From 77ff3c2ff21a0330eae0bda81f386dd203b5f70b Mon Sep 17 00:00:00 2001 From: Morgan Kesler Date: Tue, 5 Nov 2019 11:59:36 +0100 Subject: [PATCH] Add direct bind option for LDAP authentication --- api/config/settings/common.py | 3 +++ docs/installation/ldap.rst | 1 + 2 files changed, 4 insertions(+) diff --git a/api/config/settings/common.py b/api/config/settings/common.py index 7b391b552..e5ac5a344 100644 --- a/api/config/settings/common.py +++ b/api/config/settings/common.py @@ -460,6 +460,9 @@ if AUTH_LDAP_ENABLED: "%(user)s" ) AUTH_LDAP_START_TLS = env.bool("LDAP_START_TLS", default=False) + AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = env( + "AUTH_LDAP_BIND_AS_AUTHENTICATING_USER", default=False + ) DEFAULT_USER_ATTR_MAP = [ "first_name:givenName", diff --git a/docs/installation/ldap.rst b/docs/installation/ldap.rst index a30bb5e6b..dc5582f7d 100644 --- a/docs/installation/ldap.rst +++ b/docs/installation/ldap.rst @@ -31,6 +31,7 @@ Basic features: * ``LDAP_START_TLS``: Set to ``True`` to enable LDAP StartTLS support. Default: ``False``. * ``LDAP_ROOT_DN``: The LDAP search root DN, e.g. ``dc=my,dc=domain,dc=com``; supports multiple entries in a space-delimited list, e.g. ``dc=users,dc=domain,dc=com dc=admins,dc=domain,dc=com``. * ``LDAP_USER_ATTR_MAP``: A mapping of Django user attributes to LDAP values, e.g. ``first_name:givenName, last_name:sn, username:cn, email:mail``. Default: ``first_name:givenName, last_name:sn, username:cn, email:mail``. +* ``AUTH_LDAP_BIND_AS_AUTHENTICATING_USER``: Controls whether direct binding is used. Default: ``False``. Group features: