LDAP Config with latest version.

[raminderj]

I am using COLDFRONT_CONFIG=/srv/coldfront/local_settings.py to set path to local_setting and trying to connect to our ldap. I am having issues starting the server. The previous version works fine with the same config but not able to make it work with v1.0.3.

Following are the sample config in local_settings.py. The coldfront server does not start with the following config.

import ldap
from django_auth_ldap.config import GroupOfNamesType, LDAPSearch

PLUGIN_AUTH_LDAP=True
AUTH_LDAP_SERVER_URI='server'
AUTH_LDAP_USER_SEARCH_BASE='dc=rc,dc=domain'
AUTH_LDAP_START_TLS=False
#AUTH_LDAP_BIND_AS_AUTHENTICATING_USER=False
AUTH_LDAP_BIND_DN='user'
AUTH_LDAP_BIND_PASSWORD='passssss'
#AUTH_LDAP_MIRROR_GROUPS=True
AUTH_LDAP_USER_SEARCH=LDAPSearch(AUTH_LDAP_USER_SEARCH_BASE, ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
AUTH_LDAP_GROUP_SEARCH_BASE='dc=rc,dc=domain'
AUTH_LDAP_GROUP_SEARCH=LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASE, ldap.SCOPE_SUBTREE, '(objectClass=groupOfNames)')
AUTH_LDAP_GROUP_TYPE=GroupOfNamesType()
AUTH_LDAP_USER_ATTR_MAP={
#'uid' : 'sAMAccountName',
'username': 'uid',
'first_name': 'givenName',
'last_name': 'sn',
'email': 'mail',
}

EXTRA_AUTHENTICATION_BACKENDS+=['django_auth_ldap.backend.LDAPBackend',]

[aebruno]

I am using COLDFRONT_CONFIG=/srv/coldfront/local_settings.py to set path to local_setting and trying to connect to our ldap. I am having issues starting the server. The previous version works fine with the same config but not able to make it work with v1.0.3.

EXTRA_AUTHENTICATION_BACKENDS has been deprecated.

If you want full control over the ldap auth configs, base your /srv/coldfront/local_settings.py off this file. That shows how to enable ldap auth in v1.0.3. You can also do this entirely via environment variables without having to create a custom local_settings file. But they are mutually exclusive. So don't use both a local_settings file with ldap auth configs AND enable PLUGIN_AUTH_LDAP as they do the same thing and would step on each other.

[raminderj]

Thanks!! I made the change and after that I get following error. Any ideas on this?

DEBUG=True coldfront runserver coldfront.rc.fas.harvard.edu:9000
Watching for file changes with StatReloader
Exception in thread django-main-thread:
Traceback (most recent call last):
File "/usr/lib64/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/usr/lib64/python3.6/threading.py", line 864, in run
self._target(*self._args, **self._kwargs)
File "/srv/coldfront/venv/lib64/python3.6/site-packages/django/utils/autoreload.py", line 54, in wrapper
fn(*args, **kwargs)
File "/srv/coldfront/venv/lib64/python3.6/site-packages/django/core/management/commands/runserver.py", line 109, in inner_run
autoreload.raise_last_exception()
File "/srv/coldfront/venv/lib64/python3.6/site-packages/django/utils/autoreload.py", line 77, in raise_last_exception
raise _exception[1]
File "/srv/coldfront/venv/lib64/python3.6/site-packages/django/core/management/init.py", line 337, in execute
autoreload.check_errors(django.setup)()
File "/srv/coldfront/venv/lib64/python3.6/site-packages/django/utils/autoreload.py", line 54, in wrapper
fn(*args, **kwargs)
File "/srv/coldfront/venv/lib64/python3.6/site-packages/django/init.py", line 24, in setup
apps.populate(settings.INSTALLED_APPS)
File "/srv/coldfront/venv/lib64/python3.6/site-packages/django/apps/registry.py", line 95, in populate
"duplicates: %s" % app_config.label)
django.core.exceptions.ImproperlyConfigured: Application labels aren't unique, duplicates: django_su

[aebruno]

@raminderj Check if you have an old coldfront/config/local_settings.py or coldfront/config/local_strings.py. If you do, remove them and see if that fixes it.

[aebruno]

@raminderj Any luck getting this to work?

[raminderj]

thanks for following up on this. To fix the django_su error, I have to set ENABLE_SU=False in coldfront.env. After that the server starts fine and I am able to login using local account but LDAP still does not work. I looked into ./coldfront/config/plugins/ldap.py and found few things. I see now there is no AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PSSWORD config's. Where should I set those? If I add those to coldfront.env, will it work? I am getting the following error. Any idea on how to fix this?

search_s('ou=rc,ou=Domain Users,dc=rc,dc=domain', 2, '(uid=rjsingh)') raised OPERATIONS_ERROR({'msgtype': 101, 'msgid': 2, 'result': 1, 'desc': 'Operations error', 'ctrls': [], 'info': '000004DC: LdapErr: DSID-0C090A5C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4563'},)

[aebruno]

@raminderj This is bug. I can re-produce this. Should have a fix out shortly. Thanks for reporting this!

I see now there is no AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PSSWORD config's.

These are missing and will be added in the next release.

[aebruno]

@raminderj Just released v1.0.4. If you add AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD to your env config this should hopefully fix your issue. Let us know if this works for you.

[raminderj]

Yes, I did test your latest changes and it works. Thanks!!

[aebruno]

Excellent! Thanks again for reporting this.