django-auth-ldap

Django LDAP authentication backend

Project description

https://readthedocs.org/projects/django-auth-ldap/badge/?version=latest

https://img.shields.io/travis/django-auth-ldap/django-auth-ldap/master.svg?label=travis-ci

This is a Django authentication backend that authenticates against an LDAP service. Configuration can be as simple as a single distinguished name template, but there are many rich configuration options for working with users, groups, and permissions.

Documentation: https://django-auth-ldap.readthedocs.io/
PyPI: https://pypi.org/project/django-auth-ldap/
Repository: https://github.com/django-auth-ldap/django-auth-ldap
Tests: http://travis-ci.org/pypa/django-auth-ldap
License: BSD 2-Clause

This version is supported on Python 2.7 and 3.4+; and Django 1.11+. It requires python-ldap >= 3.0.

Installation

Install the package with pip:

$ pip install django-auth-ldap

It requires python-ldap >= 3.0. You’ll need the OpenLDAP libraries and headers available on your system.

To use the auth backend in a Django project, add 'django_auth_ldap.backend.LDAPBackend' to AUTHENTICATION_BACKENDS. Do not add anything to INSTALLED_APPS.

AUTHENTICATION_BACKENDS = [
    'django_auth_ldap.backend.LDAPBackend',
]

LDAPBackend should work with custom user models, but it does assume that a database is present.

Note

LDAPBackend does not inherit from ModelBackend. It is possible to use LDAPBackend exclusively by configuring it to draw group membership from the LDAP server. However, if you would like to assign permissions to individual users or add users to groups within Django, you’ll need to have both backends installed:

AUTHENTICATION_BACKENDS = [
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
]

Example Configuration

Here is a complete example configuration from settings.py that exercises nearly all of the features. In this example, we’re authenticating against a global pool of users in the directory, but we have a special area set aside for Django groups (ou=django,ou=groups,dc=example,dc=com). Remember that most of this is optional if you just need simple authentication. Some default settings and arguments are included for completeness.

import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType


# Baseline configuration.
AUTH_LDAP_SERVER_URI = 'ldap://ldap.example.com'

AUTH_LDAP_BIND_DN = 'cn=django-agent,dc=example,dc=com'
AUTH_LDAP_BIND_PASSWORD = 'phlebotinum'
AUTH_LDAP_USER_SEARCH = LDAPSearch(
    'ou=users,dc=example,dc=com',
    ldap.SCOPE_SUBTREE,
    '(uid=%(user)s)',
)
# Or:
# AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,ou=users,dc=example,dc=com'

# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    'ou=django,ou=groups,dc=example,dc=com',
    ldap.SCOPE_SUBTREE,
    '(objectClass=groupOfNames)',
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr='cn')

# Simple group restrictions
AUTH_LDAP_REQUIRE_GROUP = 'cn=enabled,ou=django,ou=groups,dc=example,dc=com'
AUTH_LDAP_DENY_GROUP = 'cn=disabled,ou=django,ou=groups,dc=example,dc=com'

# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
    'first_name': 'givenName',
    'last_name': 'sn',
    'email': 'mail',
}

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    'is_active': 'cn=active,ou=django,ou=groups,dc=example,dc=com',
    'is_staff': 'cn=staff,ou=django,ou=groups,dc=example,dc=com',
    'is_superuser': 'cn=superuser,ou=django,ou=groups,dc=example,dc=com',
}

# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True

# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True

# Cache distinguised names and group memberships for an hour to minimize
# LDAP traffic.
AUTH_LDAP_CACHE_TIMEOUT = 3600

# Keep ModelBackend around for per-user permissions and maybe a local
# superuser.
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

Contributing

If you’d like to contribute, the best approach is to send a well-formed pull request, complete with tests and documentation. Pull requests should be focused: trying to do more than one thing in a single request will make it more difficult to process.

If you have a bug or feature request you can try logging an issue.

There’s no harm in creating an issue and then submitting a pull request to resolve it. This can be a good way to start a conversation and can serve as an anchor point.

Project details

Release history Release notifications

This version

1.7.0

Jul 12, 2018

1.6.1

Jun 2, 2018

1.6.0

Jun 2, 2018

1.5.0

Apr 19, 2018

1.4.0

Mar 22, 2018

1.3.0

Nov 20, 2017

1.3.0b3 pre-release

Oct 15, 2017

1.3.0b2 pre-release

Sep 26, 2017

1.3.0b1 pre-release

Sep 11, 2017

1.2.17

Jan 7, 2018

1.2.16

Sep 30, 2017

1.2.15

Aug 17, 2017

1.2.14

Jul 24, 2017

1.2.14b1 pre-release

Jul 21, 2017

1.2.13

Jun 19, 2017

1.2.12

May 20, 2017

1.2.11

Apr 22, 2017

1.2.10

Mar 7, 2017

1.2.9

Feb 15, 2017

1.2.8

Apr 18, 2016

1.2.7

Sep 29, 2015

1.2.6

Mar 29, 2015

1.2.5

Jan 30, 2015

1.2.4

Dec 28, 2014

1.2.3

Nov 18, 2014

1.2.2

Sep 22, 2014

1.2.1

Aug 24, 2014

1.2.0

Apr 10, 2014

1.1.8

Feb 1, 2014

1.1.7

Nov 19, 2013

1.1.6

Nov 10, 2013

1.1.5

Oct 26, 2013

1.1.4

Mar 9, 2013

1.1.3

Jan 6, 2013

1.1.2

Aug 30, 2012

1.1.1

Jul 8, 2012

1.1

May 7, 2012

1.0.19

Mar 25, 2012

1.0.18

Mar 15, 2012

1.0.17

Mar 5, 2012

1.0.16

Mar 5, 2012

1.0.15

Feb 4, 2012

1.0.14

Dec 29, 2011

1.0.13

Dec 15, 2011

1.0.12

Sep 29, 2011

1.0.11

Aug 28, 2011

1.0.10

Jun 23, 2011

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help	File type	Python version	Upload date
django_auth_ldap-1.7.0-py2.py3-none-any.whl (23.7 kB) Copy SHA256 hash SHA256	Wheel	py2.py3	Jul 12, 2018
django-auth-ldap-1.7.0.tar.gz (48.9 kB) Copy SHA256 hash SHA256	Source	None	Jul 12, 2018