Changeset - 6bad83d27fc1
Parent rev.
Child rev.
[Not reviewed]
beta
0 1 0
Magnus Ericmats - 13 years ago 2013-04-26 20:54:25
magnus.ericmats@gmail.com
Grafted from: 4518c0d249ae
Documentation: How to setup LDAP Filter when using Organisational Units.
1 file changed with 7 insertions and 0 deletions:
docs/setup.rst
7
0 comments (0 inline, 0 general)
docs/setup.rst
Show inline comments
 
@@ -175,48 +175,55 @@ using pip::
 
LDAP settings are located in admin->ldap section,
 

			




	
	
	
		
 
Here's a typical ldap setup::

			




	
	
	
		
 

			




	
	
	
		
 
 Connection settings

			




	
	
	
		
 
 Enable LDAP          = checked

			




	
	
	
		
 
 Host                 = host.example.org

			




	
	
	
		
 
 Port                 = 389

			




	
	
	
		
 
 Account              = <account>

			




	
	
	
		
 
 Password             = <password>

			




	
	
	
		
 
 Connection Security  = LDAPS connection

			




	
	
	
		
 
 Certificate Checks   = DEMAND

			




	
	
	
		
 

			




	
	
	
		
 
 Search settings

			




	
	
	
		
 
 Base DN              = CN=users,DC=host,DC=example,DC=org

			




	
	
	
		
 
 LDAP Filter          = (&(objectClass=user)(!(objectClass=computer)))

			




	
	
	
		
 
 LDAP Search Scope    = SUBTREE

			




	
	
	
		
 

			




	
	
	
		
 
 Attribute mappings

			




	
	
	
		
 
 Login Attribute      = uid

			




	
	
	
		
 
 First Name Attribute = firstName

			




	
	
	
		
 
 Last Name Attribute  = lastName

			




	
	
	
		
 
 E-mail Attribute     = mail

			




	
	
	
		
 

			




	
	
	
		
 
If your user groups are placed in a Organisation Unit (OU) structure the Search Settings configuration differs::

			




	
	
	
		
 

			




	
	
	
		
 
 Search settings

			




	
	
	
		
 
 Base DN              = DC=host,DC=example,DC=org

			




	
	
	
		
 
 LDAP Filter          = (&(memberOf=CN=your user group,OU=subunit,OU=unit,DC=host,DC=example,DC=org)(objectClass=user))

			




	
	
	
		
 
 LDAP Search Scope    = SUBTREE

			




	
	
	
		
 

			




	
	
	
		
 
.. _enable_ldap:

			




	
	
	
		
 

			




	
	
	
		
 
Enable LDAP : required

			




	
	
	
		
 
    Whether to use LDAP for authenticating users.

			




	
	
	
		
 

			




	
	
	
		
 
.. _ldap_host:

			




	
	
	
		
 

			




	
	
	
		
 
Host : required

			




	
	
	
		
 
    LDAP server hostname or IP address. Can be also a comma separated

			




	
	
	
		
 
    list of servers to support LDAP fail-over.

			




	
	
	
		
 

			




	
	
	
		
 
.. _Port:

			




	
	
	
		
 

			




	
	
	
		
 
Port : required

			




	
	
	
		
 
    389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.

			




	
	
	
		
 

			




	
	
	
		
 
.. _ldap_account:

			




	
	
	
		
 

			




	
	
	
		
 
Account : optional

			




	
	
	
		
 
    Only required if the LDAP server does not allow anonymous browsing of

			




	
	
	
		
 
    records.  This should be a special account for record browsing.  This

			




	
	
	
		
 
    will require `LDAP Password`_ below.

			




	
	
	
		
 

			




	
	
	
		
 
.. _LDAP Password:

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.