Robert, Thanks for the great product. I am running into a similar issue now. We have another Django instance running django-auth-ldap and it serves as our CMS.
What I would like to do is be able to have a single sign on system (the CMS be the provider, and Mayan be a consumer), so users don't have to authenticate against both. I am trying to use https://github.com/Nitron/django-cas-consumer and https://github.com/Nitron/django-cas-provider but I am not sure Mayan is actually authenticating hitting the authentication backends, despite adding their config to the AUTHENTICATION_BACKENDS tuple. Does mayan do something else with the authentication mechanism that would explain why this module isn't being hit? Thanks! -Dan On Friday, January 13, 2012 12:10:52 PM UTC-7, Roberto Rosario wrote: > > Just recently at work I had to get our Mayan EDMS instance to authenticate > users against the main HQ Microsoft AD. The process was not difficult, but > it wasn't a breeze in the park either. This is how I did it in case it's > of help for anyone else. > > I used these two libraries as they seemed the most maintained from the > quick search I did. > http://www.python-ldap.org/ > http://packages.python.org/django-auth-ldap/ > > After figuring out the corresponding OU, CN and such (which took quite a > while since I'm not well versed in LDAP). For configuration options, Mayan > EDMS imports settings_local.py after importing settings.py to allow users > to override the defaults without modifying any file tracked by Git, this > makes upgrading by using Git's pull command extremely easy. My > settings_local.py file is as follows: > > > import ldap > from django_auth_ldap.config import LDAPSearch > > # makes sure this works in Active Directory > ldap.set_option(ldap.OPT_REFERRALS, 0) > > AUTH_LDAP_SERVER_URI = "ldap://172.16.XX.XX:389"; > AUTH_LDAP_BIND_DN = 'cn=Roberto Rosario > Gonzalez,ou=Aguadilla,ou=XX,ou=XX,dc=XX,dc=XX,dc=XX' > AUTH_LDAP_BIND_PASSWORD = 'XXXXXXXXXXXXXX' > AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=XX,dc=XX,dc=XX', > ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)') > > # Populate the Django user from the LDAP directory. > AUTH_LDAP_USER_ATTR_MAP = { > "first_name": "givenName", > "last_name": "sn", > "email": "mail" > } > > # This is the default, but I like to be explicit. > AUTH_LDAP_ALWAYS_UPDATE_USER = True > > AUTHENTICATION_BACKENDS = ( > 'django_auth_ldap.backend.LDAPBackend', > 'django.contrib.auth.backends.ModelBackend', > ) > > The AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD are required because > anonymous queries are not allowed in out organization's tree, my user > account is being used to do the query, but a dummy account will be created > and used later on. The AUTH_LDAP_USER_SEARCH = > LDAPSearch('dc=XX,dc=XX,dc=X bit took some trial and error as it wasn't > very intuitive to figure out, this is not an issue of the library, but of > Active Directory and of our particular LDAP forrest. > > For a more advanced example check this StackOverflow question: > http://stackoverflow.com/questions/6493985/django-auth-ldap > -- --- You received this message because you are subscribed to the Google Groups "Mayan EDMS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
