Thursday, July 8, 2021

Django Authentication using LDAP Users

 Django Login with LDAP users

LDAP was designed to share common access details between applications. If a user is created in the LDAP server, the user does not need to register in other applications. You can use LDAP user credentials to login to the other apps.

All major applications provide configuration options with LDAP. Suppose you use Gitlab for your code repository manager. Gitlab provides configuration option with LDAP, it means you can log into the Gitlab with LDAP users. You do not need to register in the Gitlab for your login. Of course you can register there to login but why to do multiple registrations when you can manage multiple applications access using single database.

Similarly if you are developing a web application in Django. You can use Postgres or Sqlite database for your application but if the users who are going to register in the application already registered in LDAP, we can simply configure Django with LDAP and use LDAP credentials to log into Django Application.

Here is the method to configure Django with LDAP.

1. Create a virtual environment with Python. Here I have used Python 3.8.2

virtualenv djangoldap -p /usr/bin/python3

2. Activate the environment.

cd djangoldap && source bin/activate

3. Install Django Auth Ldap Module. I have used version 2.0.0

pip install django-auth-ldap==2.0.0

4. Now install Django 2. You can also install Django 1. It depends on your requirements.

pip install django==2.1.5

5. Now create a Django project using django-admin command. My project name is ldappro.

django-admin startproject ldappro

6. Run the Migrations

cd ldappro && python manage.py migrate

7. Add the LDAP configuration in the settings.py at bottom of the page below STATIC_URL

import ldap
from django_auth_ldap.config import LDAPSearch, LDAPGroupQuery,GroupOfNamesType,PosixGroupType

AUTH_LDAP_SERVER_URI = 'ldap://localhost'
AUTH_LDAP_BIND_DN = 'cn=admin,dc=example,dc=com'
AUTH_LDAP_BIND_PASSWORD = 'YourLDAPPassword'
AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=example,dc=com',ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch('dc=example,dc=com',ldap.SCOPE_SUBTREE, '(objectClass=top)')
AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr="cn")
AUTH_LDAP_MIRROR_GROUPS = True

    # Populate the Django user from the LDAP directory.
AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=groups,dc=example,dc=com"

AUTH_LDAP_USER_ATTR_MAP = {
        "first_name": "givenName",
        "last_name": "sn",
        "email": "mail",
        "username": "uid",
        "password": "userPassword",
}
AUTH_LDAP_PROFILE_ATTR_MAP = {
        "home_directory": "homeDirectory"
}
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
        "is_active": "cn=active,ou=groups,dc=example,dc=com",
        "is_staff": "cn=staff,ou=groups,dc=example,dc=com",
        "is_superuser": "cn=superuser,ou=groups,dc=example,dc=com"
}
    
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_TIMEOUT = 3600
    
AUTH_LDAP_FIND_GROUP_PERMS = True
    
    # Keep ModelBackend around for per-user permissions and maybe a local
    # superuser.
AUTHENTICATION_BACKENDS = (
        'django_auth_ldap.backend.LDAPBackend',
        'django.contrib.auth.backends.ModelBackend',
)

8. Now run the python server.

python manage.py runserver

9. Open phpldapadmin and Create two 'Generic : Organizational Unit' users and groups .

10. Add a generic : Posix Group 'Active' under the OU groups and then add a generic : user account 'John Doe' under OU users. Select GID 'Active' while creating the user account.

11. After creating the user account, add two more objectClasses for the user i.e. person and organizationalPerson.

12. Add a generic : Posix Group 'Enabled' under groups with enabled checkbox of user jdoe.

13. Add a generic : Posix Group 'Staff' under groups with enabled checkbox of user jdoe.

14. Add a generic : Posix Group 'superuser' under groups with enabled checkbox of user jdoe.

15. Once user is added in the all the Posix Groups, we can log into the django using the LDAP user. 

Click on the image to see the bigger view.
 16. Now use the credentials of the user. Username of the user can be found on the user account page of the user and password was already set by you while creating the user.

You should be able to loginto the django using LDAP Credentials.

You can find complete solution in the following video.



Monday, July 5, 2021

JMETER LDAP Extended Request Error - javax.naming.NamingException: context is null

If you are creating a test plan to perform load testing on LDAP server using JMETER, you might have added a sampler 'LDAP Extended Request' in the Thread Group of your Test Plan.

While performing operations such as Add Test, Modify Test, Search Test or Delete Test, if you are getting following error

javax.naming.NamingException: context is null

 Here is the solution for you.

You should not use the sampler 'LDAP Extended Request' for your Performance Test Plan. Add Test, Modify Test and other necessary operations can be performed by another sampler 'LDAP Request' successfully. You will not get above error using this sampler.

Here is the complete guide to perform the Load Testing on LDAP Server using JMETER.


 


LDAP Server Performance Testing by JMETER | LDAP Server Load Testing by JMETER

A guide to perform Load Testing on your LDAP Server by JMETER.

Watch the video to learn all the necessary steps to perform Load Testing on LDAP Server. This is an easy and simple method. Any beginner or intermediate QA Engineer can learn to do performance testing on LDAP Server.

It does not require any scripting. A very basic knowledge of JMETER is enough to perform this automated task.