0

I am trying to use LDAP Authentication in Python Flask.

Here's my test page, taken from SimpleLDAP official documentation:

from flask import Flask, g, request, session, redirect, url_for
from flask_simpleldap import LDAP

app = Flask(__name__)
app.secret_key = 'dev key'
app.debug = True

#app.config['LDAP_USE_SSL'] = True
app.config['LDAP_HOST'] = 'my-dc-server'
app.config['LDAP_BASE_DN'] = 'OU=-my-ou,dc=my,dc=domain,dc=com'
app.config['LDAP_USERNAME'] = 'CN=my-domain-admin-working-user,OU=my-ou,DC=my,DC=domain,DC=com'
app.config['LDAP_PASSWORD'] = 'my-domain-admin-working-password'

ldap = LDAP(app)

@app.route('/')
@ldap.basic_auth_required
def index():
    return 'Welcome, {0}!'.format(g.ldap_username)

if __name__ == '__main__':
    app.debug = True
    app.run(host='0.0.0.0', port=8000)

If I input a working domain user into the popup I always get:

Traceback (most recent call last):
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 2309, in __call__
    return self.wsgi_app(environ, start_response)
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 2295, in wsgi_app
    response = self.handle_exception(e)
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 1741, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/_compat.py", line 35, in reraise
    raise value
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 2292, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 1815, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 1718, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/_compat.py", line 35, in reraise
    raise value
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 1813, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask_simpleldap/__init__.py", line 386, in wrapped
    if not self.bind_user(req_username, req_password):
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask_simpleldap/__init__.py", line 152, in bind_user
    user_dn = self.get_object_details(user=username, dn_only=True)
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask_simpleldap/__init__.py", line 185, in get_object_details
    conn = self.bind
  File "/home/ubuntu/ipcatalogue_env/lib/python3.5/site-packages/flask_simpleldap/__init__.py", line 129, in bind
    raise LDAPException(self.error(e.args))
flask_simpleldap.LDAPException: Invalid credentials

Domain user/password have been tested using RDP to my-dc-server and work fine.

I've tried using LDAP_USE_SSL = True or with commenting it (as in example), same result.

What am I missing?

UPDATE:

from flask import Flask, g, request, session, redirect, url_for
from flask_simpleldap import LDAP

app = Flask(__name__)
app.secret_key = 'dev key'
app.debug = True

app.config['LDAP_HOST'] = 'my-dc-server'
app.config['LDAP_BASE_DN'] = 'OU=-my-ou,dc=my,dc=domain,dc=com'
app.config['LDAP_USERNAME'] = 'my-domain\\my-domain-admin-working-user'
app.config['LDAP_PASSWORD'] = 'my-domain-admin-working-password'

ldap = LDAP(app)

@app.route('/')
@ldap.basic_auth_required
def index():
    return 'Welcome, {0}!'.format(g.ldap_username)

if __name__ == '__main__':
    app.debug = True
    app.run(host='0.0.0.0', port=8000)

With the new code I now obtain:

/lib/python3.5/site-packages/flask_simpleldap/__init__.py", line 201, in get_object_details
raise LDAPException(self.error(e.args))
flask_simpleldap.LDAPException: No such object
Improve this question
2
  • Are you using the correct form to specify you credentials? Is there some strange charachter in your password that might need to be escaped? Commented Jun 12, 2018 at 8:27
  • Hi @Jonathan I've super simplified my password. In the last test I'm using only A-z letters and numbers. No special characters, nothing else. Commented Jun 12, 2018 at 9:00

1 Answer 1

Reset to default
1

Try specifying the username as specified here: User Name Formats

Both formats were working fine for me with your provided code.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Hi @HelmuthB and thanks for using your time to help. I've tried logging in as: user vagrant password vagrant - standard superuser for a vagrant machine and also domain admin and it returns me the same error. So I tried domainname\vagrant and same password, same error. If I login to the server using this user / password it works fine. What am I missing?
I'm super sorry for the confusion. What I meant were the credentials in LDAP: app.config['LDAP_USERNAME'] = 'my-domain\\my-domain-admin-working-user'
Hi @HelmutB and sorry for the delay. I've just updated my question with new results...

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.