"LDAP user attributes empty" AFTER "LDAP connect succeeded"

[SeanFromOhio]

I am having problems with getting my Django authentication system working with Active Directory.
I am able to sign in and it says LDAP connect succeeded, but then it fails and prints that 'LDAP user attributes empty.'

I was able to connect and see attributes when doing it in a Python Console using ldap3.
I've tried changing the OBJECT_CLASS to be 'person', 'user', 'inetOrgPerson', 'top' but all yield the same result.

Any ideas would be appreciated!

Settings (***** indicates sensitive info):
`AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'django_python3_ldap.auth.LDAPBackend',
)

LDAP_AUTH_URL = 'ldap://:389'
LDAP_AUTH_CONNECTION_USERNAME = ''
LDAP_AUTH_CONNECTION_PASSWORD = '*****' # TODO: Secure this!!!
LDAP_AUTH_FORMAT_USERNAME = 'django_python3_ldap.utils.format_username_active_directory'
LDAP_AUTH_USER_FIELDS = {
"username": "sAMAccountName",
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
LDAP_AUTH_SEARCH_BASE = 'dc=priv,dc=*****g,dc=co'
LDAP_AUTH_OBJECT_CLASS = "user"
LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)
LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"
LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"
LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"

LOGGING = {
"version": 1,
"disable_existing_loggers": False,
"handlers": {
"console": {
"class": "logging.StreamHandler",
},
},
"loggers": {
"django_python3_ldap": {
"handlers": ["console"],
"level": "INFO",
},
},
}`

[etianen]

I was able to connect and see attributes when doing it in a Python Console using ldap3

Any chance you could share the full user fields? It's likely you can get the correct LDAP_AUTH_OBJECT_CLASS from fiddling around with ldap3 and seeing what info is there

[SeanFromOhio]

conn.search('CN=Users,DC=priv,DC=,DC=co', '(CN=Sean Roberts)', attributes=[ALL_ATTRIBUTES])
True
print(conn.entries)
[DN: CN=Sean Roberts,CN=Users,DC=priv,DC=,DC=co - STATUS: Read - READ TIME: 2022-09-20T13:17:44.906703
accountExpires: 9999-12-31 23:59:59.999999+00:00
badPasswordTime: 2022-09-06 19:00:36.084295+00:00
badPwdCount: 1
c:
cn: Sean Roberts
co:
codePage: 0
company:
countryCode: 840
dSCorePropagationData: 2021-05-12 23:29:48+00:00
1601-01-01 00:00:01+00:00
departmentNumber: Risk
description: Quantitative Programmer: Created by issue DSD-7392 on 2021-05-03
displayName: Sean Roberts
distinguishedName: CN=Sean Roberts,CN=Users,DC=priv,DC=,DC=co
extensionName:
givenName: Sean
instanceType: 4
lastLogoff: 1601-01-01 00:00:00+00:00
lastLogon: 2022-07-01 18:10:49.779312+00:00
lastLogonTimestamp: 2022-09-12 22:40:02.818800+00:00
lockoutTime: 1601-01-01 00:00:00+00:00
logonCount: 299
mS-DS-ConsistencyGuid:
mail:
manager: CN=Users,DC=priv,DC=,DC=co
memberOf:
mobile:
msExchPoliciesExcluded:
name: Sean Roberts
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=priv,DC=,DC=co
objectClass: top
person
organizationalPerson
user
objectGUID:
objectSid:
physicalDeliveryOfficeName: 216
primaryGroupID: 513
proxyAddresses:
pwdLastSet: 2021-05-09 02:13:02.971254+00:00
sAMAccountName: sroberts
sAMAccountType: 805306368
sn: Roberts
telephoneNumber:
title: Quantitative Programmer
uSNChanged:
uSNCreated:
userAccountControl:
userCertificate:
userPrincipalName:
whenChanged: 2022-09-19 14:53:42+00:00
whenCreated: 2021-04-21 16:17:24+00:00
]

[SeanFromOhio]

Hi @etianen, above is what I see when using LDAP3. I see the objectClass with 4 values of top, person, organizationalPerson, and user.

Maybe I'm missing something, so please provide any guidance you can. Thank you for your help!
Btw, I left some fields intentionally blank in the returned result.

[etianen]

Your call to conn.search('CN=Users,DC=priv,DC=,DC=co', '(CN=Sean Roberts)', attributes=[ALL_ATTRIBUTES]) was using CN=Users,DC=priv,DC=,DC=co as the search base, but your django settings use 'dc=priv,dc=*****g,dc=co', Try updating LDAP_AUTH_SEARCH_BASEto match the successful search base in your call toconn.search`