Search code examples
pythonflaskactive-directoryldap

Issue with transform ldapsearch command to flask_ldap3_login settings

I have a problem with transform ldapsearch command to flask_ldap3_login settings.

To check connection to LDAP from Linux server I use this command:

ldapsearch -x -b "ou=intranet,dc=mydreamcorporation,dc=com" -H ldap://ids.mydream-corporation.com -D "myguid=myusername,ou=people,ou=intranet,dc=dreamcorporation,dc=com" -W "uid=myusername" cn uid

Response from LDAP:

extended LDIF
LDAPv3
base <ou=intranet,dc=mydreamcorporation,dc=com> with scope subtree
filter: uid=myusername
requesting: cn uid
MYUSERNAME, people, intranet, mydreamcorporation.com
dn: myguid=myusername,ou=people,ou=intranet,dc=mydreamcorporation,dc=com
cn: my_name
uid: MYUSERNAME
search result
search: 2
result: 0 Success
numResponses: 2
numEntries: 1

My flask_ldap3_login settings: 

from flask import Flask, url_for
from flask_ldap3_login import LDAP3LoginManager
from flask_login import LoginManager, login_user, UserMixin, current_user
from flask import render_template_string, redirect
from flask_ldap3_login.forms import LDAPLoginForm

app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret'
app.config['DEBUG'] = True

my_login = "myusername"
my_password = "password"

# Hostname of your LDAP Server
app.config['LDAP_HOST'] = 'ldap://ids.mydream-corporation.com'

# Port number of your LDAP server
app.config['LDAP_PORT'] = 389

# Base DN of your directory
app.config['LDAP_BASE_DN'] = "dc=mydreamcorporation,dc=com"

# Users DN to be prepended to the Base DN
app.config['LDAP_USER_DN'] = "ou=intranet"

# Groups DN to be prepended to the Base DN
app.config['LDAP_GROUP_DN'] = 'ou=people'

# The RDN attribute for your user schema on LDAP 
app.config['LDAP_USER_RDN_ATTR'] = 'dn' 

# The Attribute you want users to authenticate to LDAP with. 
app.config['LDAP_USER_LOGIN_ATTR'] = 'myguid' 

# The Username to bind to LDAP with 
app.config['LDAP_BIND_USER_DN'] = "myguid=myusername,ou=people,ou=intranet,dc=mydreamcorporation,dc=com"

# The Password to bind to LDAP with 
app.config['LDAP_BIND_USER_PASSWORD'] = my_password 

login_manager = LoginManager(app)              # Setup a Flask-Login Manager
ldap_manager = LDAP3LoginManager(app)          # Setup a LDAP3 Login Manager

@app.route('/', methods=['POST','GET'])
def manual_login(my_login=my_login, my_password=my_password):
    result = app.ldap3_login_manager.authenticate(my_login, my_password)
    return str(result.status)

Unfortunately I have as a script result:

AuthenticationResponseStatus.fail

I think the problem is in wrong configuration, but I cannot find where :(

I tried to add:

app.config['LDAP_USER_SEARCH_SCOPE'] = 'SUBTREE'
app.config['LDAP_ALWAYS_SEARCH_BIND'] = 1

but it didn't help and I have a message:

invalid class in objectClass attribute: group

After Gabriel Luci comment I have change my settings to:

app.config['LDAP_BASE_DN'] = "ou=intranet"
app.config['LDAP_USER_DN'] = "myguid=myusername,ou=people,ou=intranet,dc=mydreamcorporation,dc=com"
#app.config['LDAP_GROUP_DN'] = 'ou=people'
app.config['LDAP_USER_RDN_ATTR'] = 'cn' 
app.config['LDAP_USER_LOGIN_ATTR'] = 'uid' 
app.config['LDAP_BIND_USER_DN'] = "myguid=myusername"

And now I have the same

AuthenticationResponseStatus.fail

And in console:

LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - None - bindResponse - None

Solution

  • I have an answer to the question. Problem was solved by adding: app.config['LDAP_SEARCH_FOR_GROUPS'] = False

    Final config:

    app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret'
app.config['DEBUG'] = True

my_login = "myusername"
my_password = "password"

app.config['LDAP_HOST'] = 'ldaps://ids.mydream-corporation.com'
app.config['LDAP_PORT'] = 636
app.config['LDAP_BASE_DN'] = "dc=mydreamcorporation,dc=com"
app.config['LDAP_USER_DN'] = "ou=people,ou=intranet"
app.config['LDAP_USER_LOGIN_ATTR'] = 'myguid'
app.config['LDAP_BIND_USER_DN'] = "myguid=myusername,ou=people,ou=intranet,dc=mydreamcorporation,dc=com"
app.config['LDAP_BIND_USER_PASSWORD'] = my_password
app.config['LDAP_USER_SEARCH_SCOPE'] = 'SUBTREE'
app.config['LDAP_SEARCH_FOR_GROUPS'] = False

login_manager = LoginManager(app)              # Setup a Flask-Login Manager
ldap_manager = LDAP3LoginManager(app)          # Setup a LDAP3 Login Manager

@app.route('/', methods=['POST','GET'])
def manual_login(my_login=my_login, my_password=my_password):
    result = app.ldap3_login_manager.authenticate(my_login, my_password)
    return str(result.status)

    Finally I have as a script result:

    AuthenticationResponseStatus.success