Using LDAPS

To use LDAPS, follow these steps.

  1. Set debug level:

    AUTH_LDAP_CONNECTION_OPTIONS = {
        ldap.OPT_DEBUG_LEVEL: 1,
    }
  2. Set the active directory:

    AUTH_LDAP_CONNECTION_OPTIONS = {
        ldap.OPT_REFERRALS: 0,
    }
  3. Set AUTH_LDAP_START_TLS:

    AUTH_LDAP_START_TLS = True

    Alternatively, use ldaps URI to port 636 instead of port 389.

  4. Point to the CA certification file:

    AUTH_LDAP_GLOBAL_OPTIONS = {
      ldap.OPT_X_TLS_CACERTFILE: "/etc/bla.cert",
    }
  5. Disable certificate checking:

    AUTH_LDAP_GLOBAL_OPTIONS = {
      ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
    }