Django LDAP authentication backend

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for francoisfreitag from gravatar.com francoisfreitag Avatar for jdufresne from gravatar.com jdufresne Avatar for psagers from gravatar.com psagers
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD)
  • Author: Peter Sagerson
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

https://readthedocs.org/projects/django-auth-ldap/badge/?version=latest https://img.shields.io/pypi/v/django-auth-ldap.svg https://github.com/django-auth-ldap/django-auth-ldap/workflows/Test/badge.svg https://img.shields.io/pypi/l/django-auth-ldap.svg

This is a Django authentication backend that authenticates against an LDAP service. Configuration can be as simple as a single distinguished name template, but there are many rich configuration options for working with users, groups, and permissions.

Installation

Install the package with pip:

$ pip install django-auth-ldap

It requires python-ldap >= 3.1. You’ll need the OpenLDAP libraries and headers available on your system.

To use the auth backend in a Django project, add 'django_auth_ldap.backend.LDAPBackend' to AUTHENTICATION_BACKENDS. Do not add anything to INSTALLED_APPS.

AUTHENTICATION_BACKENDS = [
    'django_auth_ldap.backend.LDAPBackend',
]

LDAPBackend should work with custom user models, but it does assume that a database is present.

Example Configuration

Here is a complete example configuration from settings.py that exercises nearly all of the features. In this example, we’re authenticating against a global pool of users in the directory, but we have a special area set aside for Django groups (ou=django,ou=groups,dc=example,dc=com). Remember that most of this is optional if you just need simple authentication. Some default settings and arguments are included for completeness.

import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType


# Baseline configuration.
AUTH_LDAP_SERVER_URI = 'ldap://ldap.example.com'

AUTH_LDAP_BIND_DN = 'cn=django-agent,dc=example,dc=com'
AUTH_LDAP_BIND_PASSWORD = 'phlebotinum'
AUTH_LDAP_USER_SEARCH = LDAPSearch(
    'ou=users,dc=example,dc=com',
    ldap.SCOPE_SUBTREE,
    '(uid=%(user)s)',
)
# Or:
# AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,ou=users,dc=example,dc=com'

# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    'ou=django,ou=groups,dc=example,dc=com',
    ldap.SCOPE_SUBTREE,
    '(objectClass=groupOfNames)',
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr='cn')

# Simple group restrictions
AUTH_LDAP_REQUIRE_GROUP = 'cn=enabled,ou=django,ou=groups,dc=example,dc=com'
AUTH_LDAP_DENY_GROUP = 'cn=disabled,ou=django,ou=groups,dc=example,dc=com'

# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
    'first_name': 'givenName',
    'last_name': 'sn',
    'email': 'mail',
}

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    'is_active': 'cn=active,ou=django,ou=groups,dc=example,dc=com',
    'is_staff': 'cn=staff,ou=django,ou=groups,dc=example,dc=com',
    'is_superuser': 'cn=superuser,ou=django,ou=groups,dc=example,dc=com',
}

# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True

# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True

# Cache distinguished names and group memberships for an hour to minimize
# LDAP traffic.
AUTH_LDAP_CACHE_TIMEOUT = 3600

# Keep ModelBackend around for per-user permissions and maybe a local
# superuser.
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

Contributing

If you’d like to contribute, the best approach is to send a well-formed pull request, complete with tests and documentation. Pull requests should be focused: trying to do more than one thing in a single request will make it more difficult to process.

If you have a bug or feature request you can try logging an issue.

There’s no harm in creating an issue and then submitting a pull request to resolve it. This can be a good way to start a conversation and can serve as an anchor point.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for francoisfreitag from gravatar.com francoisfreitag Avatar for jdufresne from gravatar.com jdufresne Avatar for psagers from gravatar.com psagers
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD)
  • Author: Peter Sagerson
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

This version

5.3.0

5.2.0

5.1.0

5.0.0

4.8.0

4.7.0

4.6.0

4.5.0

4.4.0

4.3.0

4.2.0

4.1.0

4.0.0

3.0.0

2.4.0

2.3.0

2.2.0

2.1.1

2.1.0

2.0.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.3.0b3 pre-release

1.3.0b2 pre-release

1.3.0b1 pre-release

1.2.17

1.2.16

1.2.15

1.2.14

1.2.14b1 pre-release

1.2.13

1.2.12

1.2.11

1.2.10

1.2.9

1.2.8

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.8

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1

1.0.19

1.0.18

1.0.17

1.0.16

1.0.15

1.0.14

1.0.13

1.0.12

1.0.11

1.0.10

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_auth_ldap-5.3.0.tar.gz (55.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

django_auth_ldap-5.3.0-py3-none-any.whl (21.0 kB view details)

Uploaded Python 3

File details

Details for the file django_auth_ldap-5.3.0.tar.gz.

File metadata

  • Download URL: django_auth_ldap-5.3.0.tar.gz
  • Upload date:
  • Size: 55.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for django_auth_ldap-5.3.0.tar.gz
Algorithm Hash digest
SHA256 743d8107b146240b46f7e97207dc06cb11facc0cd70dce490b7ca09dd5643d19
MD5 7c3813090f05405c12d446850e9a24e0
BLAKE2b-256 a66dd3ceb4b49e7153811a4b2d92bbe198a5ef2e2820469add3d6dc129ef2fab

See more details on using hashes here.

Provenance

The following attestation bundles were made for django_auth_ldap-5.3.0.tar.gz:

Publisher: release.yml on django-auth-ldap/django-auth-ldap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file django_auth_ldap-5.3.0-py3-none-any.whl.

File metadata

File hashes

Hashes for django_auth_ldap-5.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 aa880415983149b072f876d976ef8ec755a438090e176817998263a6ed9e1038
MD5 1cdf18b1be5d570d14813f1c41b90308
BLAKE2b-256 a99138ba24b9d76925ce166b2eebe1b4ea460063b8ba8cf91d39d97ee3bad517

See more details on using hashes here.

Provenance

The following attestation bundles were made for django_auth_ldap-5.3.0-py3-none-any.whl:

Publisher: release.yml on django-auth-ldap/django-auth-ldap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page