atoti.security.ldap_security.LdapSecurity#
- final class atoti.security.ldap_security.LdapSecurity#
Manage LDAP security on the session.
Note
This requires
atoti.SecurityConfig.sso
to be an instance ofLdapConfig
.Example
>>> session = tt.Session.start( ... tt.SessionConfig( ... security=tt.SecurityConfig( ... sso=tt.LdapConfig( ... url="ldap://example.com:389", ... base_dn="dc=example,dc=com", ... user_search_base="ou=people", ... group_search_base="ou=roles", ... ) ... ) ... ) ... ) >>> table = session.create_table("Restrictions example", types={"City": tt.STRING}) >>> session.security.restrictions["ROLE_MATHS"] = table["City"] == "Paris"
Roles from the authentication provider can be mapped to roles in the session:
>>> session.security.ldap.role_mapping["MATHEMATICIANS"] = { ... "ROLE_MATHS", ... "ROLE_USER", ... } >>> sorted(session.security.ldap.role_mapping["MATHEMATICIANS"]) ['ROLE_MATHS', 'ROLE_USER']
Default roles can be given to users who have no individual or mapped roles granted:
>>> session.security.ldap.default_roles.add("ROLE_USER") >>> session.security.ldap.default_roles {'ROLE_USER'}
The role mapping is done with the roles included in the ID Token sent by the authentication provider. |