tarkatronic/settings.py

## settings.py
AUTH_LDAP_START_TLS = True
AUTH_LDAP_SERVER_URI = env('AUTH_LDAP_SERVER_URI', cast=str, default=None)
AUTH_LDAP_GLOBAL_OPTIONS = {
    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER
}
AUTH_LDAP_BIND_DN = env('AUTH_LDAP_BIND_DN', cast=str, default=None)
AUTH_LDAP_BIND_PASSWORD = env('AUTH_LDAP_BIND_PASSWORD', cast=str, default=None)
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
    LDAPSearch(
        'OU=Company,DC=our,DC=domain,DC=com',
        ldap.SCOPE_SUBTREE,
        filterstr='(uid=%(user)s)'
    ),
)

AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}

AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    'OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com',
    ldap.SCOPE_SUBTREE,
    '(objectClass=group)'
)
AUTH_LDAP_MIRROR_GROUPS = True

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    'is_staff': [  # Allow login to the Django admin site
        'CN=Group-Name,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com',
    ],
    'is_superuser': [  # Implicitly grant ALL permissions to members of these groups
        'CN=Group-Name,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com'
    ],
}

AUTH_LDAP_REQUIRE_GROUP = (
    (
        LDAPGroupQuery('CN=Group1,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com') |
        LDAPGroupQuery('CN=Group2,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com') |
        LDAPGroupQuery('CN=Group3,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com') |
        LDAPGroupQuery('CN=Group4,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com') |
        LDAPGroupQuery('CN=Group5,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com')
    )
)
	AUTH_LDAP_START_TLS = True
	AUTH_LDAP_SERVER_URI = env('AUTH_LDAP_SERVER_URI', cast=str, default=None)
	AUTH_LDAP_GLOBAL_OPTIONS = {
	ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER
	}
	AUTH_LDAP_BIND_DN = env('AUTH_LDAP_BIND_DN', cast=str, default=None)
	AUTH_LDAP_BIND_PASSWORD = env('AUTH_LDAP_BIND_PASSWORD', cast=str, default=None)
	AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
	LDAPSearch(
	'OU=Company,DC=our,DC=domain,DC=com',
	ldap.SCOPE_SUBTREE,
	filterstr='(uid=%(user)s)'
	),
	)

	AUTH_LDAP_USER_ATTR_MAP = {
	"first_name": "givenName",
	"last_name": "sn",
	"email": "mail",
	}

	AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
	AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
	'OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com',
	ldap.SCOPE_SUBTREE,
	'(objectClass=group)'
	)
	AUTH_LDAP_MIRROR_GROUPS = True

	AUTH_LDAP_USER_FLAGS_BY_GROUP = {
	'is_staff': [ # Allow login to the Django admin site
	'CN=Group-Name,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com',
	],
	'is_superuser': [ # Implicitly grant ALL permissions to members of these groups
	'CN=Group-Name,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com'
	],
	}

	AUTH_LDAP_REQUIRE_GROUP = (
	(
	LDAPGroupQuery('CN=Group1,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com') \|
	LDAPGroupQuery('CN=Group2,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com') \|
	LDAPGroupQuery('CN=Group3,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com') \|
	LDAPGroupQuery('CN=Group4,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com') \|
	LDAPGroupQuery('CN=Group5,OU=Security Groups,OU=Users and Groups,OU=Company,DC=our,DC=domain,DC=com')
	)
	)