From f752c5f40426be4dd20494e7a553eea1da39237b Mon Sep 17 00:00:00 2001 From: Alessandro Mariotti Date: Wed, 18 Mar 2020 19:45:12 +0100 Subject: [PATCH 1/2] Fix how BIND_AS_AUTHENTICATING_USER is used, now it does what it says --- django_auth_ldap/backend.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/django_auth_ldap/backend.py b/django_auth_ldap/backend.py index 1908096b..069ff431 100644 --- a/django_auth_ldap/backend.py +++ b/django_auth_ldap/backend.py @@ -476,13 +476,14 @@ def _authenticate_user_dn(self, password): Binds to the LDAP server with the user's DN and password. Raises AuthenticationFailed on failure. """ - if self.dn is None: + if not self.settings.BIND_AS_AUTHENTICATING_USER and self.dn is None: raise self.AuthenticationFailed("failed to map the username to a DN.") try: - sticky = self.settings.BIND_AS_AUTHENTICATING_USER - - self._bind_as(self.dn, password, sticky=sticky) + if self.settings.BIND_AS_AUTHENTICATING_USER: + self._bind_as(self._username, password) + else: + self._bind_as(self.dn, password) except ldap.INVALID_CREDENTIALS: raise self.AuthenticationFailed("user DN/password rejected by LDAP server.") From b4945944c3616b7a5e58ab40ff543475665e3aef Mon Sep 17 00:00:00 2001 From: Alessandro Mariotti Date: Wed, 18 Mar 2020 19:55:59 +0100 Subject: [PATCH 2/2] Stiky is true now --- django_auth_ldap/backend.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/django_auth_ldap/backend.py b/django_auth_ldap/backend.py index 069ff431..7cf9b328 100644 --- a/django_auth_ldap/backend.py +++ b/django_auth_ldap/backend.py @@ -481,7 +481,7 @@ def _authenticate_user_dn(self, password): try: if self.settings.BIND_AS_AUTHENTICATING_USER: - self._bind_as(self._username, password) + self._bind_as(self._username, password, sticky=True) else: self._bind_as(self.dn, password) except ldap.INVALID_CREDENTIALS: