-
Notifications
You must be signed in to change notification settings - Fork 149
LDAP
The following is an example configuration file for RatticDB. Add this to your local.cfg file.
[ldap]
# LDAP server details
uri = ldap://localhost
# User parameters
userbase = ou=users,dc=example,dc=com
userfilter = (uid=%(user)s)
# Set up the basic group parameters.
groupbase = ou=django,ou=groups,dc=example,dc=com
groupfilter = (objectClass=groupOfNames)
grouptype = GroupOfNamesType
# How do I find staff
staff = cn=staff,ou=groups,dc=example,dc=com
This line configures the LDAP server location and connection settings. You can specify the port, whether to use SSL and other things.
The user to bind as before the user logs in. Use this if your server does not let you search for users with an anonymous bind.
The password for the AUTH_LDAP_BIND_DN user.
The base to search for users in.
A filter which when searched on userbase, will only return users.
A base to search for groups in.
A filter when search on groupfilter, will only return groups of the type in grouptype.
This defines the type of group that RatticDB will read. Supported groups are:
-
PosixGroupType
-
MemberDNGroupType
-
NestedMemberDNGroupType
-
GroupOfNamesType
-
NestedGroupOfNamesType
-
GroupOfUniqueNamesType
-
NestedGroupOfUniqueNamesType
-
ActiveDirectoryGroupType
-
NestedActiveDirectoryGroupType
People in this group will be treated as staff members and thus able to access the 'Staff Management' page and related staff functionality.
If your LDAP server does not allow users to change their own passwords according to RFC3062 you should set this to False. If you want users to be able to change their LDAP passwords then you should set it to True. The default is False. If LDAP is not enabled the setting is ignored and password changes are always allowed.
Set to true to attempt to validate the certificate of the LDAP server against the system CA bundle. Set False to simply accept any certificate presented. This can obviously affect security.
Whether to accept referrals from the LDAP server.
Connect to the LDAP server and attept security using the STARTTLS method.