Skip to main content

devpi-ldap: LDAP authentication for devpi-server

Project description

devpi-ldap: LDAP authentication for devpi-server

For use with devpi-server >= 2.1.0.

Installation

devpi-ldap needs to be installed alongside devpi-server.

You can install it with:

pip install devpi-ldap

For devpi-server there is no configuration needed, as it will automatically discover the plugin through calling hooks using the setuptools entry points mechanism.

Details about LDAP configuration below.

Configuration

A script named devpi-ldap can be used to test your LDAP configuration.

To configure LDAP, create a yaml file with a dictionary containing another dictionary under the devpi-ldap key with the following options:

url

The url of the LDAP server. Using ldaps:// enables SSL. No certificate validation is performed at the moment.

user_template

The template to generate the distinguished name for the user. If the structure is fixed, this is faster than specifying a user_search, but devpi-server can’t know whether a user exists or not.

user_search

If you can’t or don’t want to use user_template, then these are the search settings for the users distinguished name. You can use username in the search filter. See specifics below.

group_search

The search settings for the group objects of the user. You can use username and userdn (the distinguished name) in the search filter. See specifics below.

referrals

Whether to follow referrals. This needs to be set to false in many cases when using LDAP via Active Directory on Windows. The default is true.

The user_search and group_search settings are dictionaries with the following options:

base

The base location from which to search.

filter

The search filter. To use replacements, put them in curly braces. Example: (&(objectClass=group)(member={userdn}))

scope

The scope for the search. Valid values are base-object, single-level and whole-subtree. The default is whole-subtree.

attribute_name

The name of the attribute which should be extracted from the search result.

userdn

The distinguished name of the user which should be used for the search operation. If you don’t have anonymous user search or if the users can’t search their own groups, then you need to set this to a user which has the necessary rights.

password

The password for the user in userdn.

The YAML file should then look similar to this:

---
devpi-ldap:
  url: ldap://example.com
  user_template: CN={username},CN=Partition1,DC=Example,DC=COM
  group_search:
    base: CN=Partition1,DC=Example,DC=COM
    filter: (&(objectClass=group)(member={userdn}))
    attribute_name: CN

An example with user search and Active Directory might look like this:

---
devpi-ldap:
  url: ldap://example.com
  user_template: CN={username},CN=Partition1,DC=Example,DC=COM
  user_search:
    base: CN=Partition1,DC=Example,DC=COM
    filter: (&(objectClass=user)(sAMAccountName={username}))
    attribute_name: distinguishedName
  group_search:
    base: CN=Partition1,DC=Example,DC=COM
    filter: (&(objectClass=group)(member={userdn}))
    attribute_name: CN

Changelog

1.0.1 - 2014-10-10

  • fix the plugin hook

1.0.0 - 2014-09-22

  • initial release

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

devpi-ldap-1.0.1.zip (15.2 kB view details)

Uploaded Source

File details

Details for the file devpi-ldap-1.0.1.zip.

File metadata

  • Download URL: devpi-ldap-1.0.1.zip
  • Upload date:
  • Size: 15.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for devpi-ldap-1.0.1.zip
Algorithm Hash digest
SHA256 6d3dcf5a2f321533b58bd40dd6518d0876e3c87b4fd28203b519cf3f3aa63be4
MD5 c8b7e9d9a336eecab57a9ffe3354c070
BLAKE2b-256 072345d86b260ee99acad89a055e0e2adb1a338541eeaac5ec4e9665644a303d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page