gws.plugin.auth_provider.ldap¶
LDAP authorization provider.
Accepts an LDAP URL in the following form:
ldap://host:port/baseDN?searchAttribute
which is a subset of the rfc2255 schema.
Optionally, a bind DN and a password can be provided. This DN must have search permissions for the directory.
The authorization workflow with the (login, password) credentials is as follows:
connect to the LDAP server, using the bind DN if provided
search for the DN matching
searchAttribute = credentials.loginattempt to login with that DN and
credentials.passworditerate the
usersconfigs to determine roles for the user
References
https://datatracker.ietf.org/doc/html/rfc2255
Source code: gws.plugin.auth_provider.ldap
Package Contents¶
- class gws.plugin.auth_provider.ldap.Config¶
Bases:
gws.base.auth.provider.ConfigLDAP authorization provider
- activeDirectory: bool = True¶
True if the LDAP server is ActiveDirectory.
- bindDN: str | None¶
Bind DN.
- bindPassword: str | None¶
Bind password.
- displayNameFormat: gws.FormatStr | None¶
Format for user’s display name.
- timeout: gws.Duration = '30'¶
LDAP server timeout.
- url: str¶
LDAP server url.
- class gws.plugin.auth_provider.ldap.Object¶
Bases:
gws.base.auth.provider.Object- activeDirectory: bool¶
- baseDN: str¶
- bindDN: str¶
- bindPassword: str¶
- displayNameFormat: str¶
- loginAttribute: str¶
- serverUrl: str¶
- timeout: int¶
- authenticate(method, credentials)¶
- configure()¶
- get_user(local_uid)¶
- class gws.plugin.auth_provider.ldap.SSLConfig(*args, **kwargs)¶
Bases:
gws.ConfigLDAP SSL configuration. (added in 8.3)
- ca: gws.FilePath | None¶
CA certificate location.
- crt: gws.FilePath | None¶
Client certificate location.
- key: gws.FilePath | None¶
Key location.
