LDAP authentification for udata with optional Kerberos suppport.
Project description
udata-ldap
LDAP authentification for udata with optionnal Kerberos suppport.
Requirements
To use LDAP only authentication, you only need the udata-ldap
extension.
To use SASL
and SPNEGO
, you need a functional kerberos client environment.
On debian, you can install the requirements using:
apt-get install krb5-config krb5-user libkrb5-dev
Usage
Install the plugin package in you udata environement:
pip install udata-ldap
Then activate it in your udata.cfg
:
PLUGINS = ['ldap']
NB: if using Kerberos SASL and/or SPNEGO, install it with:
pip install udata-ldap[kerberos]
Configuration
udata-ldap
makes use of flask-ldap3-login
and so use the same parameters as described here.
Some extra parameters are available:
Parameter | Default value | Notes |
---|---|---|
LDAP_DEBUG |
False |
Enable verbose/debug logging |
LDAP_KERBEROS_KEYTAB |
None |
Path to an optionnal Kerberos keytab for this service |
LDAP_KERBEROS_SERVICE_NAME |
'HTTP' |
The service principal as configured in the keytab |
LDAP_KERBEROS_SERVICE_HOSTNAME |
socket.getfqdn() |
The service hostname (ie. data.domain.com ) |
LDAP_KERBEROS_SPNEGO |
False |
Whether or not to enable passwordless authentication with SPNEGO |
LDAP_USER_SPNEGO_ATTR |
'uid' |
The ldap attribute extracted from SPNEGO handshake to match the user |
Testing configuration
udata-ldap
provides two commands to help with the configuration:
udata ldap config
will display the LDAP configuration seen byudata
udata ldap check
will allow to quickly test your configuration.
Testing localy with docker
An example docker-compose.yml
is provided to test localy wiht a freeipa server.
To use it, you need to copy the file ipa-server-install-options.example
to ipa-server-install-options
and edit it with your own parameters.
ex:
--unattended
--realm=DATA.XPS
--domain=data.xps
--ds-password=password
--admin-password=password
Changelog
Current (in progress)
Initial release
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
File details
Details for the file udata_ldap-0.2.0-py2.py3-none-any.whl
.
File metadata
- Download URL: udata_ldap-0.2.0-py2.py3-none-any.whl
- Upload date:
- Size: 10.5 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.1 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/2.7.15
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | adc7eedfdb009b16cdc981d0713677ba1574d367c1deb9ac28d4de29b0a7a1f9 |
|
MD5 | 70ea449760cbc33314342024e77f9c31 |
|
BLAKE2b-256 | 17f6f5c6cf95b880f1e6894db0dfef2b819dc507feb17deb82c3ffbb3d01687c |