harlequix/radical3_auth_ldap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
a01e3ada3fcd89300339fc297f4a554fef1cab25
radical3_auth_ldap/README.md
in dow a01e3ada3f Add ldap_support_extended configuration 
* Add ldap_support_extended configuration

For samba, extended command is not supported.
To solve, add configuration to call whoami or not.

```
DEBUG:ldap3:EXTENDED:ldap message received via <ldaps://samba:636 - ssl - user: CN=test2,CN=Users,DC=samba,DC=dom - not lazy - bound - open - <local: 172.18.0.0:33916 - remote: 172.18.0.0:636> - tls not started - listening - SyncStrategy - internal decoder>:
<<{'controls': None,
<< 'messageID': 9,
<< 'payload': [(0, False, 10, 2),
<<             (0, False, 4, b''),
<<             (0,
<<              False,
<<              4,
<<              b'Extended Operation(1.3.6.1.4.1.4203.1.11.3) not supported'),
<<             (2, False, 10, b'1.3.6.1.4.1.4203.1.11.3')],
<< 'protocolOp': 24}
DEBUG:ldap3:PROTOCOL:EXTENDED response <[{'result': 2, 'description': 'protocolError', 'dn': '', 'message': 'Extended Operation(1.3.6.1.4.1.4203.1.11.3) not supported', 'referrals': None, 'responseName': '1.3.6.1.4.1.4203.1.11.3', 'responseValue': b'', 'type': 'extendedResp'}]> received via <ldaps://samba:636 - ssl - user: CN=test2,CN=Users,DC=samba,DC=dom - not lazy - bound - open - <local: 172.18.0.0:33916 - remote: 172.18.0.0:636> - tls not started - listening - SyncStrategy - internal decoder>
DEBUG:ldap3:BASIC:done EXTENDED operation, result <False>
```

* Update README.md
2019-05-23 21:35:06 +09:00

39 lines
1.1 KiB
Markdown
Raw Blame History

# What is this?
This is an authentication plugin for Radicale 2. It adds an LDAP authentication backend which can be used for authenticating users against an LDAP server.
# How to configure
You will need to set a few options inside your radicale config file. Example:
```
[auth]
type = radicale_auth_ldap
# LDAP server URL, with protocol and port
ldap_url = ldap://ldap:389
# LDAP base path
ldap_base = ou=Users,dc=TESTDOMAIN
# LDAP login attribute
ldap_attribute = uid
# LDAP filter string
# placed as X in a query of the form (&(...)X)
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
ldap_filter = (objectClass=person)
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
# Leave empty if searches are anonymous
ldap_binddn = cn=admin,dc=TESTDOMAIN
# LDAP password for initial login, used with ldap_binddn
ldap_password = verysecurepassword
# LDAP scope of the search
ldap_scope = LEVEL
# LDAP extended option
# If the server is samba, ldap_support_extended is should be no
ldap_support_extended = yes
```
Reference in New Issue View Git Blame Copy Permalink