docs/source/usage/ldap.rst

   1 LDAP
   2 ====
   3
   4 This is a tentative guide to using LDAP authentication in GWM.
   5
   6 First, add ``django_auth_ldap.backend.LDAPBackend`` to
   7 ``AUTHENTICATION_BACKENDS`` in your ``settings.py`` file.
   8
   9 Then, add something like the following snippet, and adjust to taste:
  10
  11 ::
  12
  13     # LDAP Authentication via django-auth-ldap
  14     # If you need to debug your configuration, see:
  15     #       http://packages.python.org/django-auth-ldap/#logging
  16     # Set AUTH_LDAP_SERVER_URI to the server you will authenticate against.
  17     # If you want to bind as a specific user, update AUTH_LDAP_BIND_DN and
  18     #       AUTH_LDAP_BIND_PASSWORD appropriately.  Leave blank to bind
  19     #       anonymously.
  20     # Specify where to search in LDAP via AUTH_LDAP_USER_SEARCH.
  21     # You can also define user attributes based on those found in LDAP.
  22     #       Update AUTH_LDAP_USER_ATTR_MAP as needed.
  23     import ldap
  24     from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
  25     AUTH_LDAP_SERVER_URI = "ldaps://ldap.example.com"
  26     AUTH_LDAP_BIND_DN = ""
  27     AUTH_LDAP_BIND_PASSWORD = ""
  28     AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People,dc=example,dc=com",
  29             ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
  30     AUTH_LDAP_USER_ATTR_MAP = {
  31         "fist_name": "givenName",
  32         "last_name": "sn",
  33         "email": "mail"
  34     }
  35
  36     # If you want to perform group-based authorization, update the
  37     # following as needed.
  38     # You can set user flags based on group membership via
  39     #       AUTH_LDAP_USER_FLAGS_BY_GROUP.
  40     # You can also require the user be a member of a group so as to be
  41     # authorized to log in.  Likewise, you can ban users based on group
  42     # membership.
  43     AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Group,dc=example,dc=com",
  44             ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames")
  45     AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
  46     AUTH_LDAP_USER_FLAGS_BY_GROUP = {
  47         "is_active": "cn=Operators,ou=Group,dc=example,dc=com",
  48         "is_staff": "cn=Staff,ou=Group,dc=example,dc=com",
  49         "is_superuser": "cn=Privileged,ou=Group,dc=example,dc=com",
  50     }
  51     AUTH_LDAP_REQUIRE_GROUP = "cn=Operators,ou=Group,dc=example,dc=com"
  52     AUTH_LDAP_DENY_GROUP = "cn=Banned,ou=Group,dc=example,dc=com"