LDAPΒΆ

Different authentication protocols are available on AgrEGG. One option is Saml 2 (https://en.wikipedia.org/wiki/SAML_2.0), another one is LDAP(https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol).

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

LDAP is specified in a series of Internet Engineering Task Force (IETF) Standard Track publications called Request for Comments (RFCs), using the description language ASN.1. The latest specification is Version 3, published as RFC 4511.

A common use of LDAP is to provide a central place to store usernames and passwords. This allows many different applications and services to connect to the LDAP server to validate users.

LDAP is based on a simpler subset of the standards contained within the X.500 standard. Because of this relationship, LDAP is sometimes called X.500-lite.

sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev
pip install python-ldap
pip install django-auth-ldap

In settings override this variables

AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, LDAPSearchUnion

AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
}

AUTH_LDAP_SERVER_URI = "ldap://<url>"

AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=<group>,dc=corp,dc=<name>,dc=net", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")

AUTH_LDAP_BIND_DN = "<name>"
AUTH_LDAP_BIND_PASSWORD = "<psw>" # usare un account permanente

AUTH_LDAP_USER_ATTR_MAP = {
    "full_name": "cn",
    "last_name": "sn",
    "first_name": "givenName",
    "email": "mail",
    "username": "sAMAccountName"
}
AUTH_LDAP_ALWAYS_UPDATE_USER = False