You must now edit the local settings file, settings_local.py, for LDAP
authentication.
pip install python-ldap
pip install django-auth-ldapFollowing is a sample settings snippet for LDAP authentication. Include it in the settings_local.py file and modify the settings as appropriate. Note: This is not a complete settings file. For more information, see https://django-auth-ldap.readthedocs.io/en/latest/reference.html.
import ldap
from django_auth_ldap.config import LDAPSearch, NestedActiveDirectoryGroupType
# Connection options
# AUTH_LDAP_START_TLS = True
AUTH_LDAP_SERVER_URI = "ldap://host:port"
# Bind user
AUTH_LDAP_BIND_DN = "CN=arcadmin,CN=Users,DC=arctest,DC=arcadiadata,DC=com"
AUTH_LDAP_BIND_PASSWORD = "Password"
# Required Group for all users
AUTH_LDAP_REQUIRE_GROUP = "CN=arcviz users,CN=Users,DC=arctest,DC=arcadiadata,DC=com"
# Group for Admins
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_superuser": ["CN=arcviz admins,CN=Users,DC=arctest,DC=arcadiadata,DC=com"]
}
# User and group search objects and types
AUTH_LDAP_USER_SEARCH = LDAPSearch("CN=Users,DC=arctest,DC=arcadiadata,DC=com",
ldap.SCOPE_SUBTREE,"(sAMAccountName=%(user)s)")
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("CN=Users,DC=arctest,DC=arcadiadata,DC=com",
ldap.SCOPE_SUBTREE, "(objectClass=group)")
# Map LDAP attributes to Django
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
# Cache settings
# Note this may cause a delay when groups are changed in LDAP
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300
# Group Settings
AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType()
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_MIRROR_GROUPS = False
# Some optional TLS/SSL options
# AUTH_LDAP_GLOBAL_OPTIONS = {
# ldap.OPT_X_TLS_CACERTFILE: "/etc/bla.cert", # Point to CA Cert file
# ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER, # Disable cert checking
# }
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_DEBUG_LEVEL: 1, # 0 to 255
ldap.OPT_REFERRALS: 0, # For Active Directory
}
# If there is no Bind User you can use these settings, but it's not the preferred way
# AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
# AUTH_LDAP_USER_DN_TEMPLATE = "CN=%(user)s,CN=Users,DC=arctest,DC=arcadiadata,DC=com"
# The backend needed to make this work.
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend'
)To edit LDAP settings in Cloudera Installations, see Cloudera: Specifying LDAP Settings.
To edit LDAP settings in Ambari, see Ambari: Specifying LDAP Settings.