Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from MoinMoin.auth.ldap_login import LDAPAuth
- ldap_authenticator1 = LDAPAuth(
- server_uri='ldap://hermes', # ldap / active directory server URI
- bind_dn='user@domain.com', # We can either use some fixed user and password for binding to LDAP.
- bind_pw='s3cr3t!!'
- base_dn='dc=domain,dc=com', # base DN we use for searching
- scope=2, # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
- referrals=0, # LDAP REFERRALS (0 needed for AD)
- search_filter = '''(&(sAMAccountName=%(username)s)(memberOf=cn=Special\ Group,ou=Groups,dc=domain,dc=com))''' # (AD)
- givenname_attribute='givenName', # often 'givenName' - ldap attribute we get the first name from
- surname_attribute='sn', # often 'sn' - ldap attribute we get the family name from
- aliasname_attribute='displayName', # often 'displayName' - ldap attribute we get the aliasname from
- email_attribute='mail', # often 'mail' - ldap attribute we get the email address from
- email_callback=None, # callback function called to make up email address
- coding='utf-8', # coding used for ldap queries and result values
- timeout=10, # how long we wait for the ldap server [s]
- start_tls=0, # usage of Transport Layer Security 0 = No, 1 = Try, 2 = Required
- tls_cacertdir=None,
- tls_cacertfile=None,
- tls_certfile=None,
- tls_keyfile=None,
- tls_require_cert=0, # 0 == ldap.OPT_X_TLS_NEVER (needed for self-signed certs)
- bind_once=False, # set to True to only do one bind - useful if configured to bind as the user on the first attempt
- autocreate=True, # set to True to automatically create/update user profiles
- name='ldap', # use e.g. 'ldap_pdc' and 'ldap_bdc' (or 'ldap1' and 'ldap2') if you auth against 2 ldap servers
- report_invalid_credentials=True, # whether to emit "invalid username or password" msg at login time or not
- )
- auth = [
- ldap_authenticator1,
- ]
- cookie_lifetime = (0, 1) # no anon user sessions, 1h session lifetime for logged-in users
Add Comment
Please, Sign In to add comment