kinto-ldap 0.3.0

LDAP support for Kinto

kinto-ldap

Validate Basic Auth provided user login and password with an LDAP server.

Dependencies

Before installing you will need the following system dependencies:

On Debian based systems:

sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev

On RPM based systems:

sudo yum install openldap-devel openssl-devel python-devel

Installation

Install the Python package:

pip install kinto-ldap

Include the package in the project configuration:

kinto.includes = kinto_ldap

And configure authentication policy using pyramid_multiauth formalism:

multiauth.policies = ldap

By default, it will rely on the cache configured in Kinto.

Configuration

multiauth.policy.ldap.use = kinto_ldap.authentication.LDAPBasicAuthAuthenticationPolicy

kinto.ldap.cache_ttl_seconds = 30
kinto.ldap.endpoint = ldap://ldap.prod.mozaws.net
# kinto.ldap.bind_dn = uid=read_user,ou=logins,dc=mozilla
# kinto.ldap.bind_password = user_password

If necessary, override default values for authentication policy:

# multiauth.policy.ldap.realm = Realm
# kinto.ldap.base_dn = dc=mozilla
# kinto.ldap.filters = (mail={mail})
# kinto.ldap.pool_size = 10
# kinto.ldap.pool_retry_max = 3
# kinto.ldap.pool_retry_delay = .1
# kinto.ldap.pool_timeout = 30

CHANGELOG

This document describes changes between each past release.

0.3.0 (2016-11-23)

• Support login from multiple DN from the same LDAP server (#16)

0.2.1 (2016-11-03)

Bug fixes

• Fix heartbeat that would always return False

0.2.0 (2016-11-02)

• Set default value for multiauth.policy.ldap.use (fixes #3)

• Add the plugin version in the capability.

New features

• Add connection pool settings (fixes #10)

Bug fixes

• Fix heartbeat when server is unreachable (fixes #8)

• Returns None and log exception if LDAP backend cannot be reached (fixes #9)

0.1.0 (2016-06-27)

• Basic Auth Authentication for LDAP.

Contributors

• Rémy Hubscher <rhubscher@mozilla.com>

• Tarek Ziade <tarek@mozilla.com>