Active Directory

As part of the Active Directory admin user account setup, the following code block should be added to the bottom of /opt/ssd-local/local_settings.py. Anything in brackets <>, including the brackets, should be replaced as follows:

Substitute the fully qualified hostname of your Active Directory server in the AUTH_LDAP_SERVER_URI variable.
Substitute the SSD Active Directory user account distinguished name in the AUTH_LDAP_BIND_DN variable. This should look something like this, depending on the structure of your Active Directory OUs: CN=ssd,OU=Service Accounts,OU=Users,DC=company,DC=corp
Substitute the SSD Active Directory user account password in the AUTH_LDAP_BIND_PASSWORD variable.
Substitute the desired search path in the AUTH_LDAP_USER_SEARCH variable. This should look something like this: OU=Users,DC=company,DC=corp. If you want to restrict which subset of users can login to SSD (even if they are not designated as administrators), then make this OU restrictive.

# ACTIVE DIRECTORY

import ldap

from django_auth_ldap.config import LDAPSearch

# Local DB first and then Active Directory

AUTHENTICATION_BACKENDS = (

'django.contrib.auth.backends.ModelBackend',

'django_auth_ldap.backend.LDAPBackend'

)

AUTH_LDAP_SERVER_URI = "ldaps://<fully qualified host name>"

AUTH_LDAP_BIND_DN = "<ssd active directory service account>"

AUTH_LDAP_BIND_PASSWORD = "<ssd active directory service account password"

AUTH_LDAP_USER_SEARCH = LDAPSearch("<search path>",ldap.SCOPE_SUBTREE, "(SAMAccountName=%(user)s)",)

AUTH_LDAP_GLOBAL_OPTIONS = {

ldap.OPT_X_TLS_REQUIRE_CERT: False,

ldap.OPT_REFERRALS: False,

}

# Populate the local DJango database with certain LDAP criteria (name, email)

# so we have access to them easily

AUTH_LDAP_USER_ATTR_MAP = {

"first_name": "givenName",

"last_name": "sn",

"email": "mail"

}

	Search this site