[mediagoblin.git] / mediagoblin / plugins / ldap / README.rst

.. MediaGoblin Documentation

   Written in 2012 by MediaGoblin contributors

   To the extent possible under law, the author(s) have dedicated all
   copyright and related and neighboring rights to this software to
   the public domain worldwide. This software is distributed without
   any warranty.

   You should have received a copy of the CC0 Public Domain
   Dedication along with this software. If not, see
   <http://creativecommons.org/publicdomain/zero/1.0/>.

.. _ldap-plugin:

=============
 ldap plugin
=============

.. Warning::
   This plugin is not compatible with the other authentication plugins.

This plugin allow your GNU Mediagoblin instance to authenticate against an
LDAP server.

Set up the ldap plugin
======================

1. Install the ``python-ldap`` package.

2. Add the following to your MediaGoblin .ini file in the ``[plugins]`` section::

    [[mediagoblin.plugins.ldap]]

Configuring the ldap plugin
===========================

This plugin allows you to use multiple ldap servers for authentication.

In order to configure a server, add the following to you MediaGoblin .ini file
under the ldap plugin:: 

    [[mediagoblin.plugins.ldap]]
    [[[server1]]]
    LDAP_SERVER_URI = 'ldap://ldap.testathon.net:389'
    LDAP_USER_DN_TEMPLATE = 'cn={username},ou=users,dc=testathon,dc=net'
    [[[server2]]]
    ...

Make any necessary changes to the above to work with your sever. Make sure
``{username}`` is where the username should be in LDAP_USER_DN_TEMPLATE.
   
If you would like to fetch the users email from the ldap server upon account
registration, add ``LDAP_SEARCH_BASE = 'ou=users,dc=testathon,dc=net'`` and
``EMAIL_SEARCH_FIELD = 'mail'`` under you server configuration in your
MediaGoblin .ini file.

.. Warning::
   By default, this plugin provides no encryption when communicating with the
   ldap servers. If you would like to use an SSL connection, change
   LDAP_SERVER_URI to use ``ldaps://`` and whichever port you use. Default ldap
   port for SSL connections is 636. If you would like to use a TLS connection,
   add ``LDAP_START_TLS = 'true'`` under your server configuration in your
   MediaGoblin .ini file.
Commit	Line	Data
c6b6be17 CAW	1	.. MediaGoblin Documentation
	2
	3	Written in 2012 by MediaGoblin contributors
	4
	5	To the extent possible under law, the author(s) have dedicated all
	6	copyright and related and neighboring rights to this software to
	7	the public domain worldwide. This software is distributed without
	8	any warranty.
	9
	10	You should have received a copy of the CC0 Public Domain
	11	Dedication along with this software. If not, see
	12	<http://creativecommons.org/publicdomain/zero/1.0/>.
	13
	14	.. _ldap-plugin:
	15
994e70e8 RE	16	=============
	17	ldap plugin
	18	=============
	19
f92018b6	20	.. Warning::
994e70e8 RE	21	This plugin is not compatible with the other authentication plugins.
	22
	23	This plugin allow your GNU Mediagoblin instance to authenticate against an
	24	LDAP server.
	25
	26	Set up the ldap plugin
	27	======================
	28
	29	1. Install the ``python-ldap`` package.
	30
	31	2. Add the following to your MediaGoblin .ini file in the ``[plugins]`` section::
	32
	33	[[mediagoblin.plugins.ldap]]
	34
	35	Configuring the ldap plugin
	36	===========================
	37
	38	This plugin allows you to use multiple ldap servers for authentication.
	39
	40	In order to configure a server, add the following to you MediaGoblin .ini file
	41	under the ldap plugin::
	42
	43	[[mediagoblin.plugins.ldap]]
	44	[[[server1]]]
	45	LDAP_SERVER_URI = 'ldap://ldap.testathon.net:389'
	46	LDAP_USER_DN_TEMPLATE = 'cn={username},ou=users,dc=testathon,dc=net'
	47	[[[server2]]]
	48	...
	49
	50	Make any necessary changes to the above to work with your sever. Make sure
	51	``{username}`` is where the username should be in LDAP_USER_DN_TEMPLATE.
	52
	53	If you would like to fetch the users email from the ldap server upon account
	54	registration, add ``LDAP_SEARCH_BASE = 'ou=users,dc=testathon,dc=net'`` and
	55	``EMAIL_SEARCH_FIELD = 'mail'`` under you server configuration in your
	56	MediaGoblin .ini file.
	57
f92018b6	58	.. Warning::
994e70e8 RE	59	By default, this plugin provides no encryption when communicating with the
994e70e8 RE	60	ldap servers. If you would like to use an SSL connection, change
f92018b6	61	LDAP_SERVER_URI to use ``ldaps://`` and whichever port you use. Default ldap
994e70e8 RE	62	port for SSL connections is 636. If you would like to use a TLS connection,
	63	add ``LDAP_START_TLS = 'true'`` under your server configuration in your
	64	MediaGoblin .ini file.