django-ldapdb, an LDAP database backend for Django
Clone or download

README.rst

django-ldapdb

https://secure.travis-ci.org/django-ldapdb/django-ldapdb.png?branch=master Latest Version Supported Python versions Wheel status License

django-ldapdb is an LDAP database backend for Django, allowing to manipulate LDAP entries through Django models.

It supports most of the same APIs as a Django model:

  • MyModel.objects.create()
  • MyModel.objects.filter(x=1, y__contains=2)
  • Full admin support and browsing

django-ldapdb supports Django versions 1.11 / 2.0 / 2.1, and Python 2.7 / 3.4 / 3.5 / 3.6 / 3.7, as far as the Django and Python versions are compatible.

Installing django-ldapdb

Linux

Use pip: pip install django-ldapdb

You might also need the usual LDAP packages from your distribution, usually named openldap or ldap-utils.

Windows

django-ldapdb depends on the python-ldap <https://pypi.python.org/pypi/python-ldap> project. Either follow its Windows installation guide, or install a pre-built version from https://www.lfd.uci.edu/~gohlke/pythonlibs/#python-ldap (choose the .whl file matching your Python/Windows combination, and install it with pip install python-ldap-3...whl).

and then you can also install django-ldapdb with

pip install django-ldapdb

Using django-ldapdb

Add the following to your settings.py:

DATABASES = {
    'ldap': {
        'ENGINE': 'ldapdb.backends.ldap',
        'NAME': 'ldap://ldap.nodomain.org/',
        'USER': 'cn=admin,dc=nodomain,dc=org',
        'PASSWORD': 'some_secret_password',
     },
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
     },
}
DATABASE_ROUTERS = ['ldapdb.router.Router']

If you want to access posixGroup entries in your application, you can add something like this to your models.py:

from ldapdb.models.fields import CharField, IntegerField, ListField
import ldapdb.models

class LdapGroup(ldapdb.models.Model):
    """
    Class for representing an LDAP group entry.
    """
    # LDAP meta-data
    base_dn = "ou=groups,dc=nodomain,dc=org"
    object_classes = ['posixGroup']

    # posixGroup attributes
    gid = IntegerField(db_column='gidNumber', unique=True)
    name = CharField(db_column='cn', max_length=200, primary_key=True)
    members = ListField(db_column='memberUid')

    def __str__(self):
        return self.name

    def __unicode__(self):
        return self.name

and add this to your admin.py:

from django.contrib import admin
from . import models

class LDAPGroupAdmin(admin.ModelAdmin):
    exclude = ['dn', 'objectClass']
    list_display = ['gid', 'name']

admin.site.register(models.LDAPGroup, LDAPGroupAdmin)
Important note:

You must declare an attribute to be used as the primary key. This attribute will play a special role, as it will be used to build the Relative Distinguished Name of the entry.

For instance in the example above, a group whose cn is foo will have the DN cn=foo,ou=groups,dc=nodomain,dc=org.

Supported fields

djanglo-ldapdb provides the following fields, all imported from ldapdb.models.fields:

Similar to Django:

  • IntegerField
  • FloatField
  • CharField
  • ImageField
  • DateTimeField
Specific to a LDAP server:
  • ListField (holds a list of text values)
  • TimestampField (Stores a datetime as a posix timestamp, typically for posixAccount)
Legacy:
  • DateField (Stores a date in an arbitrary format. A LDAP server has no notion of Date).

Tuning django-ldapdb

It is possible to adjust django-ldapdb's behavior by defining a few parameters in the DATABASE section:

PAGE_SIZE (default: 1000)
Define the maximum size of a results page to be returned by the server
QUERY_TIMEOUT (default: no limit)

Define the maximum time in seconds we'll wait to get a reply from the server (on a per-query basis).

Note

This setting applies on individual requests; if a high-level operation requires many queries (for instance a paginated search yielding thousands of entries), the timeout will be used on each individual request; the overall processing time might be much higher.