No confirmation of authenticate(username=username, password=password) in django-python3-ldap

问题

I'm trying to develop what should be a relative simple web application that requests a user to log in via LDAP, then if successfully logged in, the user can then search for another user(s) in the LDAP server. It's an application for admin people. The code so far creates/binds to the ldap server, and upon finding the searched user, a different page is displayed showing the user's credentials. Connectivity via the correct credentials has been confirmed via the ldap3library.

On the second webpage displaying the credentials of the searched user (his username, email, mobile number etc.), there is a search box, so that that the user can search again for another user. Therefore login is not required again. The problem I have now is how to remain logged in via ldap, so that the user only needs to input the searched user (and not again his username and password).

My code:

settings.py

ALLOWED_HOSTS = ['127.0.0.1']

LDAP_AUTH_URL = 'ldap://10.253.53.53:389'                   
LDAP_AUTH_USE_TLS = None                                   # Initiate TLS on connection.
LDAP_AUTH_SEARCH_BASE = 'dc=vkbads,dc=de'  # The LDAP search base for looking up users.
LDAP_AUTH_OBJECT_CLASS = 'inetOrgPerson'                    # The LDAP class that represents a user.
LDAP_AUTH_USER_FIELDS = {
    "username": "cn",
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}

#LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)
LDAP_AUTH_USER_LOOKUP_FIELDS = ("cn",)
LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"
LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"
LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"
LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"
LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = 'COMPANY'
LDAP_AUTH_CONNECTION_USERNAME = None
#LDAP_AUTH_CONNECTION_USERNAME = 'COMPANY\\e000520'
LDAP_AUTH_CONNECTION_PASSWORD = None 
LDAP_AUTH_CONNECT_TIMEOUT = None
LDAP_AUTH_RECEIVE_TIMEOUT = None
AUTHENTICATION_BACKENDS = (  
    'django_python3_ldap.auth.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

views.py

def ldap_login(request): #This corresponds to my homepage
    if request.POST:
        username = request.POST['username']
        password = request.POST['password']
        print ("username: {0}".format(username))
        print ("password: {0}".format(password))
        ldap_auth_search_dn = '{}\\{}'.format(settings.LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN, username)    
        print ("ldap_auth_search_dn: {0}".format(ldap_auth_search_dn))

        user = authenticate(username=username, password=password)
        #user = authenticate(username=ldap_auth_search_dn, password=password)
        print ("user: {0}".format(user))
        #login(request, user, backend='django_python3_ldap.auth.LDAPBackend')
        # Test return values
        if user and user.is_active:
            print ("user.is_active!!")
            login(request, user, backend='django_python3_ldap.auth.LDAPBackend')

    return render(request, 'login_ldap.html')

The weird thing is no error messages are been thrown, but then the functionality of my code is not working as expected either. At first, I was unable to connect properly and was receiving: CommandError: Could not connect to LDAP server

But then figured out due to some friendly advice that I need to change my settings to accomodate for AD and not OpenLDAP. Btw, I'm using Python3 and Django1.11.

This leads to me a few questions about my configuration:

1. Note the print statements in the view.py. These are to verify the un/pw, and user status. When runserveris executed, the usual Django output is given ("Performing system checks..." etc.) Then surprisingly the following are given once a refresh of the homepage is made: username: last_username_I_input password: last_password_I_input ldap_auth_search_dn: COMPANY\ last_username_I_input user: None (i) Why are my last credentials being used, before I even input these details into the fields in my web page? Why are my last credentials stored and is there a way to somehow reset these automatically? I tried a "python manage.py flush", which seems to work. Only when a ctrl+c doesn't seem to flush the credentials. (ii) Even when I input the un/pw credentials on my page and click login, and the print statements then show the new (and correct) credentials, the "user" is still None, but I don't understand why. Why is my user credentials not authenticating?

2. Admittedly I'm no Django nor LDAP expert, so some of the settings are still unclear to me. Perhaps a better understanding could help me to achieve a correct configuration: (i) What is correct parameter for LDAP_AUTH_USE_TLS? (ii) How should a LDAP_AUTH_SEARCH_BASE normally look like? Does it include for example the "ou"? (iii) should LDAP_AUTH_CONNECTION_USERNAME and LDAP_AUTH_CONNECTION_PASSWORD contain a un/pw, if these are the very things being requested on my login page? (iv) The contents of LDAP_AUTH_OBJECT_CLASS are unclear to me, and I'm not sure what parameter should be included here. Any tips? (v) Same as (iv), but for LDAP_AUTH_USER_FIELDS?

来源：https://stackoverflow.com/questions/47134288/no-confirmation-of-authenticateusername-username-password-password-in-django