#1791 closed enhancement (worksforme)
ldap authentication
Reported by: | Antoine Martin | Owned by: | J. Max Mena |
---|---|---|---|
Priority: | major | Milestone: | 2.3 |
Component: | core | Version: | 2.2.x |
Keywords: | Cc: |
Change History (4)
comment:1 Changed 4 years ago by
Status: | new → assigned |
---|
comment:2 Changed 4 years ago by
Owner: | changed from Antoine Martin to J. Max Mena |
---|---|
Status: | assigned → new |
Another ldap backend, this time using the ldap3 python library. This one may be easier to use against AD servers, the username takes the form: "DOMAIN\username".
- r18843: add "ldap3" authentication module, man page update, etc
- r18844: macos moduleset changes
- r18845 + r18846: debug logging tweaks
- r19030: optional "recommends" rpm dependency
It uses the same options as the "ldap" authentication module: "host", "port", "tls", "cacert", but not "encoding". And also some new options:
- "authentication" defaults to "NTLM", the other options are: "SIMPLE" and "SASL" (should not be used)
- "ssl-version" defaults to "TLSv1" (see python ssl: socket creation for more details.
- "ssl-validate" defaults to "REQUIRED", other options: "OPTIONAL" and "NONE".
Usage example:
xpra start --bind-tcp=0.0.0.0:10000 -d auth \ --tcp-auth=ldap3,host=localhost,port=389
@maxmylyn: please test both backends against ldap and AD servers.
comment:3 Changed 4 years ago by
Resolution: | → worksforme |
---|---|
Status: | new → closed |
comment:4 Changed 17 months ago by
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1791
Note: See
TracTickets for help on using
tickets.
Done:
ldap
authentication module added in r18827 using python-ldapUsage example:
Details on the settings, which are all optional:
According to this very helpful blog post: Python LDAP authentication with Microsoft Active Directory, the
username_format
for AD is just "%username@%domain
". That's assuming that the server's domain name is set correctly too, otherwise replace%domain
with the desired value.See also: Configuring and securing PYTHON LDAP Applications