LDAP

LDAP Support

The following is an example configuration file for RatticDB. Add this to your local.cfg file.

[ldap]
# LDAP server details
uri = ldap://localhost

# User parameters
userbase = ou=users,dc=example,dc=com
userfilter = (uid=%(user)s)

# Set up the basic group parameters.
groupbase = ou=django,ou=groups,dc=example,dc=com
groupfilter = (objectClass=groupOfNames)
grouptype = GroupOfNamesType

# How do I find staff
staff = cn=staff,ou=groups,dc=example,dc=com

Specific Instructions

• LDAP-ActiveDirectory
• LDAP-389DS

Settings

uri

This line configures the LDAP server location and connection settings. You can specify the port, whether to use SSL and other things.

binddn

The user to bind as before the user logs in. Use this if your server does not let you search for users with an anonymous bind.

bindpass

The password for the AUTH_LDAP_BIND_DN user.

userbase

The base to search for users in.

userfilter

A filter which when searched on userbase, will only return users.

groupbase

A base to search for groups in.

groupfilter

A filter when search on groupfilter, will only return groups of the type in grouptype.

grouptype

This defines the type of group that RatticDB will read. Supported groups are:

• PosixGroupType

• MemberDNGroupType

• NestedMemberDNGroupType

• GroupOfNamesType

• NestedGroupOfNamesType

• GroupOfUniqueNamesType

• NestedGroupOfUniqueNamesType

• ActiveDirectoryGroupType

• NestedActiveDirectoryGroupType

staff

People in this group will be treated as staff members and thus able to access the 'Staff Management' page and related staff functionality.

allowpasschange

If your LDAP server does not allow users to change their own passwords according to RFC3062 you should set this to False. If you want users to be able to change their LDAP passwords then you should set it to True. The default is False. If LDAP is not enabled the setting is ignored and password changes are always allowed.