LDAP configuration can be enabled by appending the
'pootle.core.auth.ldap_backend.LdapBackend'
to the list of
AUTHENTICATION_BACKENDS
. The settings page lists all the
configuration keys available for LDAP.
Below a brief example of a working configuration is showcased.
The mail addresses are john.doe@website.org, the LDAP server is your.ldapserver.org. In this case, we need a specific user account to search in our LDAP server, this user/password is admin/pootle. The LDAP accounts are based on the mail addresses: these are the uids. Finally, John Doe is part of the branch employees on the LDAP.
# Authenticate first with an LDAP system and then fall back to Django's
# authentication system.
AUTHENTICATION_BACKENDS = [
#: Uncomment the following line for enabling LDAP authentication
'pootle.core.auth.ldap_backend.LdapBackend',
'django.contrib.auth.backends.ModelBackend',
]
# The LDAP server. Format: protocol://hostname:port
AUTH_LDAP_SERVER = 'ldap://your.ldapserver.org:389'
# Anonymous Credentials : if you don't have a super user, don't put cn=...
AUTH_LDAP_ANON_DN = 'cn=admin,dc=website,dc=org'
AUTH_LDAP_ANON_PASS = 'pootle'
# Base DN to search
AUTH_LDAP_BASE_DN = 'ou=employees,dc=website,dc=org'
# What are we filtering on? %s will be the username (must be in the string)
# In this case, we filter on mails, which are the uid.
AUTH_LDAP_FILTER = 'uid=%s'
# This is a mapping of Pootle field names to LDAP fields. The key is
# Pootle's name, the value should be your LDAP field name. If you don't use the
# field or don't want to automatically retrieve these fields from LDAP comment
# them out. The only required field is 'dn'. givenName, sn and uid are the names
# of the LDAP fields.
AUTH_LDAP_FIELDS = {
'dn': 'dn',
'first_name':'givenName',
'last_name':'sn',
'email':'uid'
}