Switching from LDAP to AD LDAPS using Python Django

Converting authentication from LDAP to AD LDAPS

Python + Django

==============
Following Django Docs: https://django-auth-ldap.readthedocs.io/en/latest/authentication.html

OLD:
AUTH_LDAP_SERVER_URI = "ldap://ldap-example.test.com"
NEW:
AUTH_LDAP_SERVER_URI = "ldaps://ad.example.com"

==============
I have worked with the AD administrator to set these values correctly. I changed the values themselves for obvious privacy reasons.

AUTH_LDAP_BIND_DN = "cn=ex-test,cn=user,dc=test,dc=ad"
AUTH_LDAP_BIND_PASSWORD = "{PASSWORD}"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=sites,dc=test,dc=ad",ldap.SCOPE_SUBTREE,"(uid=%(user)s)")

AUTH_LDAP_CONNECTION_OPTIONS = {ldap.OPT_REFERRALS: 0}

AUTH_LDAP_USER_DN_TEMPLATE = "cn=%(user)s,ou=sites,dc=test,dc=ad" 
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True

AUTH_LDAP_GROUP_SEARCH = LDAPSearch("cn=priv-ex,ou=due,ou=ldap,ou=shared,dc=test,dc=ad", ldap.SCOPE_SUBTREE)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr='cn')

AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "usersName",
    "last_name": "usersLastName",
    "email": "usersEmail"
}

AUTH_LDAP_REQUIRE_GROUP = "cn=DUE-MAIN,ou=DUE,ou=Applications,ou=Sharing,o=LDAP"

==============

Problem

It will not work for login. I do not know what I am doing wrong as I am following the docs precisely.

Questions

Q1: Is there anyway I can test the connection from a terminal or command line?

Q2: I have seen the django-pyad package recommened with a settings.py that looks like

# settings.py
AUTHENTICATION_BACKENDS = [
    'django_pyad.backend.ADBackend',
]

# AD configuration
AD_LDAP_SERVER = "ad.example.com"
AD_NT4_DOMAIN = "example"
AD_SEARCH_DN = "OU=Users,DC=ad,DC=example,DC=com"

Should I scrap what I did for the previous LDAP tree and go this route instead? Or can I re-use the previous LDAP connection code but change the values for AD like I am doing now?

Use either #1 or #2 to authenticate but NOT both at the same time. This was my problem.

1

AUTH_LDAP_BIND_DN = 
AUTH_LDAP_BIND_PASSWORD = 
AUTH_LDAP_USER_SEARCH = LDAPSearch()

2

AUTH_LDAP_USER_DN_TEMPLATE = 
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
Back to Top