Management‎ > ‎Admin Users‎ > ‎

Active Directory

As part of the Active Directory admin user account setup, the following code block should be added to the bottom of /opt/ssd-local/  Anything in brackets <>, including the brackets, should be replaced as follows:

  • Substitute the fully qualified hostname of your Active Directory server in the AUTH_LDAP_SERVER_URI variable.
  • Substitute the SSD Active Directory user account distinguished name in the AUTH_LDAP_BIND_DN variable.  This should look something like this, depending on the structure of your Active Directory OUs: CN=ssd,OU=Service Accounts,OU=Users,DC=company,DC=corp
  • Substitute the SSD Active Directory user account password in the AUTH_LDAP_BIND_PASSWORD variable.  
  • Substitute the desired search path in the AUTH_LDAP_USER_SEARCH variable.  This should look something like this: OU=Users,DC=company,DC=corp.  If you want to restrict which subset of users can login to SSD (even if they are not designated as administrators), then make this OU restrictive.


import ldap
from django_auth_ldap.config import LDAPSearch

# Local DB first and then Active Directory

AUTH_LDAP_SERVER_URI = "ldaps://<fully qualified host name>"
AUTH_LDAP_BIND_DN = "<ssd active directory service account>"
AUTH_LDAP_BIND_PASSWORD = "<ssd active directory service account password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("<search path>",ldap.SCOPE_SUBTREE, "(SAMAccountName=%(user)s)",)

    ldap.OPT_X_TLS_REQUIRE_CERT: False,
    ldap.OPT_REFERRALS: False,

# Populate the local DJango database with certain LDAP criteria (name, email)
# so we have access to them easily
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail"