Thank You very much !!! Pierluigi Il giorno venerdì 13 gennaio 2012 20:10:52 UTC+1, Roberto Rosario ha scritto: > > Just recently at work I had to get our Mayan EDMS instance to authenticate > users against the main HQ Microsoft AD. The process was not difficult, but > it wasn't a breeze in the park either. This is how I did it in case it's > of help for anyone else. > > I used these two libraries as they seemed the most maintained from the > quick search I did. > http://www.python-ldap.org/<http://www.google.com/url?q=http%3A%2F%2Fwww.python-ldap.org%2F&sa=D&sntz=1&usg=AFQjCNGeTree8NYveTgXzZyZWO5FR8sG8Q> > http://packages.python.org/django-auth-ldap/<http://www.google.com/url?q=http%3A%2F%2Fpackages.python.org%2Fdjango-auth-ldap%2F&sa=D&sntz=1&usg=AFQjCNG_ezG4UjvIaWIHOLPhkkwkVgr3Xw> > > After figuring out the corresponding OU, CN and such (which took quite a > while since I'm not well versed in LDAP). For configuration options, Mayan > EDMS imports settings_local.py after importing settings.py to allow users > to override the defaults without modifying any file tracked by Git, this > makes upgrading by using Git's pull command extremely easy. My > settings_local.py file is as follows: > > > import ldap > from django_auth_ldap.config import LDAPSearch > > # makes sure this works in Active Directory > ldap.set_option(ldap.OPT_REFERRALS, 0) > > AUTH_LDAP_SERVER_URI = "ldap://172.16.XX.XX:389"; > AUTH_LDAP_BIND_DN = 'cn=Roberto Rosario > Gonzalez,ou=Aguadilla,ou=XX,ou=XX,dc=XX,dc=XX,dc=XX' > AUTH_LDAP_BIND_PASSWORD = 'XXXXXXXXXXXXXX' > AUTH_LDAP_USER_SEARCH = LDAPSearch('dc=XX,dc=XX,dc=XX', > ldap.SCOPE_SUBTREE, '(SAMAccountName=%(user)s)') > > # Populate the Django user from the LDAP directory. > AUTH_LDAP_USER_ATTR_MAP = { > "first_name": "givenName", > "last_name": "sn", > "email": "mail" > } > > # This is the default, but I like to be explicit. > AUTH_LDAP_ALWAYS_UPDATE_USER = True > > AUTHENTICATION_BACKENDS = ( > 'django_auth_ldap.backend.LDAPBackend', > 'django.contrib.auth.backends.ModelBackend', > ) > > The AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD are required because > anonymous queries are not allowed in out organization's tree, my user > account is being used to do the query, but a dummy account will be created > and used later on. The AUTH_LDAP_USER_SEARCH = > LDAPSearch('dc=XX,dc=XX,dc=X bit took some trial and error as it wasn't > very intuitive to figure out, this is not an issue of the library, but of > Active Directory and of our particular LDAP forrest. > > For a more advanced example check this StackOverflow question: > http://stackoverflow.com/questions/6493985/django-auth-ldap<http://www.google.com/url?q=http%3A%2F%2Fstackoverflow.com%2Fquestions%2F6493985%2Fdjango-auth-ldap&sa=D&sntz=1&usg=AFQjCNHlxZS2z8v0MLf6N7ZH6NHm3Fwerw> >
-- --- You received this message because you are subscribed to the Google Groups "Mayan EDMS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
