Logo : un manchot sur fond d'étoile rouge
Alexandre Norman
de choses et d'autres
  • Blog
  • Projets
  • CV
Projets Python
  • python-gantt
  • python-nmap
  • pyClamd
Catégories
  • Asterisk
  • django
  • Outils
  • Poules
  • Raspberry Pi
  • Archives
Tags
  • asterisk (1)
  • bash (2)
  • Bricolage (1)
  • debian (7)
  • django (2)
  • dovecot (2)
  • GPS (1)
  • LDAP (1)
  • lighttpd (1)
  • méthode (3)
  • mpd (1)
  • Nagios (1)
  • openvpn (1)
  • OSM (3)
  • outils (6)
  • Palettes (1)
  • postfix (2)
  • postgrey (2)
  • Poules (1)
  • Python (6)
  • Raspberry Pi (7)
  • raspbian (7)
  • selenium (1)
  • shellscript (2)
  • voip (1)
  • wazo (1)
  • wifi (1)

Using a django application as a LDAP server with django-ldap-server

Publication : 2019.02.13
Catégorie : django

Tags: Python django LDAP

django-ldap-server allow other applications to authenticate against Django accounts using LDAP protocols.

It’s a django application packaged as a docker container. It need access to the database used by your django application and share your user model.

Source

https://bitbucket.org/xael/django-ldap-server

Run

    docker run --rm \
      -e DATABASE_URL=postgres://user:password@postgres/database \
      -e SLAPD_DOMAIN="dc=example,dc=company,dc=org" \
      -e SLAPD_PASSWORD=adminpassword \
      --link dev_postgres_1:postgres \
      --network dev_default \
      -p 1389:389  \
      xael/django-ldap-server

Environment variables are

Mandatory

  • DATABASES_URL: url of database to connect to
  • SLAPD_PASSWORD: admin password for LDAP
  • SLAPD_DOMAIN: Ldap domain (dc=example, dc=company, dc=org)

Optionnal

  • LDAP_PORT: Listening port (default :  398)
  • AUTH_USER_MODEL: Django model used for user (default :  “accounts.User”)
  • DJANGO_SETTINGS_MODULE: Setting files (default :  “ldap_server.settings”)

You can override user model in docker container by remplacing /django/accounts/models.py:

    docker run --rm -e DATABASE_URL=postgres://user:password@postgres/database \
      -e SLAPD_PASSWORD=adminpassword \
      -v /path/custom_user_model.py:/django/accounts/models.py \
      -p 1389:389  xael/django-ldap-server
Default user model
    from django.db import models
    from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
    from django.utils.translation import ugettext_lazy as _

    from django.contrib.auth.models import UserManager


    class User(AbstractBaseUser, PermissionsMixin):
        class Meta:
            managed = False

        objects = UserManager()
        USERNAME_FIELD = 'email'

        email = models.EmailField(unique=True)
        first_name = models.CharField(_('First name'), max_length=300)
        last_name = models.CharField(_('Last name'), max_length=300)

        is_staff = models.BooleanField(_('staff status'),
                                       default=False,
                                       help_text=_('admin ?'))
        is_active = models.BooleanField(_('active'),
                                        default=True,
                                        help_text=_('Utilisateur actif ?'))

Use with docker-compose

    ldap:
      image: xael/django-ldap-server:latest
      links:
        - postgres
      environment:
        DATABASE_URL: postgres://user:password@postgres/database
        DJANGO_SETTINGS_MODULE: "ldap_server.settings"
        SLAPD_DOMAIN: dc=example,dc=company,dc=org
        SLAPD_PASSWORD: adminpassword

If you want to connect from an external server, you can use a ssh tunnel :

    ssh:
      image: polandj/alpine-ssh
      ports:
        - "2222:22"
      links:
        - ldap
      environment:
          AUTHORIZED_KEYS: ssh-rsa AAAA[...]rbE7n user@computer

And connect :

    ssh -L 1389:ldap:389 -p 2222 root@server

Autres articles

payplug-dj - le paiement en ligne facile avec PayPlug

payplug-dj est un module Django qui permet d’utiliser le service de paiement en ligne PayPlug

Publication : 2016.03.19
Catégorie : django

Tags: Python django

lire...
Site géré avec Pelican - thème personnel
font dyslexia Flux RSS Mastodon