Index: accounts/backends.py =================================================================== --- accounts/backends.py (revision 1570) +++ accounts/backends.py (working copy) @@ -69,14 +69,22 @@ ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) if settings.LDAP_TLS: ldapo.start_tls_s() - ldapo.simple_bind_s(settings.LDAP_UID_MASK % username, password) + search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_ONELEVEL, + settings.LDAP_UID_MASK % username ) + ldapo.bind_s(search[0][0], password) + return self.get_or_create_user(username) except ImportError: pass except ldap.INVALID_CREDENTIALS: + logging.warning("LDAP error: The specified object does not " + "exist in the Directory: %s" % + settings.LDAP_UID_MASK % username) pass + except ldap.LDAPError, e: + logging.warning("LDAP error: %s" % e) def get_or_create_user(self, username): try: @@ -88,11 +96,12 @@ ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) if settings.LDAP_TLS: ldapo.start_tls_s() - ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, - settings.LDAP_ANON_BIND_PASSWD) + if settings.LDAP_ANON_BIND_UID: + ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, + settings.LDAP_ANON_BIND_PASSWD) - passwd = ldapo.search_s(settings.LDAP_UID_MASK % username, - ldap.SCOPE_SUBTREE, "objectclass=*") + passwd = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_ONELEVEL, + settings.LDAP_UID_MASK % username ) first_name = passwd[0][1]['givenName'][0] last_name = passwd[0][1]['sn'][0] @@ -119,7 +128,9 @@ "exist in the Directory: %s" % settings.LDAP_UID_MASK % username) except ldap.LDAPError, e: - logging.warning("LDAP error: %s" % e) + logging.warning("LDAP error: %s settings.LDAP_BASE_DN: %s " + "settings.LDAP_UID_MASK: %s" % + (e, settings.LDAP_BASE_DN, settings.LDAP_UID_MASK % username)) return user def get_user(self, user_id): Index: admin/forms.py =================================================================== --- admin/forms.py (revision 1570) +++ admin/forms.py (working copy) @@ -79,8 +79,15 @@ help_text=_("The LDAP server to authenticate with. " "For example: ldap://localhost:389")) + auth_ldap_base_dn = forms.CharField( + label=_("LDAP Base DN"), + help_text=_("The LDAP Base DN for performing LDAP searches. For example: " + "ou=users,dc=example,dc=com"), + required=True) + auth_ldap_email_domain = forms.CharField( - label=_("E-Mail Domain")) + label=_("E-Mail Domain"), + help_text=_("This is appened to the login username as the users email address.")) auth_ldap_tls = forms.BooleanField( label=_("Use TLS for authentication"), @@ -91,7 +98,7 @@ initial="uid=%s,ou=users,dc=example,dc=com", help_text=_("The string representing the user. Use \"%(varname)s\" " "where the username would normally go. For example: " - "uid=%(varname)s,ou=users,dc=example,dc=com") % + "(uid=%(varname)s)") % {'varname': '%s'}) auth_ldap_anon_bind_uid = forms.CharField( @@ -135,6 +142,7 @@ self.disabled_fields['auth_ldap_uri'] = True self.disabled_fields['auth_ldap_email_domain'] = True self.disabled_fields['auth_ldap_tls'] = True + self.disabled_fields['auth_ldap_base_dn'] = True self.disabled_fields['auth_ldap_uid_mask'] = True self.disabled_fields['auth_ldap_anon_bind_uid'] = True self.disabled_fields['auth_ldap_anon_bind_password'] = True @@ -232,6 +240,7 @@ 'classes': ('wide', 'hidden'), 'title': _("LDAP Authentication Settings"), 'fields': ('auth_ldap_uri', + 'auth_ldap_base_dn', 'auth_ldap_email_domain', 'auth_ldap_tls', 'auth_ldap_uid_mask', Index: admin/siteconfig.py =================================================================== --- admin/siteconfig.py (revision 1570) +++ admin/siteconfig.py (working copy) @@ -29,6 +29,7 @@ 'auth_ldap_anon_bind_passwd': 'LDAP_ANON_BIND_PASSWD', 'auth_ldap_email_domain': 'LDAP_EMAIL_DOMAIN', 'auth_ldap_tls': 'LDAP_TLS', + 'auth_ldap_base_dn': 'LDAP_BASE_DN', 'auth_ldap_uid_mask': 'LDAP_UID_MASK', 'auth_ldap_uri': 'LDAP_URI', 'auth_nis_email_domain': 'NIS_EMAIL_DOMAIN',