pyrmin/ldapauth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
49 commits 1 branch 12 tags 96 KiB
Find a file
Exact
Recteur LP 14e00b1150 fix pyrmin requirement
2025-06-27 17:40:14 +02:00
ldapauth fix pyrmin requirement 2025-06-27 17:40:14 +02:00
.bumpversion.cfg Release 0.5.1 2025-06-20 17:48:49 +02:00
.gitignore rename settings template and open socket to ldap only if needed 2015-10-24 19:12:40 +02:00
api.yml add /group api 2025-06-20 17:48:20 +02:00
Makefile App api endpoint to auth user 2024-10-02 16:29:44 +02:00
MANIFEST.in App api endpoint to auth user 2024-10-02 16:29:44 +02:00
README.md Release 0.5.1 2025-06-20 17:48:49 +02:00
requirements.txt update pyasn1 2024-07-10 13:50:53 +02:00
requirements2.txt separate requirements.txt for python 2/3 2017-02-01 16:49:42 +01:00
setup.py Add setup.py and fix keyerror 2024-07-07 05:44:40 +02:00
VERSION Release 0.5.1 2025-06-20 17:48:49 +02:00

README.md

pyrmin-ldapauth:0.5.1

Plugins to Auth against LDAP / AD servers with Remote-User header variable or bind user to ldap.

Configuration File

Active Directory Example

ldapauth:
 server: my_ldap_server
 port: 389
 ssl: False
 version: 3
 gravatar: False
 authorize_non_ldap_user: False # Set to True to Accept non LDAP user in the Remote-User Header
 user_id: sAMAccountName
 user_displayname: displayName
 group_member_attr: memberOf
 user: 'CN=svc_account,DC=example,DC=com'
 password: xxx
 basedn: 'DC=example,DC=com'
 admin:
  - 'CN=My Admin Group,DC=example,DC=com'

OpenLDAP Example

ldapauth:
 server: my_ldap_server
 port: 389
 ssl: False
 version: 3
 gravatar: False
 authorize_non_ldap_user: False # Set to True to Accept non LDAP user in the Remote-User Header
 user_id: uid
 group_member_attr: memberUid
 user_displayname: gecos
 user: 'CN=svc_account,DC=example,DC=com'
 password: xxx
 basedn: 'DC=example,DC=com'
 admin:
  - 'CN=My Admin Group,DC=example,DC=com'

FreeIPA Example

ldapauth:
 server: my_ipa_server
 port: 389
 ssl: False
 version: 3
 gravatar: False
 authorize_non_ldap_user: False # Set to True to Accept non LDAP user in the Remote-User Header
 user_id: uid
 group_member_attr: member
 user_displayname: gecos
 user: 'uid=svc_account,cn=users,cn=accounts,dc=example,dc=com'
 password: xxx
 basedn: 'dc=example,dc=com'
 admin:
  - 'cn=admins,cn=groups,cn=accounts,dc=example,dc=com'

To anonymously bind ldap do not set user and password

To use the Remote-User header set up an Apache VirtualHost with mod_ldap for example

You could use any authentication module from Apache

<VirtualHost *:80>
  <Location "/">
  AuthType Basic
  AuthName "LDAP Protected"
  AuthBasicProvider ldap
  AuthLDAPURL "ldap://<server>/<basedn>?<login_attribute>?sub?<filter>"
  AuthLDAPBindDN ""
  AuthLDAPBindPassword xxxx
  Require valid-user

  RewriteEngine On
  RewriteCond %{LA-U:REMOTE_USER} (.+)
  RewriteRule . - [E=RU:%1]
  RequestHeader add REMOTE_USER %{RU}e

  ProxyPreserveHost On
  ProxyPass        <pyrmin_url>
  ProxyPassReverse <pyrmin_url>

  </Location>
</VirtualHost>