I'm working on a Django-based application in a corporate environment and would like to use the existing Active Directory system for authentication of users (so they don't get yet another login/password combo). I would also like to continue to use Django's user authorization / permission system to manage user capabilities.

Does anyone have a good example of this?

Here's another more recent snippet (July 2008, updated Dec 2015):

Authentication Against Active Directory (LDAP) over SSL

The link provided by Jeff indeed works though it assumes you have a you have a default group where users are added to. I simply replaced:

group=Group.objects.get(pk=1)

by

group,created=Group.objects.get_or_create(name="everyone")

If you want tighter integration & more features there is also django-auth-ldap which gives you you more control over how ldap users/group are mapped onto django users/groups.

For debugging the ldap connection I found this blog post useful, in particular the command for testing the ldap connection with ldap-utils:

ldapsearch -H ldaps://ldap-x.companygroup.local:636 -D "CN=Something LDAP,OU=Random Group,DC=companygroup,DC=local" -w "p4ssw0rd" -v -d 1

If you are using ssl there is also the issue of getting hold of a certificate will play nice with. Either you extract it from the server, or you can follow these instructions to generate your own.

How about that? Did you try that one?

http://www.djangosnippets.org/snippets/501/

I had the same problem, and noticed that django-auth-ldap does not support SASL at all -> plain text passwords over the connection if TSL is not available.

Here is what i did for the problem: https://github.com/susundberg/django-auth-ldap-ad

You can subclass the django-auth-ldap backend to add AD capabilities over with SASL or Kerberos or whatever. Here's a 2018 example working in Django 2.1:

https://partofthething.com/thoughts/authenticating-and-populating-users-in-django-using-a-windows-active-directory-and-sasl/