-
Notifications
You must be signed in to change notification settings - Fork 149
LDAP
The following is an example configuration file for RatticDB, add this to your local_settings.py file.
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
# LDAP server details
AUTH_LDAP_SERVER_URI="ldap://localhost"
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
# User parameters
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=django,ou=groups,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)")
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
# How do I find staff
AUTH_LDAP_STAFF_GROUP = "cn=staff,ou=groups,dc=example,dc=com"
This line configures the LDAP server location and connection settings. You can specify the port, whether to use SSL and other things.
The user to bind as before the user logs in. Use this if your server does not let you search for users with an anonymous bind.
The password for the AUTH_LDAP_BIND_DN user.
Here you tell us how to to find the users in your LDAP database. Anyone not found by this query will not be able to login.
Here you tell us how to find the groups that RatticDB will use.
This defines the type of group that RatticDB will read. Supported groups are:
-
PosixGroupType
-
MemberDNGroupType
-
NestedMemberDNGroupType
-
GroupOfNamesType
-
NestedGroupOfNamesType
-
GroupOfUniqueNamesType
-
NestedGroupOfUniqueNamesType
-
ActiveDirectoryGroupType
-
NestedActiveDirectoryGroupType
Make sure you alter the import line to import the required name.
People in this group will be treated as staff members and thus able to access the 'Staff Management' page and related staff functionality.
If your LDAP server does not allow users to change their own passwords according to RFC3062 you should set this to false. If you want users to be able to change their LDAP passwords then you should enable this.