author | David Douard <david.douard@logilab.fr> |
Tue, 24 Apr 2018 15:21:18 +0200 | |
changeset 12307 | d507cbe169ab |
parent 10491 | c67bcee93248 |
child 12534 | e0e7d8ca051f |
child 12904 | 2ad148f22c2f |
permissions | -rw-r--r-- |
4936
a4b772a0d801
Fixed some of the documentation warnings when building the book with sphinx.
Adrien Chauve <adrien.chauve@logilab.fr>
parents:
4753
diff
changeset
|
1 |
.. _LDAP: |
a4b772a0d801
Fixed some of the documentation warnings when building the book with sphinx.
Adrien Chauve <adrien.chauve@logilab.fr>
parents:
4753
diff
changeset
|
2 |
|
1714
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
3 |
LDAP integration |
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
4 |
================ |
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
5 |
|
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
6 |
Overview |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
7 |
-------- |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
8 |
|
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
9 |
Using LDAP as a source for user credentials and information is quite |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
10 |
easy. The most difficult part lies in building an LDAP schema or |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
11 |
using an existing one. |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
12 |
|
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
13 |
At cube creation time, one is asked if more sources are wanted. LDAP |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
14 |
is one possible option at this time. Of course, it is always possible |
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
15 |
to set it up later using the `CWSource` entity type, which we discuss |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
16 |
there. |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
17 |
|
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
18 |
It is possible to add as many LDAP sources as wanted, which translates |
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
19 |
in as many `CWSource` entities as needed. |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
20 |
|
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
21 |
The general principle of the LDAP source is, given a proper |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
22 |
configuration, to create local users matching the users available in |
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
23 |
the directory and deriving local user attributes from directory users |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
24 |
attributes. Then a periodic task ensures local user information |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
25 |
synchronization with the directory. |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
26 |
|
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
27 |
Users handled by such a source should not be edited directly from |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
28 |
within the application instance itself. Rather, updates should happen |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
29 |
at the LDAP server level. |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
30 |
|
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
31 |
Credential checks are _always_ done against the LDAP server. |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
32 |
|
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
33 |
.. Note:: |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
34 |
|
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
35 |
There are currently two ldap source types: the older `ldapuser` and |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
36 |
the newer `ldapfeed`. The older will be deprecated anytime soon, as |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
37 |
the newer has now gained all the features of the old and does not |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
38 |
suffer from some of its illnesses. |
8478
e099ebc65e61
[ldap feed] fix error since with read security activated, password value is not selecteable (closes #2406597). Also add a note in the book about packages required to connect to an ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7637
diff
changeset
|
39 |
|
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
40 |
The ldapfeed creates real `CWUser` entities, and then |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
41 |
activate/deactivate them depending on their presence/absence in the |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
42 |
corresponding LDAP source. Their attribute and state |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
43 |
(activated/deactivated) are hence managed by the source mechanism; |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
44 |
they should not be altered by other means (as such alterations may |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
45 |
be overridden in some subsequent source synchronisation). |
8478
e099ebc65e61
[ldap feed] fix error since with read security activated, password value is not selecteable (closes #2406597). Also add a note in the book about packages required to connect to an ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7637
diff
changeset
|
46 |
|
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
47 |
|
9502
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
48 |
Configuration of an LDAPfeed source |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
49 |
----------------------------------- |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
50 |
|
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
51 |
Additional sources are created at cube creation time or later through the |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
52 |
user interface. |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
53 |
|
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
54 |
Configure an `ldapfeed` source from the user interface under `Manage` then |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
55 |
`data sources`: |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
56 |
|
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
57 |
* At this point `type` has been set to `ldapfeed`. |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
58 |
|
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
59 |
* The `parser` attribute shall be set to `ldapfeed`. |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
60 |
|
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
61 |
* The `url` attribute shall be set to an URL such as ldap://ldapserver.domain/. |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
62 |
|
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
63 |
* The `configuration` attribute contains many options. They are described in |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
64 |
detail in the next paragraph. |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
65 |
|
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
66 |
|
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
67 |
Options of an LDAPfeed source |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
68 |
----------------------------- |
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
69 |
|
