txstate-taiga-contrib-ldap-auth

Release 0.1.2

TxState adaptation of the Taiga plugin for ldap authentication

Homepage Repository PyPI Python

Keywords
txstate, taiga
License
Other
Install
pip install txstate-taiga-contrib-ldap-auth==0.1.2

Documentation

Taiga contrib ldap auth

The Taiga plugin for ldap authentication.

Installation

Taiga Back

In your Taiga back python virtualenv install the pip package taiga-contrib-ldap-auth with:

  pip install taiga-contrib-ldap-auth

Modify your settings/local.py and include it on INSTALLED_APPS and add your LDAP configuration:

  INSTALLED_APPS += ["taiga_contrib_ldap_auth"]

  LDAP_SERVER = 'ldap://ldap.example.com'
  LDAP_PORT = 389

  # Full DN of the service account use to connect to LDAP server and search for login user's account entry
  # If LDAP_BIND_DN is not specified, or is blank, then an anonymous bind is attempated
  LDAP_BIND_DN = 'CN=SVC Account,OU=Service Accounts,OU=Servers,DC=example,DC=com'
  LDAP_BIND_PASSWORD = 'replace_me'   # eg.
  # Starting point within LDAP structure to search for login user
  LDAP_SEARCH_BASE = 'OU=DevTeam,DC=example,DC=net'
  # LDAP property used for searching, ie. login username needs to match value in sAMAccountName property in LDAP
  LDAP_SEARCH_PROPERTY = 'sAMAccountName'
  LDAP_SEARCH_SUFFIX = None # '@example.com'

  # Names of LDAP properties on user account to get email and full name
  LDAP_EMAIL_PROPERTY = 'mail'
  LDAP_FULL_NAME_PROPERTY = 'name'

The logic of the code is such that a dedicated domain service account user performs a search on LDAP for an account that has a LDAP_SEARCH_PROPERTY value that matches the username the user typed in on the Taiga login form.
If the search is successful, then the code uses this value and the typed-in password to attempt a bind to LDAP using these credentials. If the bind is successful, then we can say that the user is authorised to log in to Taiga.

Optionally LDAP_SEARCH_SUFFIX can be set to allow for the search to match only the beginning of a field containing e.g. an email address.

If the LDAP_BIND_DN configuration setting is not specified or is blank, then an anonymous bind is attempted to search for the login user's LDAP account entry.

RECOMMENDATION: Note that if you are using a service account for performing the LDAP search for the user that is logging on to Taiga, for security reasons, the service account user should be configured to only allow reading/searching the LDAP structure. No other LDAP (or wider network) permissions should be granted for this user because you need to specify the service account password in this file. A suitably strong password should be chosen, eg. VmLYBbvJaf2kAqcrt5HjHdG6

Taiga Front

Change in your dist/js/conf.json the loginFormType setting to "ldap":

...
    "loginFormType": "ldap",
...

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
2
Latest release
First release
Stars
0
Forks
0
Watchers
6
Contributors
0
Repository size
34.2 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.1.2
0.1.1

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-23 01:35:47 UTC

Login to resync this project