Thursday, July 8, 2021

Django Authentication using LDAP Users

 Django Login with LDAP users

LDAP was designed to share common access details between applications. If a user is created in the LDAP server, the user does not need to register in other applications. You can use LDAP user credentials to login to the other apps.

All major applications provide configuration options with LDAP. Suppose you use Gitlab for your code repository manager. Gitlab provides configuration option with LDAP, it means you can log into the Gitlab with LDAP users. You do not need to register in the Gitlab for your login. Of course you can register there to login but why to do multiple registrations when you can manage multiple applications access using single database.

Similarly if you are developing a web application in Django. You can use Postgres or Sqlite database for your application but if the users who are going to register in the application already registered in LDAP, we can simply configure Django with LDAP and use LDAP credentials to log into Django Application.

Here is the method to configure Django with LDAP.

1. Create a virtual environment with Python. Here I have used Python 3.8.2

virtualenv djangoldap -p /usr/bin/python3

2. Activate the environment.

cd djangoldap && source bin/activate

3. Install Django Auth Ldap Module. I have used version 2.0.0

pip install django-auth-ldap==2.0.0

4. Now install Django 2. You can also install Django 1. It depends on your requirements.

pip install django==2.1.5

5. Now create a Django project using django-admin command. My project name is ldappro.

django-admin startproject ldappro

6. Run the Migrations

cd ldappro && python manage.py migrate

7. Add the LDAP configuration in the settings.py at bottom of the page below STATIC_URL

import ldap
from django_auth_ldap.config import LDAPSearch, LDAPGroupQuery,GroupOfNamesType,PosixGroupType

AUTH_LDAP_SERVER_URI = 'ldap://localhost'
AUTH_LDAP_BIND_DN = 'cn=admin,dc=example,dc=com'
AUTH_LDAP_BIND_PASSWORD = 'YourLDAPPassword'
AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=example,dc=com',ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch('dc=example,dc=com',ldap.SCOPE_SUBTREE, '(objectClass=top)')
AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr="cn")
AUTH_LDAP_MIRROR_GROUPS = True

    # Populate the Django user from the LDAP directory.
AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=groups,dc=example,dc=com"

AUTH_LDAP_USER_ATTR_MAP = {
        "first_name": "givenName",
        "last_name": "sn",
        "email": "mail",
        "username": "uid",
        "password": "userPassword",
}
AUTH_LDAP_PROFILE_ATTR_MAP = {
        "home_directory": "homeDirectory"
}
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
        "is_active": "cn=active,ou=groups,dc=example,dc=com",
        "is_staff": "cn=staff,ou=groups,dc=example,dc=com",
        "is_superuser": "cn=superuser,ou=groups,dc=example,dc=com"
}
    
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_TIMEOUT = 3600
    
AUTH_LDAP_FIND_GROUP_PERMS = True
    
    # Keep ModelBackend around for per-user permissions and maybe a local
    # superuser.
AUTHENTICATION_BACKENDS = (
        'django_auth_ldap.backend.LDAPBackend',
        'django.contrib.auth.backends.ModelBackend',
)

8. Now run the python server.

python manage.py runserver

9. Open phpldapadmin and Create two 'Generic : Organizational Unit' users and groups .

10. Add a generic : Posix Group 'Active' under the OU groups and then add a generic : user account 'John Doe' under OU users. Select GID 'Active' while creating the user account.

11. After creating the user account, add two more objectClasses for the user i.e. person and organizationalPerson.

12. Add a generic : Posix Group 'Enabled' under groups with enabled checkbox of user jdoe.

13. Add a generic : Posix Group 'Staff' under groups with enabled checkbox of user jdoe.

14. Add a generic : Posix Group 'superuser' under groups with enabled checkbox of user jdoe.

15. Once user is added in the all the Posix Groups, we can log into the django using the LDAP user. 

Click on the image to see the bigger view.
 16. Now use the credentials of the user. Username of the user can be found on the user account page of the user and password was already set by you while creating the user.

You should be able to loginto the django using LDAP Credentials.

You can find complete solution in the following video.



Monday, July 5, 2021

JMETER LDAP Extended Request Error - javax.naming.NamingException: context is null

If you are creating a test plan to perform load testing on LDAP server using JMETER, you might have added a sampler 'LDAP Extended Request' in the Thread Group of your Test Plan.

While performing operations such as Add Test, Modify Test, Search Test or Delete Test, if you are getting following error

javax.naming.NamingException: context is null

 Here is the solution for you.

You should not use the sampler 'LDAP Extended Request' for your Performance Test Plan. Add Test, Modify Test and other necessary operations can be performed by another sampler 'LDAP Request' successfully. You will not get above error using this sampler.

Here is the complete guide to perform the Load Testing on LDAP Server using JMETER.


 


LDAP Server Performance Testing by JMETER | LDAP Server Load Testing by JMETER

A guide to perform Load Testing on your LDAP Server by JMETER.

Watch the video to learn all the necessary steps to perform Load Testing on LDAP Server. This is an easy and simple method. Any beginner or intermediate QA Engineer can learn to do performance testing on LDAP Server.

It does not require any scripting. A very basic knowledge of JMETER is enough to perform this automated task.



php LDAP admin Import Sample Users | Import Sample Data LDAP Server

LDAP Server : Import Test Users

php LDAP admin is a user friendly client to operate LDAP server. If you want to use LDAP user data for your task, you might need dummy users. There are multiple reasons such as security policy when real users' data cannot be used for any automated task. 

Here we will see how you can import sample or dummy user data which is same as real data.

Steps :

1. Download zip file of LDIF Generator from here.

2. Extract it and open the software using command

java -jar LDIFGen.jar

3. Add Domain Component (dc) name of your LDAP server in the field "Base added to Generate Records". In my case it was

dc=example, dc=com

4. Number of records can be 500 or 5000 depends on your requirement.

5. Field 'Directory where input data is stored' : This is the path of the 'data' directory which you can find in the extracted LDIF generator folder. 

Make sure D is capital in the path name if it is capital in the extracted folder.

6. Output directory path can be anywhere on the system. Make sure you have write permission in the folder.

7. Click on 'Run' button. An output file output.ldif file will be generated.

8. Open php LDAP Admin and click on import option in the left menu. Select the output.ldif file and click on Proceed.

9. All sample users will be imported into the LDAP server.

You can see the complete procedure in the following video.