Backend name: wazo_user
Purpose: Authenticate a user created by wazo-auth. These users do not map to telephony users at the moment.
- username: The username of the user
- groups: A list of groups associated to this user
- group.uuid: The group UUID
- group.name: The group name
- group.users: A list of users associated to this group each user having the following fields
- username
- uuid
- tenants: A list of tenants associated to this user
- tenant.uuid: The tenant UUID
- tenant.name: The tenant name
- uuid: The UUID of the user authenticating
- voicemails: a list of voicemail ID associated to this user
- lines: a list of line ID associated to this user
- extensions: a list of extension ID associated to this user
- endpoint_sip: a list of SIP endpoint ID associated to this user
- endpoing_sccp: a list of SCCP endpoint ID associated to this user
- endpoint_custom: a list of custum endpoint ID associated to this user
- agent: a dictionnary containing the agent's property, may be none and should be tested with an if before accessing its fields
- agent.id: an agent id if the user is an agent
- agent.number: an agent number if the user is an agent
Backend name: ldap_user
Purpose: Authenticate with an LDAP user.
For example, with the given configuration:
enabled_backend_plugins:
ldap_user: true
ldap:
uri: ldap://example.org
bind_dn: cn=wazo,dc=example,dc=org
bind_password: bindpass
user_base_dn: ou=people,dc=example,dc=org
user_login_attribute: uid
user_email_attribute: mail
When an authentication request is received for username alice
and password userpass
, the backend will:
- Connect to the LDAP server at example.org
- Do an LDAP "bind" operation with bind DN
cn=wazo,dc=example,dc=org
and passwordbindpass
- Do an LDAP "search" operation to find an LDAP user matching
alice
, using:- the base DN
ou=people,dc=example,dc=org
- the filter
(uid=alice)
- a SUBTREE scope
- the base DN
- If the search returns exactly 1 LDAP user, do an LDAP "bind" operation with the user's DN and the password
userpass
- If the LDAP "bind" operation is successful, search in Wazo a user with an email matching the
mail
attribute of the LDAP user - If a Wazo user is found, success
To use an anonymous bind instead, the following configuration would be used:
ldap:
uri: ldap://example.org
bind_anonymous: True
user_base_dn: ou=people,dc=example,dc=org
user_login_attribute: uid
user_email_attribute: mail
The backend can also works in a "no search" mode, for example with the following configuration:
ldap:
uri: ldap://example.org
user_base_dn: ou=people,dc=example,dc=org
user_login_attribute: uid
user_email_attribute: mail
When the server receives the same authentication request as above, it will directly do an LDAP "bind" operation with the DN uid=alice,ou=people,dc=example,dc=org
and password userpass
, and continue at step 5.
Note
User's email and voicemail's email are two separate things. This plugin only use the user's email.
uri
the URI of the LDAP server. Can only contain the scheme, host and port of an LDAP URL.
user_base_dn
the base dn of the user
user_login_attribute
the attribute to login a user
user_email_attribute
(optional)the attribute to match with the Wazo user's email (default: mail)
bind_dn
(optional)the bind DN for searching for the user DN.
bind_password
(optional)the bind password for searching for the user DN.
bind_anonymous
(optional)use anonymous bind for searching for the user DN (default: false)
- id: The ID of the user authenticating
- uuid: The UUID of the user authenticating
- voicemails: a list of voicemail ID associated to this user
- lines: a list of line ID associated to this user
- extensions: a list of extension ID associated to this user
- endpoint_sip: a list of SIP endpoint ID associated to this user
- endpoing_sccp: a list of SCCP endpoint ID associated to this user
- endpoint_custom: a list of custum endpoint ID associated to this user
- agent: a dictionnary containing the agent's property, may be none and should be tested with an if before accessing its fields
- agent.id: an agent id if the user is an agent
- agent.number: an agent number if the user is an agent