Xpra: Ticket #1791: ldap authentication

See also #1691, #1789, #1728



Sat, 24 Mar 2018 15:50:53 GMT - Antoine Martin: status changed

Done:

Usage example:

xpra start --bind-tcp=0.0.0.0:10000 -d auth \
    "--tcp-auth=ldap,host=ldaphostname,port=389,username_format=cn=%username, o=%domain"

Details on the settings, which are all optional:

According to this very helpful blog post: Python LDAP authentication with Microsoft Active Directory, the username_format for AD is just "%username@%domain". That's assuming that the server's domain name is set correctly too, otherwise replace %domain with the desired value. See also: Configuring and securing PYTHON LDAP Applications


Sun, 25 Mar 2018 13:56:41 GMT - Antoine Martin: owner, status changed

Another ldap backend, this time using the ldap3 python library. This one may be easier to use against AD servers, the username takes the form: "DOMAIN\username".

It uses the same options as the "ldap" authentication module: "host", "port", "tls", "cacert", but not "encoding". And also some new options:

Usage example:

xpra start --bind-tcp=0.0.0.0:10000 -d auth \
    --tcp-auth=ldap3,host=localhost,port=389

@maxmylyn: please test both backends against ldap and AD servers.


Fri, 01 Jun 2018 11:46:43 GMT - Antoine Martin: status changed; resolution set


Sat, 23 Jan 2021 05:33:53 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1791