mirror
/
funkwhale
kopia lustrzana https://dev.funkwhale.audio/funkwhale/funkwhale
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność
funkwhale/docs/administrator/configuration/ldap.md

3.2 KiB
Czysty Wina Historia

Configure LDAP

{abbr}LDAP (Lightweight Directory Access Protocol) is a protocol for providing directory services. It acts as a central authority for user login information. Funkwhale supports LDAP through the Django LDAP authentication module.

LDAP users can't change their password in the app.

Dependencies

LDAP support requires extra dependencies. We include these in our requirements files to make it easier to set up. If you aren't using LDAP, you can safely remove these.

:::{dropdown} OS dependencies

  • libldap2-dev
  • libsasl2-dev

:::

:::{dropdown} Python dependencies

  • python-ldap
  • python-django-auth-ldap

:::

Environment variables

You can configure LDAP authentication using environment variables in your .env file.

Basic features

---
value: True
type: Boolean
noindex: True
---

Set this to `True` to enable LDAP support

---
type: URI
value: ldap://my.host:389
---

The LDAP {abbr}`URI (Uniform Resource Identifier)` of your authentication server.

---
type: String
value: cn=admin,dc=domain,dc=com
---

LDAP user {abbr}`DN (Distinguished Name)` to bind on so you can perform searches.

---
type: String
value: bindpassword
---

LDAP user password for bind {abbr}`DN (Distinguished Name)`.

---
type: String
value: (|(cn={0})(mail={0}))
---

The LDAP user filter, using `{0}` as the username placeholder. Uses standard [LDAP search syntax](https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx).

---
type: Boolean
value: False
---

Set to `True` to enable LDAP StartTLS support.

---
type: String
value: dc=domain,dc=com
---

The LDAP search root {abbr}`DN (Distinguished Name)`. Supports several entries in a comma-delimited list.

---
type: String
value: first_name:givenName, last_name:sn, username:cn, email:mail
---

A mapping of Django user attributes to LDAP values.

---
type: Boolean
value: False
---

Controls whether to use direct binding.

Group features

LDAP provides extra features for working with groups. Group configuration is an advanced feature. Most users don't need to configure these settings.

[Django's LDAP documentation](https://django-auth-ldap.readthedocs.io/en/latest/groups.html) for groups.

---
type: String
value: ou=groups,dc=domain,dc=com
---

The LDAP group search root {abbr}`DN (Distinguished Name)`. This needs to be set to `True` to enable group features.

---
type: String
value: objectClass=groupOfNames
---

The LDAP group filter.

---
type: String
value: cn=enabled,ou=groups,dc=domain,dc=com
---

The group that users need to be a member of to authenticate.

---
type: String
value: cn=disabled,ou=groups,dc=domain,dc=com
---

A group whose members can't authenticate.