Extensions for django-auth-ldap to handle our snowflake of an LDAP
Python
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
summit_auth_ldap
.gitignore
README
pylintrc
setup.cfg
setup.py

README

Summit's django-auth-ldap
=========================

Summit's LDAP directories are organized in weird ways that makes django-auth-ldap not
work out of the box. This applies somemonkey patches to allow for finding users in this
structure.

Some of our systems also have existing usernames that are email addresses matching
`ldap_username@example.com`, so we've extended the backend to also check for existing
usernames matching the authenticated user's email address.


Recommended Settings
--------------------

These are the settings thathave been success with our system.

```python
AUTHENTICATION_BACKENDS = (
    'summit_quotes.ldap.SummitLDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

import ldap
from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType

AUTH_LDAP_SERVER_URI = 'ldap://ldap.server.example'
AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_PROTOCOL_VERSION: ldap.VERSION3,
    ldap.OPT_REFERRALS: 0,
}
AUTH_LDAP_USER_DN_TEMPLATE = '%(user)s@domain.local'
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
AUTH_LDAP_USER_SEARCH = LDAPSearch(
    'ou=users,dc=domain,dc=local',
    ldap.SCOPE_SUBTREE,
    '(samaccountname=%(user)s)')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    'ou=groups,dc=domain,dc=local',
    ldap.SCOPE_SUBTREE,
    '(objectClass=group)')
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType(name_attr='cn')
AUTH_LDAP_USER_ATTR_MAP = {
    'first_name': 'givenName',
    'last_name': 'sn',
    'email': 'mail',
}
```