kinto-ldap

Validate Basic Auth provided user login and password with an LDAP server.

Dependencies

Before installing you will need the following system dependencies:

On Debian based systems:

sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev

On RPM based systems:

sudo yum install openldap-devel openssl-devel python-devel

Installation

Install the Python package:

pip install kinto-ldap

Include the package in the project configuration:

kinto.includes = kinto_ldap

And configure authentication policy using pyramid_multiauth formalism:

multiauth.policies = ldap

By default, it will rely on the cache configured in Kinto.

Configuration

multiauth.policy.ldap.use = kinto_ldap.authentication.LDAPBasicAuthAuthenticationPolicy

kinto.ldap.cache_ttl_seconds = 30
kinto.ldap.endpoint = ldap://ldap.prod.mozaws.net
# kinto.ldap.bind_dn = uid=read_user,ou=logins,dc=mozilla
# kinto.ldap.bind_password = user_password

If necessary, override default values for authentication policy:

# multiauth.policy.ldap.realm = Realm
# kinto.ldap.base_dn = dc=mozilla
# kinto.ldap.filters = (mail={mail})
# kinto.ldap.pool_size = 10
# kinto.ldap.pool_retry_max = 3
# kinto.ldap.pool_retry_delay = .1
# kinto.ldap.pool_timeout = 30