You must now edit the file for local settings, settings_local.py
.
#
# settings.py snippet for LDAP auth
#
# This is a sample settings snippet for LDAP auth. Include it in
# the settings_local.py file and modify the settings as appropriate.
#
# Full documentation is available at: https://pythonhosted.org/django-auth-ldap/
#
# python modules required are:
# python-ldap - yum install python-ldap OR pip install python-ldap
# django-auth-ldap - pip install django-auth-ldap
#
# Note: This is not a complete settings file. Use with a complete file.
import ldap
from django_auth_ldap.config import LDAPSearch, NestedActiveDirectoryGroupType
# Connection options
AUTH_LDAP_SERVER_URI = "ldap://10.12.0.10:389"
# AUTH_LDAP_START_TLS = True
# AUTH_LDAP_SERVER_URI = "ldaps://win-ih9gmllt094.arctest.arcadiadata.com:636"
# Bind user
AUTH_LDAP_BIND_DN = "CN=arcadmin,CN=Users,DC=arctest,DC=arcadiadata,DC=com"
AUTH_LDAP_BIND_PASSWORD = "Password"
# Required Group for all users
AUTH_LDAP_REQUIRE_GROUP = "CN=arcviz users,CN=Users,DC=arctest,DC=arcadiadata,DC=com"
# Group for Admins
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_superuser": ["CN=arcviz admins,CN=Users,DC=arctest,DC=arcadiadata,DC=com"]
}
# User and group search objects and types
AUTH_LDAP_USER_SEARCH = LDAPSearch("CN=Users,DC=arctest,DC=arcadiadata,DC=com",
ldap.SCOPE_SUBTREE,"(sAMAccountName=%(user)s)")
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("CN=Users,DC=arctest,DC=arcadiadata,DC=com",
ldap.SCOPE_SUBTREE, "(objectClass=group)")
# Map LDAP attributes to Django
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# Cache settings
# Note this may cause a delay when groups are changed in LDAP
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300
# Group Settings
AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType()
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_MIRROR_GROUPS = False
# Some optional TLS/SSL options
# AUTH_LDAP_GLOBAL_OPTIONS = {
# ldap.OPT_X_TLS_CACERTFILE: "/etc/bla.cert", # Point to CA Cert file
# ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER, # Disable cert checking
# }
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_DEBUG_LEVEL: 1, # 0 to 255
ldap.OPT_REFERRALS: 0, # For Active Directory
}
# If there is no Bind User you can use these settings, but it's not the preferred way
# AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
# AUTH_LDAP_USER_DN_TEMPLATE = "CN=%(user)s,CN=Users,DC=arctest,DC=arcadiadata,DC=com"
# The backend needed to make this work.
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend'
)