kallithea Changeset - f6685a62e455

Changeset - f6685a62e455

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 13 years ago 2012-10-11 20:23:28
marcin@python-works.com

Updated docs about LDAP failover server list option

1 file changed with 2 insertions and 1 deletions:

docs/setup.rst

0 comments (0 inline, 0 general)

docs/setup.rst

➞

Show inline comments

@@ @@ -159,97 +159,98 @@ Setting up LDAP support @@
 RhodeCode starting from version 1.1 supports ldap authentication. In order
 to use LDAP, you have to install the python-ldap_ package. This package is
 available via pypi, so you can install it by running
 using easy_install::
     easy_install python-ldap
 using pip::
     pip install python-ldap
 .. note::
    python-ldap requires some certain libs on your system, so before installing
    it check that you have at least `openldap`, and `sasl` libraries.
 LDAP settings are located in admin->ldap section,
 Here's a typical ldap setup::
  Connection settings
  Enable LDAP          = checked
  Host                 = host.example.org
  Port                 = 389
  Account              = <account>
  Password             = <password>
  Connection Security  = LDAPS connection
  Certificate Checks   = DEMAND
  Search settings
  Base DN              = CN=users,DC=host,DC=example,DC=org
  LDAP Filter          = (&(objectClass=user)(!(objectClass=computer)))
  LDAP Search Scope    = SUBTREE
  Attribute mappings
  Login Attribute      = uid
  First Name Attribute = firstName
  Last Name Attribute  = lastName
  E-mail Attribute     = mail
 .. _enable_ldap:
 Enable LDAP : required
     Whether to use LDAP for authenticating users.
 .. _ldap_host:
 Host : required
     LDAP server hostname or IP address.
     LDAP server hostname or IP address. Can be also a comma separated
     list of servers to support LDAP fail-over.
 .. _Port:
 Port : required
 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
 .. _ldap_account:
 Account : optional
     Only required if the LDAP server does not allow anonymous browsing of
     records.  This should be a special account for record browsing.  This
     will require `LDAP Password`_ below.
 .. _LDAP Password:
 Password : optional
     Only required if the LDAP server does not allow anonymous browsing of
     records.
 .. _Enable LDAPS:
 Connection Security : required
     Defines the connection to LDAP server
     No encryption
         Plain non encrypted connection
     LDAPS connection
         Enable ldaps connection. It will likely require `Port`_ to be set to
         a different value (standard LDAPS port is 636). When LDAPS is enabled
         then `Certificate Checks`_ is required.
     START_TLS on LDAP connection
         START TLS connection
 .. _Certificate Checks:
 Certificate Checks : optional
     How SSL certificates verification is handled - this is only useful when
     `Enable LDAPS`_ is enabled.  Only DEMAND or HARD offer full SSL security
     while the other options are susceptible to man-in-the-middle attacks.  SSL
     certificates can be installed to /etc/openldap/cacerts so that the
     DEMAND or HARD options can be used with self-signed certificates or
     certificates that do not have traceable certificates of authority.
     NEVER
         A serve certificate will never be requested or checked.

0 comments (0 inline, 0 general)