LDAP authentification for udata with optionnal Kerberos suppport.
Project description
udata-ldap
LDAP authentification for udata with optionnal Kerberos suppport.
Requirements
To use LDAP only authentication, you only need the udata-ldap extension.
To use SASL and SPNEGO, you need a functional kerberos client environment.
On debian, you can install the requirements using:
apt-get install krb5-config krb5-user libkrb5-dev
Usage
Install the plugin package in you udata environement:
pip install udata-ldap
Then activate it in your udata.cfg:
PLUGINS = ['ldap']
NB: if using Kerberos SASL and/or SPNEGO, install it with:
pip install udata-ldap[kerberos]
Configuration
udata-ldap makes use of flask-ldap3-login and so use the same parameters as described here.
Some extra parameters are available:
| Parameter | Default value | Notes |
|---|---|---|
LDAP_KERBEROS_KEYTAB |
None |
Path to an optionnal Kerberos keytab for this service |
LDAP_KERBEROS_SERVICE_NAME |
'HTTP' |
The service principal as configured in the keytab |
LDAP_KERBEROS_SERVICE_HOSTNAME |
socket.getfqdn() |
The service hostname (ie. data.domain.com) |
LDAP_KERBEROS_SPNEGO |
False |
Whether or not to enable passwordless authentication with SPNEGO |
LDAP_USER_SPNEGO_ATTR |
'uid' |
The ldap attribute extracted from SPNEGO handshake to match the user |
Testing configuration
udata-ldap provides two commands to help with the configuration:
udata ldap configwill display the LDAP configuration seen byudataudata ldap checkwill allow to quickly test your configuration.
Testing localy with docker
An example docker-compose.yml is provided to test localy wiht a freeipa server.
To use it, you need to copy the file ipa-server-install-options.example to ipa-server-install-options and edit it with your own parameters.
ex:
--unattended
--realm=DATA.XPS
--domain=data.xps
--ds-password=password
--admin-password=password
Changelog
Current (in progress)
Initial release
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file udata-ldap-0.1.0.tar.gz.
File metadata
- Download URL: udata-ldap-0.1.0.tar.gz
- Upload date:
- Size: 8.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.1 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/2.7.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8f5d80402c0c19eda1399cc43b6e36a2add2ee95f0245a372de6b28df121aea3 |
|
| MD5 | 357a8c1e3f21eefd93c2847ce504bfeb |
|
| BLAKE2b-256 | 197ef4f2d509db0f986a123aa7b1d930b7294da8609f0b0226e556ccecd15b3a |
Provenance
File details
Details for the file udata_ldap-0.1.0-py2.py3-none-any.whl.
File metadata
- Download URL: udata_ldap-0.1.0-py2.py3-none-any.whl
- Upload date:
- Size: 10.6 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.1 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/2.7.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1cd6f9ce4f16d5115db28d93e598d946ce0aefcef1bdf2fefb62092e9f317eb8 |
|
| MD5 | 5d6a98451c89970e66ec888c18a61a14 |
|
| BLAKE2b-256 | 50ed4adee52d658ffe85a8dfa3d19539e645585aaac5622cf47881f85658817b |
