LDAPΒΆ
In order to use a LDAP backend with RDMO you need to install some prerequistes. On Debian/Ubuntu you can install them using:
sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
On the python side, we use django-auth-ldap to connect to the LDAP server. As before, it should be installed inside the virtual environment created for RDMO using:
pip install -r requirements/ldap.txt
LDAP installations can be very different and we only discuss one particular example. We assume that the LDAP service is running on ldap.example.com
. RDMO needs a System Account. In order to create it, run:
ldapmodify -x -D 'cn=Directory Manager' -W
on the machine running the LDAP servere and type in:
dn: uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com
changetype: add
objectclass: account
objectclass: simplesecurityobject
uid: rdmo
userPassword: YOURPASSWORD
passwordExpirationTime: 20380119031407Z
nsIdleTimeout: 0
and end with a blank line followed by ctrl-d
.
Then, in your config/settings/local.py
add or uncomment:
import ldap
from django_auth_ldap.config import LDAPSearch
from rdmo.core.settings import AUTHENTICATION_BACKENDS
PROFILE_UPDATE = False
AUTH_LDAP_SERVER_URI = "ldap://ldap.example.com"
AUTH_LDAP_BIND_DN = "cn=rdmo,dc=ldap,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "YOURPASSWORD"
AUTH_LDAP_USER_SEARCH = LDAPSearch("dc=ldap,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
'email': 'mail'
}
AUTHENTICATION_BACKENDS.insert(
AUTHENTICATION_BACKENDS.index('django.contrib.auth.backends.ModelBackend'),
'django_auth_ldap.backend.LDAPBackend'
)
The setting PROFILE_UPDATE = False
tells RDMO to disable the update form for the user profile so that users cannot update their credentials anymore. The other settings are needed by django-auth-ldap
and are described in the django-auth-ldap documentation.