This will require that Windows Server Domain Services Active Directory be setup. In this tutorial LDAP will be accessing the server unsecurely but if an SSL cert is created it can be done securely as well. It is also a good idea to create a custom group to query so that Administrator accounts aren't pulled into the Django Authenication system. Most of the heavely lifting done using the etianen/django-python3-ldap app.
-
Install using pip install django-python3-ldap.
-
Add 'django_python3_ldap' to your INSTALLED_APPS setting.
-
Set your AUTHENTICATION_BACKENDS setting to ("django_python3_ldap.auth.LDAPBackend", "django.contrib.auth.backends.ModelBackend",)
-
Configure the settings for your LDAP server (as described on site).
-
Optionally, run python manage.py ldap_sync_users to perform an initial sync of LDAP users.
AUTHENTICATION_BACKENDS = ("django_python3_ldap.auth.LDAPBackend", "django.contrib.auth.backends.ModelBackend",) LDAP_AUTH_URL = "ldap://10.6.0.84:389" LDAP_AUTH_USE_TLS = False LDAP_AUTH_SEARCH_BASE = "CN=users, DC=js, DC=dsad, DC=com" LDAP_AUTH_OBJECT_CLASS = "user" LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",) LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory" LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters" LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = "JS" # Domain before the backslash when logging into AD server LDAP_AUTH_CONNECTION_USERNAME = 'UserToQueryAD' LDAP_AUTH_CONNECTION_PASSWORD = 'UserPassword' LDAP_AUTH_USER_FIELDS = { "username": "sAMAccountName", "first_name": "givenName", "last_name": "sn", "email": "mail", }
Only a few lines change in the config (as shown below)
LDAP_AUTH_URL = "ldaps://10.6.0.84:636"
LDAP_AUTH_USE_TLS = True