mirror
/
funkwhale
kopia lustrzana https://dev.funkwhale.audio/funkwhale/funkwhale
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność
funkwhale/docs/administrator_documentation/configuration_docs/ldap.md

158 wiersze
3.2 KiB
Markdown
Czysty Zwykły widok Historia

Rewrite admin documentation
2022-07-01 09:02:29 +00:00
# Configure LDAP
{abbr}`LDAP (Lightweight Directory Access Protocol)` is a protocol for providing directory services. It acts as a central authority for user login information. Funkwhale supports LDAP through the [Django LDAP authentication module](https://django-auth-ldap.readthedocs.io/).
```{important}
LDAP users can't change their password in the app.
```
## Dependencies
LDAP support requires extra dependencies. We include these in our requirements files to make it easier to set up. If you aren't using LDAP, you can safely remove these.
```{dropdown} OS dependencies
- `libldap2-dev`
- `libsasl2-dev`
```
```{dropdown} Python dependencies
- `python-ldap`
- `python-django-auth-ldap`
```
## Environment variables
You can configure LDAP authentication using environment variables in your `.env` file.
### Basic features
```{py:data} LDAP_ENABLED
---
value: True
type: Boolean
Minor admin docs updates
2022-07-03 14:13:58 +00:00
noindex: True
Rewrite admin documentation
2022-07-01 09:02:29 +00:00
---
Set this to `True` to enable LDAP support
```
```{py:data} LDAP_SERVER_URI
---
type: URI
value: ldap://my.host:389
---
The LDAP {abbr}`URI (Uniform Resource Identifier)` of your authentication server.
```
```{py:data} LDAP_BIND_DN
---
type: String
value: cn=admin,dc=domain,dc=com
---
LDAP user {abbr}`DN (Distinguised Name)` to bind on so you can perform searches.
```
```{py:data} LDAP_BIND_PASSWORD
---
type: String
value: bindpassword
---
LDAP user password for bind {abbr}`DN (Distinguised Name)`.
```
```{py:data} LDAP_SEARCH_FILTER
---
type: String
value: (|(cn={0})(mail={0}))
---
The LDAP user filter, using `{0}` as the username placeholder. Uses standard [LDAP search syntax](https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx).
```
```{py:data} LDAP_START_TLS
---
type: Boolean
value: False
---
Set to `True` to enable LDAP StartTLS support.
```
```{py:data} LDAP_ROOT_DN
---
type: String
value: dc=domain,dc=com
---
The LDAP search root {abbr}`DN (Distinguised Name)`. Supports several entries in a comma-delimited list.
```
```{py:data} LDAP_USER_ATTR_MAP
---
type: String
value: first_name:givenName, last_name:sn, username:cn, email:mail
---
A mapping of Django user attributes to LDAP values.
```
```{py:data} AUTH_LDAP_BIND_AS_AUTHENTICATING_USER
---
type: Boolean
value: False
---
Controls whether to use direct binding.
```
### Group features
LDAP provides extra features for working with groups. Group configuration is an advanced feature. Most users don't need to configure these settings.
```{seealso}
[Django's LDAP documentation](https://django-auth-ldap.readthedocs.io/en/latest/groups.html) for groups.
```
```{py:data} LDAP_GROUP_DN
---
type: String
value: ou=groups,dc=domain,dc=com
---
The LDAP group search root {abbr}`DN (Distinguised Name)`. This needs to be set to `True` to enable group features.
```
```{py:data} LDAP_GROUP_FILTER
---
type: String
value: objectClass=groupOfNames
---
The LDAP group filter.
```
```{py:data} LDAP_REQUIRE_GROUP
---
type: String
value: cn=enabled,ou=groups,dc=domain,dc=com
---
The group that users need to be a member of to authenticate.
```
```{py:data} LDAP_DENY_GROUP
---
type: String
value: cn=disabled,ou=groups,dc=domain,dc=com
---
A group whose members can't authenticate.
```