I am using Flask-LDAP3 in my website. I have an admin page where I can add people to view secured pages on the site. However, I noticed that if I scroll down where my users are contained, I see computer devices. This made me believe that instead of getting the users from the user directory in active directory, that its at the top level getting users, computers, etc.
from flask_ldap3_login import LDAP3LoginManager
from flask_login import LoginManager, login_user, UserMixin, current_user
from flask import render_template_string, redirect
from flask_ldap3_login.forms import LDAPLoginForm
app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret'
app.config['DEBUG'] = True
# Setup LDAP Configuration Variables. Change these to your own settings.
# All configuration directives can be found in the documentation.
# Hostname of your LDAP Server
app.config['LDAP_HOST'] = 'ad.mydomain.com'
# Base DN of your directory
app.config['LDAP_BASE_DN'] = 'dc=mydomain,dc=com'
# Users DN to be prepended to the Base DN
app.config['LDAP_USER_DN'] = 'cn=users'
# The RDN attribute for your user schema on LDAP
app.config['LDAP_USER_RDN_ATTR'] = 'CN'
# The Attribute you want users to authenticate to LDAP with.
app.config['LDAP_USER_LOGIN_ATTR'] = 'mail'
# The Username to bind to LDAP with
app.config['LDAP_BIND_USER_DN'] = 'user@mydomain.com'
# The Password to bind to LDAP with
app.config['LDAP_BIND_USER_PASSWORD'] = 'password'
login_manager = LoginManager(app) # Setup a Flask-Login Manager
ldap_manager = LDAP3LoginManager(app) # Setup a LDAP3 Login Manager.
# Create a dictionary to store the users in when they authenticate
# This example stores users in memory.
users = {}
Everything seems to look good to me. I thought the part where it has app.config['LDAP_USER_DN'] = 'cn=users' specifies to go to that specific directory, Users, and only get from there not the entire top level..
Top Level -> Computers -> Users
Has anyone faced this?
I tried adding config['LDAP_USER_SEARCH_SCOPE'] = 'SUBTREE', but I still see items from Computers...
from Flask-LDAP3 Subtree acess
No comments:
Post a Comment