Archer Configuring LDAP

Source: Internet
Author: User
Tags ldap ldapsearch self signed certificate

Archer is a good open source SQL Automation platform, based on inception, support work order, audit, scheduled tasks, mail, OSC and other functions, but also configure MySQL query, slow query management, session management and so on.

The community was developed by the author (https://github.com/jly8866/archer/) and the @ Small circle has been responsible for updating the Docker image, thanks to two-bit and community.

Say below how to configure LDAP.

Configure LDAP primarily in settings.py, sample code:

#LDAPEnable_ldap =TrueifEnable_ldap:ImportLDAP#From django_auth_ldap.config import Ldapsearch, Groupofnamestype     fromDjango_auth_ldap.configImportLdapsearch, Groupofuniquenamestype authentication_backends= (        'Django_auth_ldap.backend.LDAPBackend',#configured to use LDAP authentication first, such as authentication no longer uses the following authentication method        'Django.contrib.auth.backends.ModelBackend',#manually created users in the SSO system can also be used, with priority back. Note the order of the 2 rows    )    #if use self signed certificate, Remove auth_ldap_global_options annotations    #auth_ldap_global_options={    #LDAP. Opt_x_tls_require_cert:ldap. Opt_x_tls_never    # }auth_ldap_bind_dn="cn=manager,dc=example,dc=net"Auth_ldap_bind_password="Password"Auth_ldap_server_uri="ldap://ldap.example.net:389"Auth_ldap_basedn="ou= Technology Center, Ou=people,dc=example,dc=net"auth_ldap_user_dn_template="cn=% (user) s,ou= Technology Center, Ou=people,dc=example,dc=net"Auth_ldap_group_search= Ldapsearch ("ou= Technology Center, Ou=people,dc=example,dc=net", LDAP. Scope_subtree,"(objectclass=groupofuniquenames)") Auth_ldap_group_type=groupofuniquenamestype () Auth_ldap_always_update_user= True#Synchronize user information with each login from LDAPAuth_ldap_user_attr_map = {#key is the Archer.sql_users field name, value is the field name in LDAP and is used to synchronize user information        "username":"cn",        "Display":"DisplayName",        "Email":"Mail"    }    #auth_ldap_mirror_groups = True # copies the LDAP group directly to the Django one, and the auth_ldap_find_group_perms is mutually exclusive. Each time the user logs on, the database's group relationship is updated based on LDAP Auth_ldap_find_group_perms = True#Django obtains permissions from the LDAP group permissions, in this way, Django does not create the group itself, and each request calls the LDAPAuth_ldap_cache_groups = True#when Find_group_perms is turned on, this configuration takes effect and the group relationship is cached without invoking LDAP with each requestAuth_ldap_group_cache_timeout = 600#Cache Time

I'm coming. The LDAP configuration information is as follows

http://ldap.example.net/ldapadmin/
Cn=manager,dc=example,dc=net
Password
ou= Technology Center, Ou=people,dc=example,dc=net
Ou=group,dc=example,dc

Configuration steps

First change the Enable_ldap to true, meaning to open the LDAP login;

AUTH_LDAP_BIND_DN is set to Cn=manager,dc=haodai,dc=net, equivalent to Archer connection LDAP account, here to the Administrator account

Auth_ldap_bind_password Password

Auth_ldap_server_uri is the server address, has the domain name write domain name, no domain name writes the IP, remembers behind colon with the port

Auth_ldap_basedn is the default path, and all of the LDAP paths inside

Auth_ldap_user_dn_template is the user account template, set to cn=% (user) s, followed by Auth_ldap_basedn can

Auth_ldap_group_search group Search, set to Auth_ldap_basedn

The three values in the Auth_ldap_user_attr_map are the fields of the Archer mapping LDAP data, this version of LDAP is above, the specific can login LDAP admin view own attribute field

The bottom four options default to

Configure to restart Gunicorn later, and then try to log in with LDAP account, see what is wrong with the log, according to the prompts to debug.

Archer Configuring LDAP

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.