[mediagoblin.git] / mediagoblin / plugins / ldap / README.rst

.. MediaGoblin Documentation

   Written in 2012 by MediaGoblin contributors

   To the extent possible under law, the author(s) have dedicated all
   copyright and related and neighboring rights to this software to
   the public domain worldwide. This software is distributed without
   any warranty.

   You should have received a copy of the CC0 Public Domain
   Dedication along with this software. If not, see
   <http://creativecommons.org/publicdomain/zero/1.0/>.

.. _ldap-plugin:

=============
 LDAP plugin
=============

.. Warning::
   This plugin is not compatible with the other authentication plugins.

This plugin allow your GNU MediaGoblin instance to authenticate against an
LDAP server.

Set up the LDAP plugin
======================

1. Install the ``python-ldap`` package.

2. Add the following to your MediaGoblin .ini file in the ``[plugins]`` section::

    [[mediagoblin.plugins.ldap]]

Configuring the LDAP plugin
===========================

This plugin allows you to use multiple LDAP servers for authentication.

In order to configure a server, add the following to you MediaGoblin .ini file
under the LDAP plugin:: 

    [[mediagoblin.plugins.ldap]]
    [[[server1]]]
    LDAP_SERVER_URI = 'ldap://ldap.testathon.net:389'
    LDAP_USER_DN_TEMPLATE = 'cn={username},ou=users,dc=testathon,dc=net'
    [[[server2]]]
    ...

Make any necessary changes to the above to work with your sever. Make sure
``{username}`` is where the username should be in LDAP_USER_DN_TEMPLATE.
   
If you would like to fetch the users email from the LDAP server upon account
registration, add ``LDAP_SEARCH_BASE = 'ou=users,dc=testathon,dc=net'`` and
``EMAIL_SEARCH_FIELD = 'mail'`` under you server configuration in your
MediaGoblin .ini file.

.. Warning::
   By default, this plugin provides no encryption when communicating with the
   LDAP servers. If you would like to use an SSL connection, change
   LDAP_SERVER_URI to use ``ldaps://`` and whichever port you use. Default LDAP
   port for SSL connections is 636. If you would like to use a TLS connection,
   add ``LDAP_START_TLS = 'true'`` under your server configuration in your
   MediaGoblin .ini file.
Commit	Line	Data
c6b6be17 CAW	1	.. MediaGoblin Documentation
	2
	3	Written in 2012 by MediaGoblin contributors
	4
	5	To the extent possible under law, the author(s) have dedicated all
	6	copyright and related and neighboring rights to this software to
	7	the public domain worldwide. This software is distributed without
	8	any warranty.
	9
	10	You should have received a copy of the CC0 Public Domain
	11	Dedication along with this software. If not, see
	12	<http://creativecommons.org/publicdomain/zero/1.0/>.
	13
	14	.. _ldap-plugin:
	15
994e70e8	16	=============
9650aa39	17	LDAP plugin
994e70e8 RE	18	=============
994e70e8 RE	19
f92018b6	20	.. Warning::
994e70e8 RE	21	This plugin is not compatible with the other authentication plugins.
994e70e8 RE	22
9650aa39	23	This plugin allow your GNU MediaGoblin instance to authenticate against an
994e70e8 RE	24	LDAP server.
994e70e8 RE	25
9650aa39	26	Set up the LDAP plugin
994e70e8 RE	27	======================
	28
	29	1. Install the ``python-ldap`` package.
	30
	31	2. Add the following to your MediaGoblin .ini file in the ``[plugins]`` section::
	32
	33	[[mediagoblin.plugins.ldap]]
	34
9650aa39	35	Configuring the LDAP plugin
994e70e8 RE	36	===========================
994e70e8 RE	37
9650aa39	38	This plugin allows you to use multiple LDAP servers for authentication.
994e70e8 RE	39
994e70e8 RE	40	In order to configure a server, add the following to you MediaGoblin .ini file
9650aa39	41	under the LDAP plugin::
994e70e8 RE	42
	43	[[mediagoblin.plugins.ldap]]
	44	[[[server1]]]
	45	LDAP_SERVER_URI = 'ldap://ldap.testathon.net:389'
	46	LDAP_USER_DN_TEMPLATE = 'cn={username},ou=users,dc=testathon,dc=net'
	47	[[[server2]]]
	48	...
	49
	50	Make any necessary changes to the above to work with your sever. Make sure
	51	``{username}`` is where the username should be in LDAP_USER_DN_TEMPLATE.
	52
9650aa39	53	If you would like to fetch the users email from the LDAP server upon account
994e70e8 RE	54	registration, add ``LDAP_SEARCH_BASE = 'ou=users,dc=testathon,dc=net'`` and
	55	``EMAIL_SEARCH_FIELD = 'mail'`` under you server configuration in your
	56	MediaGoblin .ini file.
	57
f92018b6	58	.. Warning::
994e70e8	59	By default, this plugin provides no encryption when communicating with the
9650aa39 BS	60	LDAP servers. If you would like to use an SSL connection, change
9650aa39 BS	61	LDAP_SERVER_URI to use ``ldaps://`` and whichever port you use. Default LDAP
994e70e8 RE	62	port for SSL connections is 636. If you would like to use a TLS connection,
	63	add ``LDAP_START_TLS = 'true'`` under your server configuration in your
	64	MediaGoblin .ini file.