy/base.py", line 403, in get_response raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) ldap3.core.exceptions.LDAPOperationsErrorResult: LDAPOperationsErrorResult - 1 - operationsError - None - 000004DC: LdapErr: DSID-0C090A5C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4563 - searchResDone - None
这是我的设置文件
` # LDAP 服务器的 URL。 LDAP_AUTH_URL = "ldaps://example.com:636"
# Initiate TLS on connection.
LDAP_AUTH_USE_TLS = True
# The LDAP search base for looking up users.
LDAP_AUTH_SEARCH_BASE = "---correct search base is provided---
# User model fields mapped to the LDAP
# attributes that represent them.
LDAP_AUTH_USER_FIELDS = {
# "username": "userPrincipalName",
"username": "sAMAccountName",
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
LDAP_AUTH_OBJECT_CLASS = "user"
# LDAP_AUTH_OBJECT_CLASS = "inetOrgPerson"
LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)
LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"
LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"
LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"
LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory_principal"
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "https://www.example.com/"
LDAP_AUTH_CONNECTION_USERNAME = None
LDAP_AUTH_CONNECTION_PASSWORD = None
LDAP_AUTH_CONNECT_TIMEOUT = None
LDAP_AUTH_RECEIVE_TIMEOUT = None
AUTHENTICATION_BACKENDS = (
'django_python3_ldap.auth.LDAPBackend',
'django.contrib.auth.backends.ModelBackend', # this is default
'guardian.backends.ObjectPermissionBackend', # guardian dependencies
)
`
知道我做错了什么吗?
我不了解 Django,但我看到了一些东西:
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "https://www.example.com/"
根据我看到的文档,这不应该是 URL。它应该只是您的 AD 域的域名,如下所示:
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "example.com"
另外,这个:
LDAP_AUTH_CONNECTION_USERNAME = None
LDAP_AUTH_CONNECTION_PASSWORD = None
这意味着您正在尝试匿名绑定,大多数域都不允许这样做。