atoti.config.authentication.ldap module

class atoti.config.authentication.ldap.LdapConfig(url, base_dn, user_search_filter='(uid={0})', user_search_base='', group_search_filter='(uniqueMember={0})', group_search_base='', group_role_attribute_name='cn', role_mapping=None)

The LDAP configuration.

Example

>>> config = {
...     "authentication": {
...         "ldap": {
...             "url": "ldap://example.com:389",
...             "base_dn": "dc=example,dc=com",
...             "user_search_base": "ou=people",
...             "group_search_base": "ou=roles",
...             "role_mapping": {
...                 "admin": {"ROLE_ADMIN"},
...                 "france": {"ROLE_FRANCE", "ROLE_EUR"},
...             },
...         }
...     }
... }

base_dn: str

The Base Distinguished Name of the directory service.

group_role_attribute_name: str = 'cn'

The attribute name that maps a group to a role.

group_search_base: str = ''

The search base for group membership searches.

group_search_filter: str = '(uniqueMember={0})'

The LDAP filter to search for groups.

The substituted parameter is the DN of the user.

role_mapping: Optional[Mapping[str, Sequence[str]]] = None

The mapping between the roles returned by the LDAP authentication provider and the corresponding roles to use in atoti.

LDAP roles are case insensitive.

Users without the role ROLE_USER will not have access to the application.

url: str

The LDAP URL including the protocol and port.

user_search_base: str = ''

Search base for user searches.

user_search_filter: str = '(uid={0})'

The LDAP filter used to search for users.

The substituted parameter is the user’s login name.