Skip to content
This repository has been archived by the owner on Sep 18, 2018. It is now read-only.
Matthew Cengia edited this page May 8, 2013 · 19 revisions

LDAP Support

The following is an example configuration file for RatticDB. Add this to your local_settings.py file.

from django_auth_ldap.config import LDAPSearch, GroupOfNamesType

# LDAP server details
AUTH_LDAP_SERVER_URI="ldap://localhost"
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""

# User parameters
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")    

# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=django,ou=groups,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)")
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()

# How do I find staff
AUTH_LDAP_STAFF_GROUP = "cn=staff,ou=groups,dc=example,dc=com"

Specific Instructions

Settings

AUTH_LDAP_SERVER_URI

This line configures the LDAP server location and connection settings. You can specify the port, whether to use SSL and other things.

AUTH_LDAP_BIND_DN

The user to bind as before the user logs in. Use this if your server does not let you search for users with an anonymous bind.

AUTH_LDAP_BIND_PASSWORD

The password for the AUTH_LDAP_BIND_DN user.

AUTH_LDAP_USER_SEARCH

Here you tell us how to to find the users in your LDAP database. Anyone not found by this query will not be able to login.

AUTH_LDAP_GROUP_SEARCH

Here you tell us how to find the groups that RatticDB will use.

AUTH_LDAP_GROUP_TYPE

This defines the type of group that RatticDB will read. Supported groups are:

  • PosixGroupType

  • MemberDNGroupType

  • NestedMemberDNGroupType

  • GroupOfNamesType

  • NestedGroupOfNamesType

  • GroupOfUniqueNamesType

  • NestedGroupOfUniqueNamesType

  • ActiveDirectoryGroupType

  • NestedActiveDirectoryGroupType

Make sure you alter the import line to import the required name.

AUTH_LDAP_STAFF_GROUP

People in this group will be treated as staff members and thus able to access the 'Staff Management' page and related staff functionality.

AUTH_LDAP_ALLOW_PASSWORD_CHANGE

If your LDAP server does not allow users to change their own passwords according to RFC3062 you should set this to False. If you want users to be able to change their LDAP passwords then you should set it to True. The default is True. If LDAP is not enabled the setting is ignored and password changes are always allowed.

Clone this wiki locally