atoti.security.ldap_security.LdapSecurity#

final class atoti.security.ldap_security.LdapSecurity#

Manage LDAP security on the session.

Note

This requires atoti.SecurityConfig.sso to be an instance of LdapConfig.

Example

>>> session_config = tt.SessionConfig(
...     security=tt.SecurityConfig(
...         sso=tt.LdapConfig(
...             url="ldap://example.com:389",
...             base_dn="dc=example,dc=com",
...             user_search_base="ou=people",
...             group_search_base="ou=roles",
...         )
...     )
... )
>>> session = tt.Session.start(session_config)
>>> table = session.create_table(
...     "Restrictions example",
...     data_types={"City": "String"},
... )
>>> session.security.restrictions["ROLE_MATHS"] = table["City"] == "Paris"

Roles from the authentication provider can be mapped to roles in the session:

>>> session.security.ldap.role_mapping["MATHEMATICIANS"] = {
...     "ROLE_MATHS",
...     "ROLE_USER",
... }
>>> sorted(session.security.ldap.role_mapping["MATHEMATICIANS"])
['ROLE_MATHS', 'ROLE_USER']

Default roles can be given to users who have no individual or mapped roles granted:

>>> session.security.ldap.default_roles.add("ROLE_USER")
>>> session.security.ldap.default_roles
{'ROLE_USER'}

`default_roles`
`role_mapping`	The role mapping is done with the roles included in the ID Token sent by the authentication provider.