Ticket #2507: ldapauthdoc.diff

File ldapauthdoc.diff, 2.9 KB (added by Jeff Anderson, 17 years ago)

fixed a type from previous version

  • authentication.txt

     
    10441044password is valid in multiple backends, Django will stop processing at the
    10451045first positive match.
    10461046
     1047LDAP authentication backend
     1048---------------------------
     1049
     1050Django can also authenticate users against an ldap implementation, such as OpenLDAP.
     1051To use this backend, in settings.py, ``AUTHENTICATION_BACKENDS`` should read::
     1052
     1053    ('django.contrib.auth.contrib.ldapauth.LDAPBackend',)
     1054
     1055The LDAP backend needs several additional settings in your settings.py.
     1056    ``LDAP_SERVER_URI`` -- string, ldap uri.
     1057        default: 'ldap://localhost'
     1058    ``LDAP_SEARCHDN`` -- string of the LDAP dn to use for searching
     1059        default: 'dc=localhost'
     1060    ``LDAP_SCOPE`` -- one of: ldap.SCOPE_*, used for searching
     1061        see python-ldap docs for the search function
     1062        default = ldap.SCOPE_SUBTREE
     1063    ``LDAP_SEARCH_FILTER`` -- formated string, the filter to use for searching for a
     1064        user. Used as: filterstr = LDAP_SEARCH_FILTER % username
     1065        default = 'cn=%s'
     1066    ``LDAP_UPDATE_FIELDS`` -- boolean, do we sync the db with ldap on each auth
     1067        default = True
     1068
     1069Required unless LDAP_FULL_NAME is set:
     1070    ``LDAP_FIRST_NAME`` -- string, LDAP attribute to get the given name from
     1071    ``LDAP_LAST_NAME`` -- string, LDAP attribute to get the last name from
     1072
     1073Optional Settings:
     1074    ``LDAP_FULL_NAME`` -- string, LDAP attribute to get name from, splits on ' '
     1075    ``LDAP_GID`` -- string, LDAP attribute to get group name/number from
     1076    ``LDAP_SU_GIDS`` -- list of strings, group names/numbers that are superusers
     1077    ``LDAP_STAFF_GIDS`` -- list of strings, group names/numbers that are staff
     1078    ``LDAP_EMAIL`` -- string, LDAP attribute to get email from
     1079    ``LDAP_DEFAULT_EMAIL_SUFFIX`` -- string, appened to username if no email found
     1080    ``LDAP_OPTIONS`` -- hash, python-ldap global options and their values
     1081    {ldap.OPT_X_TLS_CACERTDIR: '/etc/ldap/ca/'}
     1082
     1083You must pick a method for determining the DN of a user and set the needed settings:
     1084    * You can set ``LDAP_BINDDN`` and ``LDAP_BIND_ATTRIBUTE`` like::
     1085           
     1086        ``LDAP_BINDDN`` = 'ou=people,dc=example,dc=com'
     1087        ``LDAP_BIND_ATTRIBUTE`` = 'uid'
     1088
     1089     and the user DN would be:
     1090
     1091            'uid=%s,ou=people,dc=example,dc=com' % username
     1092
     1093    * Look for the DN on the directory, this is what will happen if you do
     1094      not define the LDAP_BINDDN setting. In that case you may need to
     1095      define LDAP_PREBINDDN and LDAP_PREBINDPW if your LDAP server does not
     1096      allow anonymous queries. The search will be performed with the
     1097      LDAP_SEARCH_FILTER setting.
     1098
     1099    * Override the _pre_bind() method, which receives the ldap object and
     1100      the username as it's parameters and should return the DN of the user.
     1101
    10471102Writing an authentication backend
    10481103---------------------------------
    10491104
Back to Top