Django Auth Ldap
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Authelia | 16,521 | 1 | 3 hours ago | 34 | September 19, 2022 | 98 | apache-2.0 | Go | ||
| The Single Sign-On Multi-Factor portal for web apps | ||||||||||
| Errbit | 4,213 |  | 158 | 10 | 2 months ago | 7 | February 26, 2016 | 65 | mit | Ruby |
| The open source error catcher that's Airbrake API compliant | ||||||||||
| Lldap | 2,573 | 4 days ago | 47 | gpl-3.0 | Rust | |||||
| Light LDAP implementation | ||||||||||
| Pac4j | 2,267 | 146 | 129 | 6 days ago | 96 | September 08, 2022 | apache-2.0 | Java | ||
| Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT... | ||||||||||
| Glauth | 1,929 | 3 | 2 months ago | 20 | February 28, 2022 | 63 | mit | Go | ||
| A lightweight LDAP server for development, home use, or CI | ||||||||||
| Kanidm | 1,487 |  | 3 | 8 hours ago | 9 | May 01, 2022 | 117 | mpl-2.0 | Rust | |
| Kanidm: A simple, secure and fast identity management platform | ||||||||||
| Adldap2 Laravel | 910 |  | 99 | 16 | a month ago | 96 | November 12, 2020 | 107 | mit | PHP |
| LDAP Authentication & Management for Laravel | ||||||||||
| Caddy Security | 789 | 2 months ago | 36 | June 20, 2022 | 95 | apache-2.0 | Go | |||
| 🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐 | ||||||||||
| Maxkey | 786 | 14 hours ago | 7 | apache-2.0 | Java | |||||
| MaxKey SSO ,Leading-Edge IAM-IDaas(Identity and Access Management) Product. | ||||||||||
| Yacy_webclient_authentication | 669 | 8 years ago | apache-2.0 | PHP | ||||||
| Authentication layer for a YaCy webclient | ||||||||||
Django Authentication Using LDAP
This is a Django authentication backend that authenticates against an LDAP service. Configuration can be as simple as a single distinguished name template, but there are many rich configuration options for working with users, groups, and permissions.
- Documentation: https://django-auth-ldap.readthedocs.io/
- PyPI: https://pypi.org/project/django-auth-ldap/
- Repository: django-auth-ldap/django-auth-ldap
- License: BSD 2-Clause
Installation
Install the package with pip:
$ pip install django-auth-ldap
It requires python-ldap >= 3.1. You'll need the OpenLDAP libraries and headers available on your system.
To use the auth backend in a Django project, add
'django_auth_ldap.backend.LDAPBackend' to AUTHENTICATION_BACKENDS. Do
not add anything to INSTALLED_APPS.
AUTHENTICATION_BACKENDS = [
'django_auth_ldap.backend.LDAPBackend',
]
LDAPBackend should work with custom user models, but it does assume that a
database is present.
Note
LDAPBackend does not inherit from ModelBackend. It is possible to
use LDAPBackend exclusively by configuring it to draw group membership
from the LDAP server. However, if you would like to assign permissions to
individual users or add users to groups within Django, you'll need to have
both backends installed:
AUTHENTICATION_BACKENDS = [
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
]
Example Configuration
Here is a complete example configuration from settings.py that exercises
nearly all of the features. In this example, we're authenticating against a
global pool of users in the directory, but we have a special area set aside for
Django groups (ou=django,ou=groups,dc=example,dc=com). Remember that most
of this is optional if you just need simple authentication. Some default
settings and arguments are included for completeness.
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
# Baseline configuration.
AUTH_LDAP_SERVER_URI = 'ldap://ldap.example.com'
AUTH_LDAP_BIND_DN = 'cn=django-agent,dc=example,dc=com'
AUTH_LDAP_BIND_PASSWORD = 'phlebotinum'
AUTH_LDAP_USER_SEARCH = LDAPSearch(
'ou=users,dc=example,dc=com',
ldap.SCOPE_SUBTREE,
'(uid=%(user)s)',
)
# Or:
# AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,ou=users,dc=example,dc=com'
# Set up the basic group parameters.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
'ou=django,ou=groups,dc=example,dc=com',
ldap.SCOPE_SUBTREE,
'(objectClass=groupOfNames)',
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr='cn')
# Simple group restrictions
AUTH_LDAP_REQUIRE_GROUP = 'cn=enabled,ou=django,ou=groups,dc=example,dc=com'
AUTH_LDAP_DENY_GROUP = 'cn=disabled,ou=django,ou=groups,dc=example,dc=com'
# Populate the Django user from the LDAP directory.
AUTH_LDAP_USER_ATTR_MAP = {
'first_name': 'givenName',
'last_name': 'sn',
'email': 'mail',
}
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
'is_active': 'cn=active,ou=django,ou=groups,dc=example,dc=com',
'is_staff': 'cn=staff,ou=django,ou=groups,dc=example,dc=com',
'is_superuser': 'cn=superuser,ou=django,ou=groups,dc=example,dc=com',
}
# This is the default, but I like to be explicit.
AUTH_LDAP_ALWAYS_UPDATE_USER = True
# Use LDAP group membership to calculate group permissions.
AUTH_LDAP_FIND_GROUP_PERMS = True
# Cache distinguished names and group memberships for an hour to minimize
# LDAP traffic.
AUTH_LDAP_CACHE_TIMEOUT = 3600
# Keep ModelBackend around for per-user permissions and maybe a local
# superuser.
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
Contributing
If you'd like to contribute, the best approach is to send a well-formed pull request, complete with tests and documentation. Pull requests should be focused: trying to do more than one thing in a single request will make it more difficult to process.
If you have a bug or feature request you can try logging an issue.
There's no harm in creating an issue and then submitting a pull request to resolve it. This can be a good way to start a conversation and can serve as an anchor point.