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
70 |
Let us enumerate the options by categories (LDAP server connection, |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
71 |
LDAP schema mapping information). |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
72 |
|
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
73 |
LDAP server connection options: |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
74 |
|
7637
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
75 |
* `auth-mode`, (choices are simple, cram_md5, digest_md5, gssapi, support |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
76 |
for the later being partial as of now) |
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
77 |
|
7637
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
78 |
* `auth-realm`, realm to use when using gssapi/kerberos authentication |
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
79 |
|
7637
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
80 |
* `data-cnx-dn`, user dn to use to open data connection to the ldap (eg |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
81 |
used to respond to rql queries) |
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
82 |
|
7637
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
83 |
* `data-cnx-password`, password to use to open data connection to the |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
84 |
ldap (eg used to respond to rql queries) |
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
85 |
|
4753
dd6ae6512916
[book/ldap] note on the role of two options
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
4740
diff
changeset
|
86 |
If the LDAP server accepts anonymous binds, then it is possible to |
dd6ae6512916
[book/ldap] note on the role of two options
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
4740
diff
changeset
|
87 |
leave data-cnx-dn and data-cnx-password empty. This is, however, quite |
9551
cbc46f94081d
[ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9502
diff
changeset
|
88 |
unlikely in practice. Beware that the LDAP server might hide attributes |
cbc46f94081d
[ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9502
diff
changeset
|
89 |
such as "userPassword" while the rest of the attributes remain visible |
cbc46f94081d
[ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9502
diff
changeset
|
90 |
through an anonymous binding. |
4753
dd6ae6512916
[book/ldap] note on the role of two options
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
4740
diff
changeset
|
91 |
|
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
92 |
LDAP schema mapping options: |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
93 |
|
7637
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
94 |
* `user-base-dn`, base DN to lookup for users |
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
95 |
|
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
96 |
* `user-scope`, user search scope (valid values: "BASE", "ONELEVEL", |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
97 |
"SUBTREE") |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
98 |
|
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
99 |
* `user-classes`, classes of user (with Active Directory, you want to |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
100 |
say "user" here) |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
101 |
|
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
102 |
* `user-filter`, additional filters to be set in the ldap query to |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
103 |
find valid users |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
104 |
|
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
105 |
* `user-login-attr`, attribute used as login on authentication (with |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
106 |
Active Directory, you want to use "sAMAccountName" here) |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
107 |
|
7637
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
108 |
* `user-default-group`, name of a group in which ldap users will be by |
4740
fee30ae3bc08
[book/ldap] add missing LDAP section
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
109 |
default. You can set multiple groups by separating them by a comma |
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
110 |
|
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
111 |
* `user-attrs-map`, map from ldap user attributes to cubicweb |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
112 |
attributes (with Active Directory, you want to use |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
113 |
sAMAccountName:login,mail:email,givenName:firstname,sn:surname) |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
114 |
|
7637
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
115 |
|
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
116 |
Other notes |
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
117 |
----------- |
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
118 |
|
8639
2fddbe32ae8b
[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8478
diff
changeset
|
119 |
* Cubicweb is able to start if ldap cannot be reached, even on |
2fddbe32ae8b
[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8478
diff
changeset
|
120 |
cubicweb-ctl start ... If some source ldap server cannot be used |
2fddbe32ae8b
[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8478
diff
changeset
|
121 |
while an instance is running, the corresponding users won't be |
2fddbe32ae8b
[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8478
diff
changeset
|
122 |
authenticated but their status will not change (e.g. they will not |
2fddbe32ae8b
[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8478
diff
changeset
|
123 |
be deactivated) |
7637
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
124 |
|
8678
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
125 |
* The user-base-dn is a key that helps cubicweb map CWUsers to LDAP |
1771d4b0fa0d
[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8639
diff
changeset
|
126 |
users: beware updating it |
7637
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
127 |
|
8639
2fddbe32ae8b
[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8478
diff
changeset
|
128 |
* When a user is removed from an LDAP source, it is deactivated in the |
2fddbe32ae8b
[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8478
diff
changeset
|
129 |
CubicWeb instance; when a deactivated user comes back in the LDAP |
2fddbe32ae8b
[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8478
diff
changeset
|
130 |
source, it (automatically) is activated again |
2fddbe32ae8b
[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8478
diff
changeset
|
131 |
|
7637
a8a3fcdb1f6e
[book, ldap] backport some doc from my mailbox
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4936
diff
changeset
|
132 |
* You can use the :class:`CWSourceHostConfig` to have variants for a source |
9502
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
133 |
configuration according to the host the instance is running on. To do so |
711d4c864d57
[book] basic documentation for LDAPfeed
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9483
diff
changeset
|
134 |
go on the source's view from the sources management view. |