de choses et d’autres

Using a django application as a LDAP server with django-ldap-server

django-ldap-server allow other applications to authenticate against Django accounts using LDAP protocols.

It’s a django application packaged as a docker container. It need access to the database used by your django application and share your user model.

Source

https://bitbucket.org/xael/django-ldap-server

Run

docker run --rm \
  -e DATABASE_URL=postgres://user:password@postgres/database \
  -e SLAPD_DOMAIN="dc=example,dc=company,dc=org" \
  -e SLAPD_PASSWORD=adminpassword \
  --link dev_postgres_1:postgres \
  --network dev_default \
  -p 1389:389  \
  xael/django-ldap-server

Environment variables are

Mandatory

DATABASES_URL: url of database to connect to
SLAPD_PASSWORD: admin password for LDAP
SLAPD_DOMAIN: Ldap domain (dc=example, dc=company, dc=org)

Optionnal

LDAP_PORT: Listening port (default : 398)
AUTH_USER_MODEL: Django model used for user (default : “accounts.User”)
DJANGO_SETTINGS_MODULE: Setting files (default : “ldap_server.settings”)

You can override user model in docker container by remplacing /django/accounts/models.py:

docker run --rm -e DATABASE_URL=postgres://user:password@postgres/database \
  -e SLAPD_PASSWORD=adminpassword \
  -v /path/custom_user_model.py:/django/accounts/models.py \
  -p 1389:389  xael/django-ldap-server

Default user model

from django.db import models
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
from django.utils.translation import ugettext_lazy as _

from django.contrib.auth.models import UserManager


class User(AbstractBaseUser, PermissionsMixin):
    class Meta:
        managed = False

    objects = UserManager()
    USERNAME_FIELD = 'email'

    email = models.EmailField(unique=True)
    first_name = models.CharField(_('First name'), max_length=300)
    last_name = models.CharField(_('Last name'), max_length=300)

    is_staff = models.BooleanField(_('staff status'),
                                   default=False,
                                   help_text=_('admin ?'))
    is_active = models.BooleanField(_('active'),
                                    default=True,
                                    help_text=_('Utilisateur actif ?'))

Use with docker-compose

ldap:
  image: xael/django-ldap-server:latest
  links:
    - postgres
  environment:
    DATABASE_URL: postgres://user:password@postgres/database
    DJANGO_SETTINGS_MODULE: "ldap_server.settings"
    SLAPD_DOMAIN: dc=example,dc=company,dc=org
    SLAPD_PASSWORD: adminpassword

If you want to connect from an external server, you can use a ssh tunnel :

ssh:
  image: polandj/alpine-ssh
  ports:
    - "2222:22"
  links:
    - ldap
  environment:
      AUTHORIZED_KEYS: ssh-rsa AAAA[...]rbE7n user@computer

And connect :

ssh -L 1389:ldap:389 -p 2222 root@server

Autres articles

Asterisk / WAZO - Choisir un trunk en fonction d’un script AGI en Python

L’interface AGI d’Asterisk permet d’interagir avec un appel en cours ou en cours d’établissement. Le script utilisé ici permet de diriger un appel sortant vers un trunk ou un autre en fonction du nombre d’appels passés.

lire...

Surveillance de l’expiration d’un nom de domaine avec Nagios

Un script de surveillance de la date d’expiration des noms de domaine pour Nagios. Histoire de ne pas louper le renouvellement quand on est noyé sous les mails…

lire...

Page 1 / 2 »