Skip to content
This repository has been archived by the owner on Sep 18, 2018. It is now read-only.

LDAP

Jump to bottom
Daniel Hall edited this page Aug 5, 2015 · 19 revisions

LDAP Support

The following is an example configuration file for RatticDB. Add this to your local.cfg file.

[ldap]
# LDAP server details
uri = ldap://localhost

# User parameters
userbase = ou=users,dc=example,dc=com
userfilter = (uid=%(user)s)

# Set up the basic group parameters.
groupbase = ou=django,ou=groups,dc=example,dc=com
groupfilter = (objectClass=groupOfNames)
grouptype = GroupOfNamesType

# How do I find staff
staff = cn=staff,ou=groups,dc=example,dc=com

Specific Instructions

Settings

uri

This line configures the LDAP server location and connection settings. You can specify the port, whether to use SSL and other things.

binddn

The user to bind as before the user logs in. Use this if your server does not let you search for users with an anonymous bind.

bindpw

The password for the AUTH_LDAP_BIND_DN user.

userbase

The base to search for users in.

userfilter

A filter which when searched on userbase, will only return users.

groupbase

A base to search for groups in.

groupfilter

A filter when search on groupfilter, will only return groups of the type in grouptype.

grouptype

This defines the type of group that RatticDB will read. Supported groups are:

  • PosixGroupType

  • MemberDNGroupType

  • NestedMemberDNGroupType

  • GroupOfNamesType

  • NestedGroupOfNamesType

  • GroupOfUniqueNamesType

  • NestedGroupOfUniqueNamesType

  • ActiveDirectoryGroupType

  • NestedActiveDirectoryGroupType

staff

People in this group will be treated as staff members and thus able to access the 'Staff Management' page and related staff functionality.

allowpasschange

If your LDAP server does not allow users to change their own passwords according to RFC3062 you should set this to False. If you want users to be able to change their LDAP passwords then you should set it to True. The default is False. If LDAP is not enabled the setting is ignored and password changes are always allowed.

requirecert

Set to true to attempt to validate the certificate of the LDAP server against the system CA bundle. Set False to simply accept any certificate presented. This can obviously affect security.

referrals

Whether to accept referrals from the LDAP server.

starttls

Connect to the LDAP server and attempt security using the STARTTLS method.

loglevel

The default debugging level is WARNING, you can set it to INFO or DEBUG to get more logging around the LDAP configuration.

Clone this wiki locally