django-auth-ldap / README

The default branch has multiple heads

This is a Django authentication backend that authenticates against an LDAP
service. Configuration can be as simple as a single distinguished name
template, but there are many rich configuration options for working with users,
groups, and permissions.

This version is officially supported on Python >= 2.5, Django >= 1.3, and
python-ldap >= 2.0. It is known to work on earlier versions (especially of
Django) and backwards-compatibility is not broken needlessly, however users of
older dependencies are urged to test their deployments carefully and be wary of

Full documentation can be found at;
following is an example configuration, just to whet your appetite::

    import ldap
    from django_auth_ldap.config import LDAPSearch, GroupOfNamesType

    # Baseline configuration.
    AUTH_LDAP_SERVER_URI = "ldap://"

    AUTH_LDAP_BIND_DN = "cn=django-agent,dc=example,dc=com"
    AUTH_LDAP_BIND_PASSWORD = "phlebotinum"
    AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=example,dc=com",
        ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
    # or perhaps:
    # AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=example,dc=com"

    # Set up the basic group parameters.
    AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=django,ou=groups,dc=example,dc=com",
        ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
    AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()

    # Simple group restrictions
    AUTH_LDAP_REQUIRE_GROUP = "cn=enabled,ou=django,ou=groups,dc=example,dc=com"
    AUTH_LDAP_DENY_GROUP = "cn=disabled,ou=django,ou=groups,dc=example,dc=com"

    # Populate the Django user from the LDAP directory.
        "first_name": "givenName",
        "last_name": "sn",
        "email": "mail"

        "employee_number": "employeeNumber"

        "is_active": "cn=active,ou=django,ou=groups,dc=example,dc=com",
        "is_staff": "cn=staff,ou=django,ou=groups,dc=example,dc=com",
        "is_superuser": "cn=superuser,ou=django,ou=groups,dc=example,dc=com"

        "is_awesome": "cn=awesome,ou=django,ou=groups,dc=example,dc=com",

    # Use LDAP group membership to calculate group permissions.

    # Cache group memberships for an hour to minimize LDAP traffic

    # Keep ModelBackend around for per-user permissions and maybe a local
    # superuser.
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.